admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:21:37 +00:00
parent 7ad83ff2f7
commit 5318395602
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 4651 additions and 4651 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2002/0xxx/CVE-2002-0221.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0221", "ID": "CVE-2002-0221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV." "value": "Etype Eserv 2.97 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of PASV commands that consume ports 1024 through 5000, which prevents the server from accepting valid PASV."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020129 Vulnerabilities in EServ 2.97", "name": "3983",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://online.securityfocus.com/archive/1/252944" "url": "http://www.securityfocus.com/bid/3983"
}, },
{ {
"name" : "3983", "name": "eserv-pasv-dos(8020)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/3983" "url": "http://www.iss.net/security_center/static/8020.php"
}, },
{ {
"name" : "eserv-pasv-dos(8020)", "name": "20020129 Vulnerabilities in EServ 2.97",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "http://www.iss.net/security_center/static/8020.php" "url": "http://online.securityfocus.com/archive/1/252944"
} }
] ]
} }

92
2002/0xxx/CVE-2002-0650.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0650", "ID": "CVE-2002-0650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a \"ping\" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop." "value": "The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a \"ping\" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", "name": "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)",
"refsource" : "BUGTRAQ", "refsource": "NTBUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102760196931518&w=2" "url": "http://marc.info/?l=ntbugtraq&m=102760479902411&w=2"
}, },
{ {
"name" : "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)", "name": "MS02-039",
"refsource" : "NTBUGTRAQ", "refsource": "MS",
"url" : "http://marc.info/?l=ntbugtraq&m=102760479902411&w=2" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039"
}, },
{ {
"name" : "MS02-039", "name": "20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)",
"refsource" : "MS", "refsource": "BUGTRAQ",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039" "url": "http://marc.info/?l=bugtraq&m=102760196931518&w=2"
}, },
{ {
"name" : "mssql-resolution-keepalive-dos(9662)", "name": "5312",
"refsource" : "XF", "refsource": "BID",
"url" : "http://www.iss.net/security_center/static/9662.php" "url": "http://www.securityfocus.com/bid/5312"
}, },
{ {
"name" : "5312", "name": "mssql-resolution-keepalive-dos(9662)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/5312" "url": "http://www.iss.net/security_center/static/9662.php"
}, },
{ {
"name" : "878", "name": "878",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://www.osvdb.org/878" "url": "http://www.osvdb.org/878"
} }
] ]
} }

68
2002/0xxx/CVE-2002-0699.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0699", "ID": "CVE-2002-0699",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML." "value": "Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "MS02-048", "name": "MS02-048",
"refsource" : "MS", "refsource": "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-048"
}, },
{ {
"name" : "oval:org.mitre.oval:def:190", "name": "oval:org.mitre.oval:def:190",
"refsource" : "OVAL", "refsource": "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A190"
} }
] ]
} }

74
2002/2xxx/CVE-2002-2285.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2285", "ID": "CVE-2002-2285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "eTrust InoculateIT 6.0 with the \"Incremental Scan\" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection." "value": "eTrust InoculateIT 6.0 with the \"Incremental Scan\" option enabled may certify that a file is free of viruses before the file has been completely downloaded, which allows remote attackers to bypass virus detection."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20021129 CA InoculateIT 6.0 Realtime Scanner may fail to detect vira", "name": "1005740",
"refsource" : "NTBUGTRAQ", "refsource": "SECTRACK",
"url" : "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-12/0003.html" "url": "http://securitytracker.com/id?1005740"
}, },
{ {
"name" : "1005740", "name": "20021129 CA InoculateIT 6.0 Realtime Scanner may fail to detect vira",
"refsource" : "SECTRACK", "refsource": "NTBUGTRAQ",
"url" : "http://securitytracker.com/id?1005740" "url": "http://www.derkeiler.com/Mailing-Lists/NT-Bugtraq/2002-12/0003.html"
}, },
{ {
"name" : "etrust-inoculateit-protection-bypass(10770)", "name": "etrust-inoculateit-protection-bypass(10770)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10770" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10770"
} }
] ]
} }

22
2002/2xxx/CVE-2002-2438.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2438", "ID": "CVE-2002-2438",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

110
2005/0xxx/CVE-2005-0051.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0051", "ID": "CVE-2005-0051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the \"Named Pipe Vulnerability.\"" "value": "The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the \"Named Pipe Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "MS05-007", "name": "oval:org.mitre.oval:def:3055",
"refsource" : "MS", "refsource": "OVAL",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-007" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3055"
}, },
{ {
"name" : "TA05-039A", "name": "TA05-039A",
"refsource" : "CERT", "refsource": "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html" "url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
}, },
{ {
"name" : "VU#939074", "name": "oval:org.mitre.oval:def:2292",
"refsource" : "CERT-VN", "refsource": "OVAL",
"url" : "http://www.kb.cert.org/vuls/id/939074" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2292"
}, },
{ {
"name" : "12486", "name": "MS05-007",
"refsource" : "BID", "refsource": "MS",
"url" : "http://www.securityfocus.com/bid/12486" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-007"
}, },
{ {
"name" : "oval:org.mitre.oval:def:2292", "name": "1013112",
"refsource" : "OVAL", "refsource": "SECTRACK",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2292" "url": "http://securitytracker.com/id?1013112"
}, },
{ {
"name" : "oval:org.mitre.oval:def:3055", "name": "12486",
"refsource" : "OVAL", "refsource": "BID",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3055" "url": "http://www.securityfocus.com/bid/12486"
}, },
{ {
"name" : "1013112", "name": "win-named-pipe-information-disclosure(19093)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://securitytracker.com/id?1013112" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19093"
}, },
{ {
"name" : "14189", "name": "VU#939074",
"refsource" : "SECUNIA", "refsource": "CERT-VN",
"url" : "http://secunia.com/advisories/14189" "url": "http://www.kb.cert.org/vuls/id/939074"
}, },
{ {
"name" : "win-named-pipe-information-disclosure(19093)", "name": "14189",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19093" "url": "http://secunia.com/advisories/14189"
} }
] ]
} }

