admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:39:01 +00:00
parent 9c3fe36c40
commit 50609659d9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 3857 additions and 3857 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0246.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020210 Unixware Message catalog exploit code",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/255414"
},
{
"name" : "CSSA-2002-SCO.3",
"refsource" : "CALDERA",
"url" : "ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt"
},
{
"name" : "4060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4060"
},
{
"name" : "unixware-msg-catalog-format-string(8113)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8113.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020210 Unixware Message catalog exploit code",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/255414"
},
{
"name": "unixware-msg-catalog-format-string(8113)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8113.php"
},
{
"name": "CSSA-2002-SCO.3",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt"
},
{
"name": "4060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4060"
}
]
}
}

150
2002/0xxx/CVE-2002-0448.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many \"C:/\" sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020308 Xerver-2.10-File-Disclousure&DoS-attack",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html"
},
{
"name" : "20020312 Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html"
},
{
"name" : "xerver-multiple-request-dos(8419)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8419.php"
},
{
"name" : "4254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerver Free Web Server 2.10 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request that contains many \"C:/\" sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xerver-multiple-request-dos(8419)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8419.php"
},
{
"name": "20020312 Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0155.html"
},
{
"name": "4254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4254"
},
{
"name": "20020308 Xerver-2.10-File-Disclousure&DoS-attack",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0091.html"
}
]
}
}

180
2002/0xxx/CVE-2002-0602.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102035583114759&w=2"
},
{
"name" : "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html"
},
{
"name" : "http://www.snapgear.com/releases.html",
"refsource" : "CONFIRM",
"url" : "http://www.snapgear.com/releases.html"
},
{
"name" : "snapgear-vpn-pptp-dos(8986)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8986"
},
{
"name" : "4658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4658"
},
{
"name" : "4657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4657"
},
{
"name" : "snapgear-vpn-http-dos(8985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cause a denial of service (crash) via a large number of connections to (1) the HTTP web management port, or (2) the PPTP port."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snapgear.com/releases.html",
"refsource": "CONFIRM",
"url": "http://www.snapgear.com/releases.html"
},
{
"name": "4657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4657"
},
{
"name": "20020502 [VulnWatch] KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html"
},
{
"name": "snapgear-vpn-pptp-dos(8986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8986"
},
{
"name": "snapgear-vpn-http-dos(8985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8985"
},
{
"name": "20020502 KPMG-2002017: Snapgear Lite+ Firewall Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102035583114759&w=2"
},
{
"name": "4658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4658"
}
]
}
}

140
2002/1xxx/CVE-2002-1526.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html"
},
{
"name" : "5824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5824"
},
{
"name" : "emu-webmail-address-xss(10205)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10205.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emu-webmail-address-xss(10205)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10205.php"
},
{
"name": "20020926 [VulnWatch] EMU Webmail 5.0 XSS vuln, and webroot path disclosure",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0131.html"
},
{
"name": "5824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5824"
}
]
}
}

150
2002/1xxx/CVE-2002-1894.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021118 XSS bug in phpBB",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/300362"
},
{
"name" : "http://www.phpbb.com/phpBB/viewtopic.php?t=56283",
"refsource" : "CONFIRM",
"url" : "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"name" : "6195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6195"
},
{
"name" : "phpbb-viewtopic-script-xss(10653)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10653.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6195"
},
{
"name": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283",
"refsource": "CONFIRM",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=56283"
},
{
"name": "phpbb-viewtopic-script-xss(10653)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10653.php"
},
{
"name": "20021118 XSS bug in phpBB",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/300362"
}
]
}
}

150
2002/1xxx/CVE-2002-1994.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020621 AdvServer DoS",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/278181"
},
{
"name" : "http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt",
"refsource" : "MISC",
"url" : "http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt"
},
{
"name" : "5080",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5080"
},
{
"name" : "advserver-http-crlf-dos(9410)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9410.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 allows remote attackers to cause a denial of service via multiple HTTP requests containing a single carriage return/line feed (CRLF) sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "advserver-http-crlf-dos(9410)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9410.php"
},
{
"name": "http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt",
"refsource": "MISC",
"url": "http://elaboration.8bit.co.uk/projects/texts/advisories/AdvServer.DoS.txt"
},
{
"name": "5080",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5080"
},
{
"name": "20020621 AdvServer DoS",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/278181"
}
]
}
}