92
2005/0xxx/CVE-2005-0236.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-0236", "ID": "CVE-2005-0236",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks." "value": "The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050206 state of homograph attacks", "name": "http://www.shmoo.com/idn/homograph.txt",
"refsource" : "FULLDISC", "refsource": "MISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html" "url": "http://www.shmoo.com/idn/homograph.txt"
}, },
{ {
"name" : "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.", "name": "multiple-browsers-idn-spoof(19236)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://marc.info/?l=bugtraq&m=110782704923280&w=2" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236"
}, },
{ {
"name" : "http://www.shmoo.com/idn", "name": "20050206 state of homograph attacks",
"refsource" : "MISC", "refsource": "FULLDISC",
"url" : "http://www.shmoo.com/idn" "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html"
}, },
{ {
"name" : "http://www.shmoo.com/idn/homograph.txt", "name": "http://www.shmoo.com/idn",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.shmoo.com/idn/homograph.txt" "url": "http://www.shmoo.com/idn"
}, },
{ {
"name" : "12461", "name": "20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/12461" "url": "http://marc.info/?l=bugtraq&m=110782704923280&w=2"
}, },
{ {
"name" : "multiple-browsers-idn-spoof(19236)", "name": "12461",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19236" "url": "http://www.securityfocus.com/bid/12461"
} }
] ]
} }

74
2005/0xxx/CVE-2005-0576.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0576", "ID": "CVE-2005-0576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files." "value": "Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "12656", "name": "12656",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/12656" "url": "http://www.securityfocus.com/bid/12656"
}, },
{ {
"name" : "14381", "name": "57738",
"refsource" : "SECUNIA", "refsource": "SUNALERT",
"url" : "http://secunia.com/advisories/14381" "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1"
}, },
{ {
"name" : "57738", "name": "14381",
"refsource" : "SUNALERT", "refsource": "SECUNIA",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57738-1" "url": "http://secunia.com/advisories/14381"
} }
] ]
} }

74
2005/0xxx/CVE-2005-0655.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0655", "ID": "CVE-2005-0655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message." "value": "auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050302 Vulnerabilities in Aura CMS", "name": "20050302 Vulnerabilities in Aura CMS",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110979842315750&w=2" "url": "http://marc.info/?l=bugtraq&m=110979842315750&w=2"
}, },
{ {
"name" : "http://echo.or.id/adv/adv011-y3dips-2005.txt", "name": "http://echo.or.id/adv/adv011-y3dips-2005.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://echo.or.id/adv/adv011-y3dips-2005.txt" "url": "http://echo.or.id/adv/adv011-y3dips-2005.txt"
}, },
{ {
"name" : "1013357", "name": "1013357",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://securitytracker.com/id?1013357" "url": "http://securitytracker.com/id?1013357"
} }
] ]
} }

80
2005/1xxx/CVE-2005-1115.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1115", "ID": "CVE-2005-1115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php." "value": "Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules", "name": "13157",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://marc.info/?l=bugtraq&m=111343406309969&w=2" "url": "http://www.securityfocus.com/bid/13157"
}, },
{ {
"name" : "http://www.digitalparadox.org/advisories/phpbbp.txt", "name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.digitalparadox.org/advisories/phpbbp.txt" "url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
}, },
{ {
"name" : "13157", "name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/13157" "url": "http://marc.info/?l=bugtraq&m=111343406309969&w=2"
}, },
{ {
"name" : "13158", "name": "13158",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/13158" "url": "http://www.securityfocus.com/bid/13158"
} }
] ]
} }

104
2005/1xxx/CVE-2005-1134.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1134", "ID": "CVE-2005-1134",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters." "value": "SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20050413 serendipity SQL Injection vulnerability", "name": "http://www.s9y.org/5.html",
"refsource" : "BUGTRAQ", "refsource": "CONFIRM",
"url" : "http://seclists.org/lists/bugtraq/2005/Apr/0195.html" "url": "http://www.s9y.org/5.html"
}, },
{ {
"name" : "http://www.s9y.org/5.html", "name": "15542",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://www.s9y.org/5.html" "url": "http://www.osvdb.org/15542"
}, },
{ {
"name" : "http://www.s9y.org/63.html#A9", "name": "20050413 serendipity SQL Injection vulnerability",
"refsource" : "CONFIRM", "refsource": "BUGTRAQ",
"url" : "http://www.s9y.org/63.html#A9" "url": "http://seclists.org/lists/bugtraq/2005/Apr/0195.html"
}, },
{ {
"name" : "13161", "name": "15145",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/13161" "url": "http://secunia.com/advisories/15145"
}, },
{ {
"name" : "15542", "name": "http://www.s9y.org/63.html#A9",
"refsource" : "OSVDB", "refsource": "CONFIRM",
"url" : "http://www.osvdb.org/15542" "url": "http://www.s9y.org/63.html#A9"
}, },
{ {
"name" : "1013699", "name": "serendipity-urlid-entryid-sql-injection(20119)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://securitytracker.com/id?1013699" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119"
}, },
{ {
"name" : "15145", "name": "1013699",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/15145" "url": "http://securitytracker.com/id?1013699"
}, },
{ {
"name" : "serendipity-urlid-entryid-sql-injection(20119)", "name": "13161",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20119" "url": "http://www.securityfocus.com/bid/13161"
} }
] ]
} }

68
2005/1xxx/CVE-2005-1795.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1795", "ID": "CVE-2005-1795",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked." "value": "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.sentinelchicken.com/advisories/clamav", "name": "http://www.sentinelchicken.com/advisories/clamav",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.sentinelchicken.com/advisories/clamav" "url": "http://www.sentinelchicken.com/advisories/clamav"
}, },
{ {
"name" : "1014070", "name": "1014070",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://securitytracker.com/id?1014070" "url": "http://securitytracker.com/id?1014070"
} }
] ]
} }

98
2009/0xxx/CVE-2009-0549.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2009-0549", "ID": "CVE-2009-0549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\"" "value": "Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Record Pointer Corruption Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "MS09-021", "name": "ADV-2009-1540",
"refsource" : "MS", "refsource": "VUPEN",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021" "url": "http://www.vupen.com/english/advisories/2009/1540"
}, },
{ {
"name" : "TA09-160A", "name": "54952",
"refsource" : "CERT", "refsource": "OSVDB",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html" "url": "http://osvdb.org/54952"
}, },
{ {
"name" : "35215", "name": "1022351",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/35215" "url": "http://www.securitytracker.com/id?1022351"
}, },
{ {
"name" : "54952", "name": "MS09-021",
"refsource" : "OSVDB", "refsource": "MS",
"url" : "http://osvdb.org/54952" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
}, },
{ {
"name" : "oval:org.mitre.oval:def:5830", "name": "35215",
"refsource" : "OVAL", "refsource": "BID",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830" "url": "http://www.securityfocus.com/bid/35215"
}, },
{ {
"name" : "1022351", "name": "oval:org.mitre.oval:def:5830",
"refsource" : "SECTRACK", "refsource": "OVAL",
"url" : "http://www.securitytracker.com/id?1022351" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5830"
}, },
{ {
"name" : "ADV-2009-1540", "name": "TA09-160A",
"refsource" : "VUPEN", "refsource": "CERT",
"url" : "http://www.vupen.com/english/advisories/2009/1540" "url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
} }
] ]
} }

194
2009/0xxx/CVE-2009-0652.json
View File

@ -1,171 +1,171 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0652", "ID": "CVE-2009-0652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected." "value": "The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox 3.0.6 and other versions before 3.0.9; Thunderbird before 2.0.0.21; and SeaMonkey before 1.1.15 does not include box-drawing characters, which allows remote attackers to spoof URLs and conduct phishing attacks, as demonstrated by homoglyphs of the / (slash) and ? (question mark) characters in a subdomain of a .cn domain name, a different vulnerability than CVE-2005-0233. NOTE: some third parties claim that 3.0.6 is not affected, but much older versions perhaps are affected."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[dailydave] 20090219 SSL MITM fun.", "name": "MDVSA-2009:111",
"refsource" : "MLIST", "refsource": "MANDRIVA",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
}, },
{ {
"name" : "[dailydave] 20090220 SSL MITM fun.", "name": "oval:org.mitre.oval:def:11396",
"refsource" : "MLIST", "refsource": "OVAL",
"url" : "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396"
}, },
{ {
"name" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike", "name": "FEDORA-2009-3875",
"refsource" : "MISC", "refsource": "FEDORA",
"url" : "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike" "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
}, },
{ {
"name" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf", "name": "34894",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf" "url": "http://secunia.com/advisories/34894"
}, },
{ {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html", "name": "ADV-2009-1125",
"refsource" : "CONFIRM", "refsource": "VUPEN",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html" "url": "http://www.vupen.com/english/advisories/2009/1125"
}, },
{ {
"name" : "DSA-1797", "name": "DSA-1830",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1797" "url": "http://www.debian.org/security/2009/dsa-1830"
}, },
{ {
"name" : "DSA-1830", "name": "mozilla-firefox-homoglyph-spoofing(48974)",
"refsource" : "DEBIAN", "refsource": "XF",
"url" : "http://www.debian.org/security/2009/dsa-1830" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48974"
}, },
{ {
"name" : "FEDORA-2009-3875", "name": "[dailydave] 20090219 SSL MITM fun.",
"refsource" : "FEDORA", "refsource": "MLIST",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" "url": "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005556.html"
}, },
{ {
"name" : "MDVSA-2009:111", "name": "34096",
"refsource" : "MANDRIVA", "refsource": "SECUNIA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" "url": "http://secunia.com/advisories/34096"
}, },
{ {
"name" : "RHSA-2009:0436", "name": "34844",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" "url": "http://secunia.com/advisories/34844"
}, },
{ {
"name" : "RHSA-2009:0437", "name": "35065",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html" "url": "http://secunia.com/advisories/35065"
}, },
{ {
"name" : "SUSE-SR:2009:010", "name": "[dailydave] 20090220 SSL MITM fun.",
"refsource" : "SUSE", "refsource": "MLIST",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" "url": "http://lists.immunitysec.com/pipermail/dailydave/2009-February/005563.html"
}, },
{ {
"name" : "USN-764-1", "name": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "https://usn.ubuntu.com/764-1/" "url": "https://www.blackhat.com/presentations/bh-dc-09/Marlinspike/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf"
}, },
{ {
"name" : "33837", "name": "USN-764-1",
"refsource" : "BID", "refsource": "UBUNTU",
"url" : "http://www.securityfocus.com/bid/33837" "url": "https://usn.ubuntu.com/764-1/"
}, },
{ {
"name" : "oval:org.mitre.oval:def:11396", "name": "SUSE-SR:2009:010",
"refsource" : "OVAL", "refsource": "SUSE",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11396" "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
}, },
{ {
"name" : "34096", "name": "33837",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/34096" "url": "http://www.securityfocus.com/bid/33837"
}, },
{ {
"name" : "34894", "name": "35042",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/34894" "url": "http://secunia.com/advisories/35042"
}, },
{ {
"name" : "34843", "name": "34843",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/34843" "url": "http://secunia.com/advisories/34843"
}, },
{ {
"name" : "34844", "name": "DSA-1797",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/34844" "url": "http://www.debian.org/security/2009/dsa-1797"
}, },
{ {
"name" : "35065", "name": "RHSA-2009:0437",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/35065" "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
}, },
{ {
"name" : "35042", "name": "RHSA-2009:0436",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/35042" "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
}, },
{ {
"name" : "ADV-2009-1125", "name": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike",
"refsource" : "VUPEN", "refsource": "MISC",
"url" : "http://www.vupen.com/english/advisories/2009/1125" "url": "http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike"
}, },
{ {
"name" : "mozilla-firefox-homoglyph-spoofing(48974)", "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48974" "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-15.html"
} }
] ]
} }

74
2009/0xxx/CVE-2009-0659.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0659", "ID": "CVE-2009-0659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information." "value": "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 allows remote attackers to have an unknown impact via a STATS line with a long email field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "33972", "name": "tptest-pwd-bo(48781)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/33972" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781"
}, },
{ {
"name" : "tptest-pwd-bo(48781)", "name": "33972",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781" "url": "http://secunia.com/advisories/33972"
}, },
{ {
"name" : "tptest-getstatsfromline-bo(48953)", "name": "tptest-getstatsfromline-bo(48953)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48953" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48953"
} }
] ]
} }