140
2002/2xxx/CVE-2002-2327.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43908",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-43908-1"
},
{
"name" : "5288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5288"
},
{
"name" : "sun-fire-subsystem-dos(9675)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9675.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43908",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-43908-1"
},
{
"name": "5288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5288"
},
{
"name": "sun-fire-subsystem-dos(9675)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9675.php"
}
]
}
}

160
2005/1xxx/CVE-2005-1393.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=111489411524630&w=2"
},
{
"name" : "http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt",
"refsource" : "MISC",
"url" : "http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt"
},
{
"name" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015",
"refsource" : "CONFIRM",
"url" : "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015"
},
{
"name" : "1013852",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013852"
},
{
"name" : "15196",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15196"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=111489411524630&w=2"
},
{
"name": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015",
"refsource": "CONFIRM",
"url": "http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015"
},
{
"name": "15196",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15196"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt"
},
{
"name": "1013852",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013852"
}
]
}
}

170
2005/1xxx/CVE-2005-1411.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/14/14688-icuii.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/14/14688-icuii.txt"
},
{
"name" : "13441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13441"
},
{
"name" : "14688",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14688"
},
{
"name" : "1013828",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013828"
},
{
"name" : "15171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15171"
},
{
"name" : "icuii-password-disclosure(20321)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20321"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://osvdb.org/ref/14/14688-icuii.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/14/14688-icuii.txt"
},
{
"name": "13441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13441"
},
{
"name": "1013828",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013828"
},
{
"name": "icuii-password-disclosure(20321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20321"
},
{
"name": "15171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15171"
},
{
"name": "14688",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14688"
}
]
}
}

170
2009/1xxx/CVE-2009-1257.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8343",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8343"
},
{
"name" : "34574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34574"
},
{
"name" : "53262",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53262"
},
{
"name" : "34595",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34595"
},
{
"name" : "ADV-2009-0940",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0940"
},
{
"name" : "magiciso-ccd-bo(49673)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34595"
},
{
"name": "magiciso-ccd-bo(49673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49673"
},
{
"name": "53262",
"refsource": "OSVDB",
"url": "http://osvdb.org/53262"
},
{
"name": "ADV-2009-0940",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0940"
},
{
"name": "8343",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8343"
},
{
"name": "34574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34574"
}
]
}
}

140
2009/1xxx/CVE-2009-1280.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
},
{
"name" : "34551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34551"
},
{
"name" : "media-unspecified-csrf(49656)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "media-unspecified-csrf(49656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49656"
},
{
"name": "34551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34551"
},
{
"name": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/293-20090301-core-multiple-xsscsrf.html"
}
]
}
}

180
2009/1xxx/CVE-2009-1381.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"name" : "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff",
"refsource" : "MISC",
"url" : "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"name" : "DSA-1802",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1802"
},
{
"name" : "FEDORA-2009-5350",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
},
{
"name" : "FEDORA-2009-5471",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"name" : "MDVSA-2009:122",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"name" : "35140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35140"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a username string that is used by the ypmatch program. NOTE: this issue exists because of an incomplete fix for CVE-2009-1579."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35140"
},
{
"name": "FEDORA-2009-5350",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01202.html"
},
{
"name": "20090521 [SECURITY] [DSA 1802-2] New squirrelmail packages correct incomplete fix",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503718/100/0/threaded"
},
{
"name": "MDVSA-2009:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:122"
},
{
"name": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff",
"refsource": "MISC",
"url": "http://release.debian.org/proposed-updates/stable_diffs/squirrelmail_1.4.15-4+lenny2.debdiff"
},
{
"name": "FEDORA-2009-5471",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01195.html"
},
{
"name": "DSA-1802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1802"
}
]
}
}

160
2009/1xxx/CVE-2009-1433.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://open.silverstripe.com/ticket/3721",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.com/ticket/3721"
},
{
"name" : "http://open.silverstripe.com/wiki/ChangeLog/2.3.1",
"refsource" : "CONFIRM",
"url" : "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"name" : "34485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34485"
},
{
"name" : "53589",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53589"
},
{
"name" : "34633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.com/wiki/ChangeLog/2.3.1"
},
{
"name": "http://open.silverstripe.com/ticket/3721",
"refsource": "CONFIRM",
"url": "http://open.silverstripe.com/ticket/3721"
},
{
"name": "34485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34485"
},
{
"name": "34633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34633"
},
{
"name": "53589",
"refsource": "OSVDB",
"url": "http://osvdb.org/53589"
}
]
}
}