98
2009/1xxx/CVE-2009-1001.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-1001", "ID": "CVE-2009-1001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors." "value": "Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold through SP6 allows remote authenticated users to gain privileges via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", "name": "1022059",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" "url": "http://www.securitytracker.com/id?1022059"
}, },
{ {
"name" : "http://www.oracle.com/technology/deploy/security/wls-security/1001.html", "name": "34461",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technology/deploy/security/wls-security/1001.html" "url": "http://www.securityfocus.com/bid/34461"
}, },
{ {
"name" : "TA09-105A", "name": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html",
"refsource" : "CERT", "refsource": "CONFIRM",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" "url": "http://www.oracle.com/technology/deploy/security/wls-security/1001.html"
}, },
{ {
"name" : "34461", "name": "53767",
"refsource" : "BID", "refsource": "OSVDB",
"url" : "http://www.securityfocus.com/bid/34461" "url": "http://osvdb.org/53767"
}, },
{ {
"name" : "53767", "name": "TA09-105A",
"refsource" : "OSVDB", "refsource": "CERT",
"url" : "http://osvdb.org/53767" "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
}, },
{ {
"name" : "1022059", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id?1022059" "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}, },
{ {
"name" : "oracle-weblogic-wls-priv-escalation(50053)", "name": "oracle-weblogic-wls-priv-escalation(50053)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50053" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50053"
} }
] ]
} }

308
2009/1xxx/CVE-2009-1098.json
View File

@ -1,266 +1,266 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1098", "ID": "CVE-2009-1098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998." "value": "Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "name": "SUSE-SA:2009:036",
"refsource" : "BUGTRAQ", "refsource": "SUSE",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
}, },
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", "name": "MDVSA-2009:137",
"refsource" : "CONFIRM", "refsource": "MANDRIVA",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
}, },
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", "name": "34632",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" "url": "http://secunia.com/advisories/34632"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", "name": "SSRT090058",
"refsource" : "CONFIRM", "refsource": "HP",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
}, },
{ {
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "name": "35156",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "url": "http://secunia.com/advisories/35156"
}, },
{ {
"name" : "DSA-1769", "name": "34675",
"refsource" : "DEBIAN", "refsource": "SECUNIA",
"url" : "http://www.debian.org/security/2009/dsa-1769" "url": "http://secunia.com/advisories/34675"
}, },
{ {
"name" : "GLSA-200911-02", "name": "SUSE-SA:2009:029",
"refsource" : "GENTOO", "refsource": "SUSE",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
}, },
{ {
"name" : "HPSBMA02429", "name": "35776",
"refsource" : "HP", "refsource": "SECUNIA",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" "url": "http://secunia.com/advisories/35776"
}, },
{ {
"name" : "SSRT090058", "name": "oval:org.mitre.oval:def:6008",
"refsource" : "HP", "refsource": "OVAL",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008"
}, },
{ {
"name" : "HPSBUX02429", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
"refsource" : "HP", "refsource": "CONFIRM",
"url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
}, },
{ {
"name" : "MDVSA-2009:137", "name": "1021913",
"refsource" : "MANDRIVA", "refsource": "SECTRACK",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" "url": "http://www.securitytracker.com/id?1021913"
}, },
{ {
"name" : "MDVSA-2009:162", "name": "37460",
"refsource" : "MANDRIVA", "refsource": "SECUNIA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" "url": "http://secunia.com/advisories/37460"
}, },
{ {
"name" : "RHSA-2009:0392", "name": "34489",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" "url": "http://secunia.com/advisories/34489"
}, },
{ {
"name" : "RHSA-2009:0394", "name": "GLSA-200911-02",
"refsource" : "REDHAT", "refsource": "GENTOO",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
}, },
{ {
"name" : "RHSA-2009:0377", "name": "RHSA-2009:1038",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
}, },
{ {
"name" : "RHSA-2009:1038", "name": "RHSA-2009:1198",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
}, },
{ {
"name" : "RHSA-2009:1198", "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
}, },
{ {
"name" : "254571", "name": "HPSBUX02429",
"refsource" : "SUNALERT", "refsource": "HP",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
}, },
{ {
"name" : "SUSE-SA:2009:016", "name": "RHSA-2009:0394",
"refsource" : "SUSE", "refsource": "REDHAT",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
}, },
{ {
"name" : "SUSE-SA:2009:029", "name": "254571",
"refsource" : "SUSE", "refsource": "SUNALERT",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1"
}, },
{ {
"name" : "SUSE-SR:2009:011", "name": "34495",
"refsource" : "SUSE", "refsource": "SECUNIA",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "url": "http://secunia.com/advisories/34495"
}, },
{ {
"name" : "SUSE-SA:2009:036", "name": "oval:org.mitre.oval:def:9956",
"refsource" : "SUSE", "refsource": "OVAL",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956"
}, },
{ {
"name" : "USN-748-1", "name": "36185",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "http://www.ubuntu.com/usn/usn-748-1" "url": "http://secunia.com/advisories/36185"
}, },
{ {
"name" : "34240", "name": "RHSA-2009:0377",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/34240" "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
}, },
{ {
"name" : "oval:org.mitre.oval:def:6008", "name": "35255",
"refsource" : "OVAL", "refsource": "SECUNIA",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6008" "url": "http://secunia.com/advisories/35255"
}, },
{ {
"name" : "oval:org.mitre.oval:def:9956", "name": "ADV-2009-1426",
"refsource" : "OVAL", "refsource": "VUPEN",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9956" "url": "http://www.vupen.com/english/advisories/2009/1426"
}, },
{ {
"name" : "1021913", "name": "SUSE-SR:2009:011",
"refsource" : "SECTRACK", "refsource": "SUSE",
"url" : "http://www.securitytracker.com/id?1021913" "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
}, },
{ {
"name" : "34489", "name": "MDVSA-2009:162",
"refsource" : "SECUNIA", "refsource": "MANDRIVA",
"url" : "http://secunia.com/advisories/34489" "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
}, },
{ {
"name" : "34495", "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "SECUNIA", "refsource": "BUGTRAQ",
"url" : "http://secunia.com/advisories/34495" "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
}, },
{ {
"name" : "34496", "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/34496" "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
}, },
{ {
"name" : "34675", "name": "RHSA-2009:0392",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/34675" "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
}, },
{ {
"name" : "34632", "name": "35223",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/34632" "url": "http://secunia.com/advisories/35223"
}, },
{ {
"name" : "35223", "name": "34240",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/35223" "url": "http://www.securityfocus.com/bid/34240"
}, },
{ {
"name" : "35156", "name": "34496",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/35156" "url": "http://secunia.com/advisories/34496"
}, },
{ {
"name" : "35255", "name": "HPSBMA02429",
"refsource" : "SECUNIA", "refsource": "HP",
"url" : "http://secunia.com/advisories/35255" "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
}, },
{ {
"name" : "35416", "name": "USN-748-1",
"refsource" : "SECUNIA", "refsource": "UBUNTU",
"url" : "http://secunia.com/advisories/35416" "url": "http://www.ubuntu.com/usn/usn-748-1"
}, },
{ {
"name" : "35776", "name": "DSA-1769",
"refsource" : "SECUNIA", "refsource": "DEBIAN",
"url" : "http://secunia.com/advisories/35776" "url": "http://www.debian.org/security/2009/dsa-1769"
}, },
{ {
"name" : "36185", "name": "35416",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/36185" "url": "http://secunia.com/advisories/35416"
}, },
{ {
"name" : "37386", "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/37386" "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
}, },
{ {
"name" : "37460", "name": "37386",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/37460" "url": "http://secunia.com/advisories/37386"
}, },
{ {
"name" : "ADV-2009-1426", "name": "SUSE-SA:2009:016",
"refsource" : "VUPEN", "refsource": "SUSE",
"url" : "http://www.vupen.com/english/advisories/2009/1426" "url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
}, },
{ {
"name" : "ADV-2009-3316", "name": "ADV-2009-3316",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316" "url": "http://www.vupen.com/english/advisories/2009/3316"
} }
] ]
} }

68
2009/1xxx/CVE-2009-1624.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1624", "ID": "CVE-2009-1624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter." "value": "Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "8545", "name": "34732",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/8545" "url": "http://www.securityfocus.com/bid/34732"
}, },
{ {
"name" : "34732", "name": "8545",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/34732" "url": "https://www.exploit-db.com/exploits/8545"
} }
] ]
} }

80
2009/1xxx/CVE-2009-1652.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1652", "ID": "CVE-2009-1652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request." "value": "admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "8689", "name": "35071",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "https://www.exploit-db.com/exploits/8689" "url": "http://secunia.com/advisories/35071"
}, },
{ {
"name" : "34976", "name": "8689",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/34976" "url": "https://www.exploit-db.com/exploits/8689"
}, },
{ {
"name" : "54493", "name": "54493",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/54493" "url": "http://osvdb.org/54493"
}, },
{ {
"name" : "35071", "name": "34976",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/35071" "url": "http://www.securityfocus.com/bid/34976"
} }
] ]
} }

86
2009/1xxx/CVE-2009-1965.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-1965", "ID": "CVE-2009-1965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors." "value": "Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "name": "36760",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" "url": "http://www.securityfocus.com/bid/36760"
}, },
{ {
"name" : "TA09-294A", "name": "37027",
"refsource" : "CERT", "refsource": "SECUNIA",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" "url": "http://secunia.com/advisories/37027"
}, },
{ {
"name" : "36760", "name": "1023057",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/36760" "url": "http://www.securitytracker.com/id?1023057"
}, },
{ {
"name" : "1023057", "name": "TA09-294A",
"refsource" : "SECTRACK", "refsource": "CERT",
"url" : "http://www.securitytracker.com/id?1023057" "url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
}, },
{ {
"name" : "37027", "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/37027" "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
} }
] ]
} }

74
2009/4xxx/CVE-2009-4712.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4712", "ID": "CVE-2009-4712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter." "value": "SQL injection vulnerability in index.php in Tukanas Classifieds (aka EasyClassifieds) Script 1.0 allows remote attackers to execute arbitrary SQL commands via the b parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt", "name": "56601",
"refsource" : "MISC", "refsource": "OSVDB",
"url" : "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt" "url": "http://osvdb.org/56601"
}, },
{ {
"name" : "56601", "name": "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt",
"refsource" : "OSVDB", "refsource": "MISC",
"url" : "http://osvdb.org/56601" "url": "http://packetstormsecurity.org/0907-exploits/tukanasec-sql.txt"
}, },
{ {
"name" : "35977", "name": "35977",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/35977" "url": "http://secunia.com/advisories/35977"
} }
] ]
} }

74
2009/4xxx/CVE-2009-4781.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4781", "ID": "CVE-2009-4781",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection." "value": "TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for rem.accdb, which allows local users to discover credentials via a DBI connection."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "10201", "name": "37553",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "http://www.exploit-db.com/exploits/10201" "url": "http://secunia.com/advisories/37553"
}, },
{ {
"name" : "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9", "name": "10201",
"refsource" : "CONFIRM", "refsource": "EXPLOIT-DB",
"url" : "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9" "url": "http://www.exploit-db.com/exploits/10201"
}, },
{ {
"name" : "37553", "name": "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/37553" "url": "http://www.tekuva.com/index.php?option=com_docman&task=doc_details&gid=40&Itemid=9"
} }
] ]
} }

80
2009/5xxx/CVE-2009-5013.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5013", "ID": "CVE-2009-5013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer." "value": "Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib before 0.5.2 allows remote authenticated users to cause a denial of service (memory consumption) by sending a QUIT command during a data transfer."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=119", "name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=119" "url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py"
}, },
{ {
"name" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY", "name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY" "url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
}, },
{ {
"name" : "http://code.google.com/p/pyftpdlib/source/detail?r=615", "name": "http://code.google.com/p/pyftpdlib/issues/detail?id=119",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/detail?r=615" "url": "http://code.google.com/p/pyftpdlib/issues/detail?id=119"
}, },
{ {
"name" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py", "name": "http://code.google.com/p/pyftpdlib/source/detail?r=615",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn615&r=615&format=side&path=/trunk/pyftpdlib/ftpserver.py" "url": "http://code.google.com/p/pyftpdlib/source/detail?r=615"
} }
] ]
} }