140
2009/1xxx/CVE-2009-1770.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8714",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8714"
},
{
"name" : "35011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35011"
},
{
"name" : "ADV-2009-1367",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/database/examples/addressbook.php in Flyspeck CMS 6.8 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8714",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8714"
},
{
"name": "35011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35011"
},
{
"name": "ADV-2009-1367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1367"
}
]
}
}

190
2009/1xxx/CVE-2009-1893.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510024",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name" : "RHSA-2009:1154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name" : "35670",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35670"
},
{
"name" : "oval:org.mitre.oval:def:11597",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name" : "oval:org.mitre.oval:def:6440",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name" : "1022554",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022554"
},
{
"name" : "35831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35831"
},
{
"name" : "dhcp-dhcpdt-symlink(51718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configtest function in the Red Hat dhcpd init script for DHCP 3.0.1 in Red Hat Enterprise Linux (RHEL) 3 allows local users to overwrite arbitrary files via a symlink attack on an unspecified temporary file, related to the \"dhcpd -t\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022554",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022554"
},
{
"name": "oval:org.mitre.oval:def:11597",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11597"
},
{
"name": "oval:org.mitre.oval:def:6440",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6440"
},
{
"name": "dhcp-dhcpdt-symlink(51718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51718"
},
{
"name": "35670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35670"
},
{
"name": "35831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35831"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=510024",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510024"
},
{
"name": "RHSA-2009:1154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
}
]
}
}

130
2009/5xxx/CVE-2009-5057.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.otrs.org/show_bug.cgi?id=3462",
"refsource" : "CONFIRM",
"url" : "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"name" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource" : "CONFIRM",
"url" : "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.otrs.org/show_bug.cgi?id=3462",
"refsource": "CONFIRM",
"url": "http://bugs.otrs.org/show_bug.cgi?id=3462"
},
{
"name": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807",
"refsource": "CONFIRM",
"url": "http://source.otrs.org/viewvc.cgi/otrs/CHANGES?revision=1.1807"
}
]
}
}

160
2012/0xxx/CVE-2012-0440.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.bugzilla.org/security/3.4.13/",
"refsource" : "CONFIRM",
"url" : "http://www.bugzilla.org/security/3.4.13/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718319",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718319"
},
{
"name" : "1026623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026623"
},
{
"name" : "47814",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47814"
},
{
"name" : "bugzilla-jsonrpc-csrf(72882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in Bugzilla 3.5.x and 3.6.x before 3.6.8, 3.7.x and 4.0.x before 4.0.4, and 4.1.x and 4.2.x before 4.2rc2 allows remote attackers to hijack the authentication of arbitrary users for requests that use the JSON-RPC API."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.bugzilla.org/security/3.4.13/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.4.13/"
},
{
"name": "47814",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47814"
},
{
"name": "1026623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026623"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718319",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718319"
},
{
"name": "bugzilla-jsonrpc-csrf(72882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72882"
}
]
}
}

190
2012/0xxx/CVE-2012-0993.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120208 Multiple vulnerabilities in ZENphoto",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"name" : "https://www.htbridge.ch/advisory/HTB23070",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name" : "http://www.zenphoto.org/news/zenphoto-1.4.2.1",
"refsource" : "CONFIRM",
"url" : "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
},
{
"name" : "http://www.zenphoto.org/trac/changeset/8994",
"refsource" : "CONFIRM",
"url" : "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name" : "http://www.zenphoto.org/trac/changeset/8995",
"refsource" : "CONFIRM",
"url" : "http://www.zenphoto.org/trac/changeset/8995"
},
{
"name" : "51916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51916"
},
{
"name" : "47875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47875"
},
{
"name" : "zenphoto-viewersizeimage-code-execution(73081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zenphoto.org/trac/changeset/8995",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8995"
},
{
"name": "http://www.zenphoto.org/trac/changeset/8994",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/trac/changeset/8994"
},
{
"name": "51916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51916"
},
{
"name": "47875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47875"
},
{
"name": "https://www.htbridge.ch/advisory/HTB23070",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23070"
},
{
"name": "zenphoto-viewersizeimage-code-execution(73081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73081"
},
{
"name": "20120208 Multiple vulnerabilities in ZENphoto",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0037.html"
},
{
"name": "http://www.zenphoto.org/news/zenphoto-1.4.2.1",
"refsource": "CONFIRM",
"url": "http://www.zenphoto.org/news/zenphoto-1.4.2.1"
}
]
}
}