68
2012/2xxx/CVE-2012-2173.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-2173", "ID": "CVE-2012-2173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network." "value": "The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 sends an SHA-1 hash of the connection password during connections to a solidDB database, which allows remote attackers to obtain sensitive information by sniffing the network."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21598423", "name": "appscansource-soliddbpass-weak-security(75242)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21598423" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75242"
}, },
{ {
"name" : "appscansource-soliddbpass-weak-security(75242)", "name": "http://www.ibm.com/support/docview.wss?uid=swg21598423",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75242" "url": "http://www.ibm.com/support/docview.wss?uid=swg21598423"
} }
] ]
} }

80
2012/2xxx/CVE-2012-2326.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2326", "ID": "CVE-2012-2326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment." "value": "Cross-site scripting (XSS) vulnerability in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to inject arbitrary web script or HTML via a malformed file name in an orphaned attachment."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", "name": "53417",
"refsource" : "MLIST", "refsource": "BID",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" "url": "http://www.securityfocus.com/bid/53417"
}, },
{ {
"name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", "name": "[oss-security] 20120507 CVE request: mybb before 1.6.7",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" "url": "http://www.openwall.com/lists/oss-security/2012/05/07/13"
}, },
{ {
"name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", "name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" "url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/"
}, },
{ {
"name" : "53417", "name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7",
"refsource" : "BID", "refsource": "MLIST",
"url" : "http://www.securityfocus.com/bid/53417" "url": "http://www.openwall.com/lists/oss-security/2012/05/07/14"
} }
] ]
} }

22
2012/2xxx/CVE-2012-2502.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2502", "ID": "CVE-2012-2502",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2012/2xxx/CVE-2012-2931.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2931", "ID": "CVE-2012-2931",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2012/3xxx/CVE-2012-3338.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3338", "ID": "CVE-2012-3338",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

158
2012/3xxx/CVE-2012-3370.json
View File

@ -1,141 +1,141 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3370", "ID": "CVE-2012-3370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users." "value": "The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456", "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456" "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456"
}, },
{ {
"name" : "RHSA-2013:0191", "name": "jboss-eap-getcredential-info-disc(81513)",
"refsource" : "REDHAT", "refsource": "XF",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0191.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81513"
}, },
{ {
"name" : "RHSA-2013:0192", "name": "RHSA-2013:0192",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0192.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0192.html"
}, },
{ {
"name" : "RHSA-2013:0193", "name": "RHSA-2013:0198",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0193.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0198.html"
}, },
{ {
"name" : "RHSA-2013:0194", "name": "RHSA-2013:0195",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0194.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0195.html"
}, },
{ {
"name" : "RHSA-2013:0195", "name": "RHSA-2013:0221",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0195.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0221.html"
}, },
{ {
"name" : "RHSA-2013:0196", "name": "89581",
"refsource" : "REDHAT", "refsource": "OSVDB",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0196.html" "url": "http://www.osvdb.org/89581"
}, },
{ {
"name" : "RHSA-2013:0197", "name": "RHSA-2013:0196",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0197.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0196.html"
}, },
{ {
"name" : "RHSA-2013:0198", "name": "57550",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0198.html" "url": "http://www.securityfocus.com/bid/57550"
}, },
{ {
"name" : "RHSA-2013:0221", "name": "RHSA-2013:0193",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0221.html" "url": "http://rhn.redhat.com/errata/RHSA-2013-0193.html"
}, },
{ {
"name" : "RHSA-2013:0533", "name": "51984",
"refsource" : "REDHAT", "refsource": "SECUNIA",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html" "url": "http://secunia.com/advisories/51984"
}, },
{ {
"name" : "57550", "name": "1028042",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/57550" "url": "http://securitytracker.com/id?1028042"
}, },
{ {
"name" : "89581", "name": "52054",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://www.osvdb.org/89581" "url": "http://secunia.com/advisories/52054"
}, },
{ {
"name" : "1028042", "name": "RHSA-2013:0191",
"refsource" : "SECTRACK", "refsource": "REDHAT",
"url" : "http://securitytracker.com/id?1028042" "url": "http://rhn.redhat.com/errata/RHSA-2013-0191.html"
}, },
{ {
"name" : "51984", "name": "RHSA-2013:0533",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/51984" "url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}, },
{ {
"name" : "52054", "name": "RHSA-2013:0197",
"refsource" : "SECUNIA", "refsource": "REDHAT",
"url" : "http://secunia.com/advisories/52054" "url": "http://rhn.redhat.com/errata/RHSA-2013-0197.html"
}, },
{ {
"name" : "jboss-eap-getcredential-info-disc(81513)", "name": "RHSA-2013:0194",
"refsource" : "XF", "refsource": "REDHAT",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81513" "url": "http://rhn.redhat.com/errata/RHSA-2013-0194.html"
} }
] ]
} }

22
2012/3xxx/CVE-2012-3862.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3862", "ID": "CVE-2012-3862",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

80
2012/3xxx/CVE-2012-3890.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3890", "ID": "CVE-2012-3890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file." "value": "The in_mod plugin in Winamp before 5.63 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a .IT file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://forums.winamp.com/showthread.php?t=345684", "name": "http://forums.winamp.com/showthread.php?t=345684",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://forums.winamp.com/showthread.php?t=345684" "url": "http://forums.winamp.com/showthread.php?t=345684"
}, },
{ {
"name" : "54131", "name": "46624",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/54131" "url": "http://secunia.com/advisories/46624"
}, },
{ {
"name" : "oval:org.mitre.oval:def:15553", "name": "oval:org.mitre.oval:def:15553",
"refsource" : "OVAL", "refsource": "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15553"
}, },
{ {
"name" : "46624", "name": "54131",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/46624" "url": "http://www.securityfocus.com/bid/54131"
} }
] ]
} }

74
2012/4xxx/CVE-2012-4098.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-4098", "ID": "CVE-2012-4098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055." "value": "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13055."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability", "name": "cisco-nxos-cve20124098-dos(87675)",
"refsource" : "CISCO", "refsource": "XF",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87675"
}, },
{ {
"name" : "98129", "name": "98129",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/98129" "url": "http://osvdb.org/98129"
}, },
{ {
"name" : "cisco-nxos-cve20124098-dos(87675)", "name": "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability",
"refsource" : "XF", "refsource": "CISCO",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87675" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4098"
} }
] ]
} }