180
2012/2xxx/CVE-2012-2375.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120518 Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/18/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=822869",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=822869"
},
{
"name" : "https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68"
},
{
"name" : "HPSBGN02970",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name" : "RHSA-2012:1580",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1580.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 implementation in the Linux kernel before 3.3.2 uses an incorrect length variable during a copy operation, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words in an FATTR4_ACL reply. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-4131."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2"
},
{
"name": "RHSA-2012:1580",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1580.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=822869",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=822869"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=20e0fa98b751facf9a1101edaefbc19c82616a68"
},
{
"name": "[oss-security] 20120518 Re: CVE Request -- kernel: incomplete fix for CVE-2011-4131",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/13"
},
{
"name": "https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/20e0fa98b751facf9a1101edaefbc19c82616a68"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
}
]
}
}

34
2012/3xxx/CVE-2012-3070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3070",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/3xxx/CVE-2012-3491.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=848214",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"name" : "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40",
"refsource" : "CONFIRM",
"url" : "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40"
},
{
"name" : "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
},
{
"name" : "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name" : "RHSA-2012:1278",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name" : "RHSA-2012:1281",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name" : "55632",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55632"
},
{
"name" : "50666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8.x before 7.8.4 does not properly check the permissions of jobs, which allows remote authenticated users to remove arbitrary idle jobs via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=848214",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=848214"
},
{
"name": "55632",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55632"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.8/9_3Stable_Release.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40",
"refsource": "CONFIRM",
"url": "http://condor-git.cs.wisc.edu/?p=condor.git;a=commitdiff;h=1fff5d40"
},
{
"name": "50666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50666"
},
{
"name": "[oss-security] 20120920 Notification of upstream Condor security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/9"
},
{
"name": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/condor/manual/v7.6/8_3Stable_Release.html"
}
]
}
}

160
2012/3xxx/CVE-2012-3506.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121022 [ANNOUNCE] Apache OFBiz 10.04.03 released",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Oct/156"
},
{
"name" : "http://ofbiz.apache.org/download.html#vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://ofbiz.apache.org/download.html#vulnerabilities"
},
{
"name" : "56171",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56171"
},
{
"name" : "86556",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86556"
},
{
"name" : "apache-ofbiz-unspecified(79540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ofbiz.apache.org/download.html#vulnerabilities",
"refsource": "CONFIRM",
"url": "http://ofbiz.apache.org/download.html#vulnerabilities"
},
{
"name": "20121022 [ANNOUNCE] Apache OFBiz 10.04.03 released",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Oct/156"
},
{
"name": "56171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56171"
},
{
"name": "apache-ofbiz-unspecified(79540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79540"
},
{
"name": "86556",
"refsource": "OSVDB",
"url": "http://osvdb.org/86556"
}
]
}
}

34
2012/3xxx/CVE-2012-3771.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3771",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3771",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/4xxx/CVE-2012-4555.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=869570",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=869570"
},
{
"name" : "RHSA-2012:1550",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1550.html"
},
{
"name" : "56843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56843"
},
{
"name" : "1027846",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027846"
},
{
"name" : "51482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a denial of service (NULL pointer dereference and Apache httpd web server child process crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027846"
},
{
"name": "RHSA-2012:1550",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1550.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=869570",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=869570"
},
{
"name": "51482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51482"
},
{
"name": "56843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56843"
}
]
}
}

34
2012/4xxx/CVE-2012-4641.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4641",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4641",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2012/6xxx/CVE-2012-6088.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130103 Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/01/03/9"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=796375",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=796375"
},
{
"name" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43",
"refsource" : "CONFIRM",
"url" : "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43"
},
{
"name" : "http://rpm.org/wiki/Releases/4.10.2",
"refsource" : "CONFIRM",
"url" : "http://rpm.org/wiki/Releases/4.10.2"
},
{
"name" : "USN-1694-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1694-1"
},
{
"name" : "57138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57138"
},
{
"name" : "51706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51706"
},
{
"name" : "rpm-security-bypass(80953)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an \"unparseable signature,\" which allows remote attackers to bypass RPM signature checks via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=796375",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=796375"
},
{
"name": "57138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57138"
},
{
"name": "51706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51706"
},
{
"name": "[oss-security] 20130103 Re: CVE Request -- rpm (X >= 4.10 and X < 3d74c43 commit): Signature checking function returned success on (possibly malicious ) rpm packages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/03/9"
},
{
"name": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43",
"refsource": "CONFIRM",
"url": "http://rpm.org/gitweb?p=rpm.git;a=commitdiff;h=3d74c43"
},
{
"name": "USN-1694-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1694-1"
},
{
"name": "rpm-security-bypass(80953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80953"
},
{
"name": "http://rpm.org/wiki/Releases/4.10.2",
"refsource": "CONFIRM",
"url": "http://rpm.org/wiki/Releases/4.10.2"
}
]
}
}

34
2012/6xxx/CVE-2012-6184.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6184",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6184",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/6xxx/CVE-2012-6647.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140514 Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2014/05/14/9"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097746",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1097746"
},
{
"name" : "https://github.com/torvalds/linux/commit/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The futex_wait_requeue_pi function in kernel/futex.c in the Linux kernel before 3.5.1 does not ensure that calls have two different futex addresses, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted FUTEX_WAIT_REQUEUE_PI command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f7b0a2a5c0fb03be7c25bd1745baa50582348ef"
},
{
"name": "https://github.com/torvalds/linux/commit/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1097746",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1097746"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.1"
},
{
"name": "[oss-security] 20140514 Re: CVE request Linux kernel: forbid uaddr == uaddr2 in futex_wait_requeue_pi() to avoid null dereference",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/05/14/9"
}
]
}
}

130
2012/6xxx/CVE-2012-6659.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource" : "CONFIRM",
"url" : "http://www.phorum.org/phorum5/read.php?64,151943"
},
{
"name" : "50445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50445"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,151943",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,151943"
}
]
}
}

34
2017/2xxx/CVE-2017-2013.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2013",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2013",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

140
2017/2xxx/CVE-2017-2120.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WBCE CMS",
"version" : {
"version_data" : [
{
"version_value" : "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name" : "WBCE Team"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WBCE CMS",
"version": {
"version_data": [
{
"version_value": "1.1.10 and earlier"
}
]
}
}
]
},
"vendor_name": "WBCE Team"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.wbce.org/viewtopic.php?id=977",
"refsource" : "MISC",
"url" : "https://forum.wbce.org/viewtopic.php?id=977"
},
{
"name" : "JVN#73083905",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name" : "96467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#73083905",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN73083905/index.html"
},
{
"name": "96467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96467"
},
{
"name": "https://forum.wbce.org/viewtopic.php?id=977",
"refsource": "MISC",
"url": "https://forum.wbce.org/viewtopic.php?id=977"
}
]
}
}

180
2017/2xxx/CVE-2017-2364.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41799",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41799/"
},
{
"name" : "https://support.apple.com/HT207482",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207482"
},
{
"name" : "https://support.apple.com/HT207484",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207484"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "95725",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95725"
},
{
"name" : "1038137",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038137"
},
{
"name" : "1037668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41799",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41799/"
},
{
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name": "95725",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95725"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207484",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207484"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
}
]
}
}

170
2017/2xxx/CVE-2017-2401.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207602",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207602"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97137"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97137"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

142
2017/2xxx/CVE-2017-2920.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-05T00:00:00",
"ID" : "CVE-2017-2920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Computerinsel Photoline",
"version" : {
"version_data" : [
{
"version_value" : "20.02"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-10-05T00:00:00",
"ID": "CVE-2017-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Computerinsel Photoline",
"version": {
"version_data": [
{
"version_value": "20.02"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427"
},
{
"name" : "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d",
"refsource" : "CONFIRM",
"url" : "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d"
},
{
"name" : "101186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d",
"refsource": "CONFIRM",
"url": "https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0427"
},
{
"name": "101186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101186"
}
]
}
}

140
2017/6xxx/CVE-2017-6796.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XE",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE",
"version": {
"version_data": [
{
"version_value": "Cisco IOS XE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1"
},
{
"name" : "100647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100647"
},
{
"name" : "1039281",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the USB-modem code of Cisco IOS XE Software running on Cisco ASR 920 Series Aggregation Services Routers could allow an authenticated, local attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. The vulnerability is due to improper input validation of the platform usb modem command in the CLI of the affected software. An attacker could exploit this vulnerability by modifying the platform usb modem command in the CLI of an affected device. A successful exploit could allow the attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. Cisco Bug IDs: CSCve48949."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039281",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039281"
},
{
"name": "100647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100647"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170906-asr920-1"
}
]
}
}