74
2012/6xxx/CVE-2012-6098.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6098", "ID": "CVE-2012-6098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature." "value": "grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20130121 Moodle security notifications public", "name": "https://moodle.org/mod/forum/discuss.php?d=220158",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "http://openwall.com/lists/oss-security/2013/01/21/1" "url": "https://moodle.org/mod/forum/discuss.php?d=220158"
}, },
{ {
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619", "name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619" "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619"
}, },
{ {
"name" : "https://moodle.org/mod/forum/discuss.php?d=220158", "name": "[oss-security] 20130121 Moodle security notifications public",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "https://moodle.org/mod/forum/discuss.php?d=220158" "url": "http://openwall.com/lists/oss-security/2013/01/21/1"
} }
] ]
} }

22
2012/6xxx/CVE-2012-6194.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6194", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-6194",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

22
2012/6xxx/CVE-2012-6250.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6250", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2012-6250",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }

68
2012/6xxx/CVE-2012-6608.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6608", "ID": "CVE-2012-6608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter." "value": "Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in Elastix 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the Page parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html", "name": "55739",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html" "url": "http://secunia.com/advisories/55739"
}, },
{ {
"name" : "55739", "name": "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/55739" "url": "http://packetstormsecurity.com/files/118454/Elastix-2.3.0-Cross-Site-Scripting.html"
} }
] ]
} }

22
2015/5xxx/CVE-2015-5373.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5373", "ID": "CVE-2015-5373",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2015/5xxx/CVE-2015-5474.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5474", "ID": "CVE-2015-5474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol." "value": "BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-358/", "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-358/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-358/" "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-358/"
} }
] ]
} }

22
2017/2xxx/CVE-2017-2079.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2079", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2017-2079",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }

22
2017/2xxx/CVE-2017-2081.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2081", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2017-2081",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }

68
2017/2xxx/CVE-2017-2099.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2099", "ID": "CVE-2017-2099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application", "product_name": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V3.0.0 and earlier" "version_value": "V3.0.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors." "value": "Hands-on Vulnerability Learning Tool \"AppGoat\" for Web Application V3.0.0 and earlier allows remote code execution via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Remote code execution" "value": "Remote code execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "JVN#71666779", "name": "96226",
"refsource" : "JVN", "refsource": "BID",
"url" : "http://jvn.jp/en/jp/JVN71666779/index.html" "url": "http://www.securityfocus.com/bid/96226"
}, },
{ {
"name" : "96226", "name": "JVN#71666779",
"refsource" : "BID", "refsource": "JVN",
"url" : "http://www.securityfocus.com/bid/96226" "url": "http://jvn.jp/en/jp/JVN71666779/index.html"
} }
] ]
} }

98
2017/2xxx/CVE-2017-2416.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2416", "ID": "CVE-2017-2416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file." "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"ImageIO\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted image file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/", "name": "97137",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/" "url": "http://www.securityfocus.com/bid/97137"
}, },
{ {
"name" : "https://support.apple.com/HT207601", "name": "https://support.apple.com/HT207601",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT207601" "url": "https://support.apple.com/HT207601"
}, },
{ {
"name" : "https://support.apple.com/HT207602", "name": "https://support.apple.com/HT207615",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT207602" "url": "https://support.apple.com/HT207615"
}, },
{ {
"name" : "https://support.apple.com/HT207615", "name": "1038138",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://support.apple.com/HT207615" "url": "http://www.securitytracker.com/id/1038138"
}, },
{ {
"name" : "https://support.apple.com/HT207617", "name": "https://support.apple.com/HT207602",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://support.apple.com/HT207617" "url": "https://support.apple.com/HT207602"
}, },
{ {
"name" : "97137", "name": "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/97137" "url": "https://blog.flanker017.me/cve-2017-2416-gif-remote-exec/"
}, },
{ {
"name" : "1038138", "name": "https://support.apple.com/HT207617",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038138" "url": "https://support.apple.com/HT207617"
} }
] ]
} }

68
2018/11xxx/CVE-2018-11019.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11019", "ID": "CVE-2018-11019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash." "value": "kernel/omap/drivers/misc/gcx/gcioctl/gcif.c in the kernel component in Amazon Kindle Fire HD(3rd) Fire OS 4.5.5.3 allows attackers to inject a crafted argument via the argument of an ioctl on device /dev/gcioctl with the command 3221773726 and cause a kernel crash."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md", "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md" "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md"
}, },
{ {
"name" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md", "name": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/datadancer/HIAFuzz/blob/master/CVE-Advisory.md" "url": "https://github.com/datadancer/HIAFuzz/blob/master/CVE-2018-11019.md"
} }
] ]
} }

80
2018/11xxx/CVE-2018-11281.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11281", "ID": "CVE-2018-11281",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur." "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use After Free in Data" "value": "Use After Free in Data"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components", "name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components" "url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}, },
{ {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb", "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb" "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c9861d16283cb4279de98a6695e0a4e6ea0230cb"
}, },
{ {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c", "name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c" "url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=4bc7311e9ea9145a615184626cc43a8b92e7619c"
}, },
{ {
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
} }
] ]
} }

68
2018/11xxx/CVE-2018-11478.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11478", "ID": "CVE-2018-11478",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network." "value": "An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be used to send commands to the car (different for every vendor / car product line / car). No authentication is needed, which allows attacks from the local Wi-Fi network."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle", "name": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/",
"refsource" : "FULLDISC", "refsource": "MISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/66" "url": "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/"
}, },
{ {
"name" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/", "name": "20180529 SEC Consult SA-20180529-0 :: Unprotected WiFi access & Unencrypted data transfer in Vgate iCar2 OBD2 Dongle",
"refsource" : "MISC", "refsource": "FULLDISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/unprotected-wifi-access-unencrypted-data-transfer-in-vgate-icar2-wifi-obd2-dongle/" "url": "http://seclists.org/fulldisclosure/2018/May/66"
} }
] ]
} }

68
2018/11xxx/CVE-2018-11621.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-11621", "ID": "CVE-2018-11621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.1049" "version_value": "9.0.1.1049"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896." "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5896."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-125-Out-of-bounds Read" "value": "CWE-125-Out-of-bounds Read"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-698", "name": "https://zerodayinitiative.com/advisories/ZDI-18-698",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-698" "url": "https://zerodayinitiative.com/advisories/ZDI-18-698"
}, },
{ {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
} }
] ]
} }