120
2017/6xxx/CVE-2017-6841.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement function in graphicsstack.h in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h/"
}
]
}
}

34
2017/7xxx/CVE-2017-7291.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7291",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7291",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

204
2017/7xxx/CVE-2017-7658.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Jetty",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "9.2.25"
},
{
"version_affected" : ">=",
"version_value" : "9.3.0"
},
{
"version_affected" : "<",
"version_value" : "9.3.24"
},
{
"version_affected" : ">=",
"version_value" : "9.4.0"
},
{
"version_affected" : "<",
"version_value" : "9.4.11"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
}
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2017-7658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Jetty",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "9.2.25"
},
{
"version_affected": ">=",
"version_value": "9.3.0"
},
{
"version_affected": "<",
"version_value": "9.3.24"
},
{
"version_affected": ">=",
"version_value": "9.4.0"
},
{
"version_affected": "<",
"version_value": "9.4.11"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181014-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181014-0001/"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "DSA-4278",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4278"
},
{
"name" : "106566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106566"
},
{
"name" : "1041194",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4278",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4278"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535669"
},
{
"name": "1041194",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041194"
},
{
"name": "106566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106566"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181014-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181014-0001/"
}
]
}
}

210
2018/11xxx/CVE-2018-11219.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://antirez.com/news/119",
"refsource" : "MISC",
"url" : "http://antirez.com/news/119"
},
{
"name" : "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"refsource" : "MISC",
"url" : "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"
},
{
"name" : "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
"refsource" : "MISC",
"url" : "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"
},
{
"name" : "https://github.com/antirez/redis/issues/5017",
"refsource" : "MISC",
"url" : "https://github.com/antirez/redis/issues/5017"
},
{
"name" : "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name" : "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
},
{
"name" : "DSA-4230",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4230"
},
{
"name" : "RHSA-2019:0052",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0052"
},
{
"name" : "RHSA-2019:0094",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0094"
},
{
"name" : "104552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Integer Overflow issue was discovered in the struct library in the Lua subsystem in Redis before 3.2.12, 4.x before 4.0.10, and 5.x before 5.0 RC2, leading to a failure of bounds checking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104552"
},
{
"name": "https://github.com/antirez/redis/issues/5017",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/issues/5017"
},
{
"name": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3"
},
{
"name": "DSA-4230",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4230"
},
{
"name": "RHSA-2019:0052",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0052"
},
{
"name": "http://antirez.com/news/119",
"refsource": "MISC",
"url": "http://antirez.com/news/119"
},
{
"name": "RHSA-2019:0094",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0094"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/4.0/00-RELEASENOTES"
},
{
"name": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936",
"refsource": "MISC",
"url": "https://github.com/antirez/redis/commit/e89086e09a38cc6713bcd4b9c29abf92cf393936"
},
{
"name": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/antirez/redis/5.0/00-RELEASENOTES"
}
]
}
}

34
2018/11xxx/CVE-2018-11930.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11930",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11930",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14052.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/fouzhe/security/tree/master/libwav",
"refsource" : "MISC",
"url" : "https://github.com/fouzhe/security/tree/master/libwav"
},
{
"name" : "https://github.com/marc-q/libwav/issues/19",
"refsource" : "MISC",
"url" : "https://github.com/marc-q/libwav/issues/19"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fouzhe/security/tree/master/libwav",
"refsource": "MISC",
"url": "https://github.com/fouzhe/security/tree/master/libwav"
},
{
"name": "https://github.com/marc-q/libwav/issues/19",
"refsource": "MISC",
"url": "https://github.com/marc-q/libwav/issues/19"
}
]
}
}

160
2018/14xxx/CVE-2018-14370.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-43.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-43.html"
},
{
"name" : "104847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104847"
},
{
"name" : "1041608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-43.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-43.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14686"
},
{
"name": "1041608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041608"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b1446124eebc3ea5591d18e719c2a5cff3630638"
},
{
"name": "104847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104847"
}
]
}
}

130
2018/14xxx/CVE-2018-14381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pagekit/pagekit/issues/905",
"refsource" : "MISC",
"url" : "https://github.com/pagekit/pagekit/issues/905"
},
{
"name" : "https://github.com/pagekit/pagekit/releases/tag/1.0.14",
"refsource" : "MISC",
"url" : "https://github.com/pagekit/pagekit/releases/tag/1.0.14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pagekit/pagekit/issues/905",
"refsource": "MISC",
"url": "https://github.com/pagekit/pagekit/issues/905"
},
{
"name": "https://github.com/pagekit/pagekit/releases/tag/1.0.14",
"refsource": "MISC",
"url": "https://github.com/pagekit/pagekit/releases/tag/1.0.14"
}
]
}
}

120
2018/14xxx/CVE-2018-14500.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/joyplus/joyplus-cms/issues/431",
"refsource" : "MISC",
"url" : "https://github.com/joyplus/joyplus-cms/issues/431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.php keyword parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/joyplus/joyplus-cms/issues/431",
"refsource": "MISC",
"url": "https://github.com/joyplus/joyplus-cms/issues/431"
}
]
}
}

150
2018/14xxx/CVE-2018-14663.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-14663",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "dnsdist",
"version" : {
"version_data" : [
{
"version_value" : "1.3.3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dnsdist",
"version": {
"version_data": [
{
"version_value": "1.3.3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663"
},
{
"name" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html",
"refsource" : "CONFIRM",
"url" : "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS DNSDist before 1.3.3 allowing a remote attacker to craft a DNS query with trailing data such that the addition of a record by dnsdist, for example an OPT record when adding EDNS Client Subnet, might result in the trailing data being smuggled to the backend as a valid record while not seen by dnsdist. This is an issue when dnsdist is deployed as a DNS Firewall and used to filter some records that should not be received by the backend. This issue occurs only when either the 'useClientSubnet' or the experimental 'addXPF' parameters are used when declaring a new backend."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html",
"refsource": "CONFIRM",
"url": "https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2018-08.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14663"
}
]
}
}

122
2018/14xxx/CVE-2018-14796.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-20T00:00:00",
"ID" : "CVE-2018-14796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SmartCooler",
"version" : {
"version_data" : [
{
"version_value" : "all versions prior to firmware 180806"
}
]
}
}
]
},
"vendor_name" : "Tec4Data"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-14796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartCooler",
"version": {
"version_data": [
{
"version_value": "all versions prior to firmware 180806"
}
]
}
}
]
},
"vendor_name": "Tec4Data"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tec4Data SmartCooler, all versions prior to firmware 180806, the device responds to a remote unauthenticated reboot command that may be used to perform a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-263-01"
}
]
}
}

34
2018/15xxx/CVE-2018-15011.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15011",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15011",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/15xxx/CVE-2018-15150.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://insecurity.sh/reports/openemr.pdf",
"refsource" : "MISC",
"url" : "https://insecurity.sh/reports/openemr.pdf"
},
{
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource" : "MISC",
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name" : "https://github.com/openemr/openemr/pull/1757/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/openemr/openemr/pull/1757/files"
},
{
"name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource" : "CONFIRM",
"url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in interface/de_identification_forms/de_identification_screen2.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'temporary_files_dir' variable in interface/super/edit_globals.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://insecurity.sh/reports/openemr.pdf",
"refsource": "MISC",
"url": "https://insecurity.sh/reports/openemr.pdf"
},
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource": "CONFIRM",
"url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
},
{
"name": "https://github.com/openemr/openemr/pull/1757/files",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1757/files"
}
]
}
}

120
2018/15xxx/CVE-2018-15350.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"ID" : "CVE-2018-15350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kraftway",
"version" : {
"version_data" : [
{
"version_value" : "Kraftway-24F2XG Router firmware 3.5.30.1118"
}
]
}
}
]
},
"vendor_name" : "Kaspersky Lab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Router Default Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kraftway",
"version": {
"version_data": [
{
"version_value": "Kraftway-24F2XG Router firmware 3.5.30.1118"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Router Default Credentials in Kraftway 24F2XG Router firmware version 3.5.30.1118 allow remote attackers to get privileged access to the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Router Default Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-006-kraftway-24f2xg-router-default-credentials/"
}
]
}
}

34
2018/15xxx/CVE-2018-15724.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15724",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15724",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15907.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bkd00r.wordpress.com/2018/08/27/cve-2018-15907-exploit-title-techniclor-formerly-rca-tc8305c-wireless-gateway-802-11b-g-n-gigaport-x-4-port-router-w-2-voice-lines-xfinity-comcast-buffer-overflow/",
"refsource" : "MISC",
"url" : "https://bkd00r.wordpress.com/2018/08/27/cve-2018-15907-exploit-title-techniclor-formerly-rca-tc8305c-wireless-gateway-802-11b-g-n-gigaport-x-4-port-router-w-2-voice-lines-xfinity-comcast-buffer-overflow/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might overlap CVE-2018-15852 and CVE-2018-16310. NOTE: Technicolor denies that the described behavior is a vulnerability and states that Wi-Fi traffic is slowed or stopped only while the devices are exposed to a MAC flooding attack. This has been confirmed through testing against official up-to-date versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bkd00r.wordpress.com/2018/08/27/cve-2018-15907-exploit-title-techniclor-formerly-rca-tc8305c-wireless-gateway-802-11b-g-n-gigaport-x-4-port-router-w-2-voice-lines-xfinity-comcast-buffer-overflow/",
"refsource": "MISC",
"url": "https://bkd00r.wordpress.com/2018/08/27/cve-2018-15907-exploit-title-techniclor-formerly-rca-tc8305c-wireless-gateway-802-11b-g-n-gigaport-x-4-port-router-w-2-voice-lines-xfinity-comcast-buffer-overflow/"
}
]
}
}

140
2018/15xxx/CVE-2018-15958.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ColdFusion",
"version" : {
"version_data" : [
{
"version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Deserialization of untrusted data"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ColdFusion",
"version": {
"version_data": [
{
"version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html"
},
{
"name" : "105313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105313"
},
{
"name" : "1041621",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of untrusted data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html"
},
{
"name": "1041621",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041621"
},
{
"name": "105313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105313"
}
]
}
}

132
2018/20xxx/CVE-2018-20067.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-20067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "71.0.3578.80"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-20067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "71.0.3578.80"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/879965",
"refsource" : "MISC",
"url" : "https://crbug.com/879965"
},
{
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A renderer initiated back navigation was incorrectly allowed to cancel a browser initiated one in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to confuse the user about the origin of the current page via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://crbug.com/879965",
"refsource": "MISC",
"url": "https://crbug.com/879965"
}
]
}
}

34
2018/20xxx/CVE-2018-20130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20130",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20130",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20271.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20271",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20271",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/20xxx/CVE-2018-20684.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
"refsource" : "MISC",
"url" : "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54"
},
{
"name" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource" : "MISC",
"url" : "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
},
{
"name" : "https://winscp.net/eng/docs/history",
"refsource" : "MISC",
"url" : "https://winscp.net/eng/docs/history"
},
{
"name" : "https://winscp.net/tracker/1675",
"refsource" : "MISC",
"url" : "https://winscp.net/tracker/1675"
},
{
"name" : "106526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WinSCP before 5.14 beta, due to missing validation, the scp implementation would accept arbitrary files sent by the server, potentially overwriting unrelated files. This affects TSCPFileSystem::SCPSink in core/ScpFileSystem.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106526"
},
{
"name": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54",
"refsource": "MISC",
"url": "https://github.com/winscp/winscp/commit/49d876f2c5fc00bcedaa986a7cf6dedd6bf16f54"
},
{
"name": "https://winscp.net/eng/docs/history",
"refsource": "MISC",
"url": "https://winscp.net/eng/docs/history"
},
{
"name": "https://winscp.net/tracker/1675",
"refsource": "MISC",
"url": "https://winscp.net/tracker/1675"
},
{
"name": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt",
"refsource": "MISC",
"url": "https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt"
}
]
}
}

34
2018/20xxx/CVE-2018-20802.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20802",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20802",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

182
2018/9xxx/CVE-2018-9516.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-9516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"name" : "DSA-4308",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4308"
},
{
"name" : "USN-3871-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3871-1/"
},
{
"name" : "USN-3871-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3871-3/"
},
{
"name" : "USN-3871-4",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3871-4/"
},
{
"name" : "USN-3871-5",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3871-5/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "USN-3871-5",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-5/"
},
{
"name": "USN-3871-4",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-4/"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "USN-3871-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-1/"
},
{
"name": "USN-3871-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3871-3/"
}
]
}
}

120
2018/9xxx/CVE-2018-9578.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2018-9578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-9"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2018-9578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-9"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-11-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-113261928."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9665.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9665",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9665",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}