68
2018/11xxx/CVE-2018-11743.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11743", "ID": "CVE-2018-11743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact." "value": "The init_copy function in kernel.c in mruby 1.4.1 makes initialize_copy calls for TT_ICLASS objects, which allows attackers to cause a denial of service (mrb_hash_keys uninitialized pointer and application crash) or possibly have unspecified other impact."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d", "name": "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d" "url": "https://github.com/mruby/mruby/commit/b64ce17852b180dfeea81cf458660be41a78974d"
}, },
{ {
"name" : "https://github.com/mruby/mruby/issues/4027", "name": "https://github.com/mruby/mruby/issues/4027",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/mruby/mruby/issues/4027" "url": "https://github.com/mruby/mruby/issues/4027"
} }
] ]
} }

22
2018/11xxx/CVE-2018-11922.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11922", "ID": "CVE-2018-11922",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/14xxx/CVE-2018-14185.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14185", "ID": "CVE-2018-14185",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/14xxx/CVE-2018-14250.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14250", "ID": "CVE-2018-14250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.1049" "version_value": "9.0.1.1049"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the getAnnot method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6013."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')" "value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-710", "name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-710" "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}, },
{ {
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", "name": "https://zerodayinitiative.com/advisories/ZDI-18-710",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "url": "https://zerodayinitiative.com/advisories/ZDI-18-710"
} }
] ]
} }

62
2018/14xxx/CVE-2018-14973.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14973", "ID": "CVE-2018-14973",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS." "value": "An issue was discovered in QCMS 3.0.1. upload/System/Controller/backend/product.php has XSS."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md", "name": "https://github.com/AvaterXXX/QCMS/blob/master/README.md",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/AvaterXXX/QCMS/blob/master/README.md" "url": "https://github.com/AvaterXXX/QCMS/blob/master/README.md"
} }
] ]
} }

68
2018/14xxx/CVE-2018-14995.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14995", "ID": "CVE-2018-14995",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them." "value": "The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971/peony:7.1.1/NMF26V/20171129.143111:user/release-keys, the ZTE ZMAX Pro Android device with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contain a pre-installed platform app with a package name of com.android.modem.service (versionCode=25, versionName=7.1.1; versionCode=23, versionName=6.0.1) that exports an interface to any app on co-located on the device. Using the exported interface of the com.android.modem.service app, any app can enable and obtain certain log files (modem and logcat) without the appropriate corresponding access permissions. The modem logs contain the phone number and full text body of incoming and outgoing text messages in binary format. In addition, the modem log contains the phone numbers for both incoming and outgoing phone calls. The system-wide logcat logs (those obtained via the logcat binary) tend to contain sensitive user data. Third-party apps are prevented from directly reading the system-wide logcat logs. The capability to read from the system-wide logcat logs is only available to pre-installed system apps and platform apps. The modem log and/or logcat log, once activated, get written to external storage (SD card). An app aware of this vulnerability can enable the logs, parse them for relevant data, and exfiltrate them from the device. The modem log and logcat log are inactive by default, but a third-party app with no permissions can activate them, although the app will need to be granted the READ_EXTERNAL_STORAGE permission to access them."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
}, },
{ {
"name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
} }
] ]
} }

74
2018/15xxx/CVE-2018-15005.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15005", "ID": "CVE-2018-15005",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app." "value": "The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zdm.sdm (versionCode=31, versionName=V5.0.3) that contains an exported broadcast receiver app component named com.zte.zdm.VdmcBroadcastReceiver that allows any app co-located on the device to programmatically initiate a factory reset. In addition, the app initiating the factory reset does not require any permissions. A factory reset will remove all user data and apps from the device. This will result in the loss of any data that have not been backed up or synced externally. The capability to perform a factory reset is not directly available to third-party apps (those that the user installs themselves with the exception of enabled Mobile Device Management (MDM) apps), although this capability can be obtained by leveraging an unprotected app component of a pre-installed platform app."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/", "name": "106361",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://www.kryptowire.com/portal/android-firmware-defcon-2018/" "url": "http://www.securityfocus.com/bid/106361"
}, },
{ {
"name" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf", "name": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf" "url": "https://www.kryptowire.com/portal/wp-content/uploads/2018/12/DEFCON-26-Johnson-and-Stavrou-Vulnerable-Out-of-the-Box-An-Eval-of-Android-Carrier-Devices-WP-Updated.pdf"
}, },
{ {
"name" : "106361", "name": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/106361" "url": "https://www.kryptowire.com/portal/android-firmware-defcon-2018/"
} }
] ]
} }

22
2018/15xxx/CVE-2018-15010.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15010", "ID": "CVE-2018-15010",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/15xxx/CVE-2018-15477.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15477", "ID": "CVE-2018-15477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device." "value": "myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the device."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt", "name": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt" "url": "https://www.swisscom.ch/content/dam/swisscom/de/about/nachhaltigkeit/digitale-schweiz/sicherheit/bug-bounty/files/cve-2018-15476ff.txt"
} }
] ]
} }

22
2018/15xxx/CVE-2018-15690.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15690", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2018-15690",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }

150
2018/8xxx/CVE-2018-8039.json
View File

@ -1,135 +1,135 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-06-28T00:00:00", "DATE_PUBLIC": "2018-06-28T00:00:00",
"ID" : "CVE-2018-8039", "ID": "CVE-2018-8039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache CXF", "product_name": "Apache CXF",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 3.1.16" "version_value": "prior to 3.1.16"
}, },
{ {
"version_value" : "3.2.x prior to 3.2.5" "version_value": "3.2.x prior to 3.2.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks." "value": "It is possible to configure Apache CXF to use the com.sun.net.ssl implementation via 'System.setProperty(\"java.protocol.handler.pkgs\", \"com.sun.net.ssl.internal.www.protocol\");'. When this system property is set, CXF uses some reflection to try to make the HostnameVerifier work with the old com.sun.net.ssl.HostnameVerifier interface. However, the default HostnameVerifier implementation in CXF does not implement the method in this interface, and an exception is thrown. However, in Apache CXF prior to 3.2.5 and 3.1.16 the exception is caught in the reflection code and not properly propagated. What this means is that if you are using the com.sun.net.ssl stack with CXF, an error with TLS hostname verification will not be thrown, leaving a CXF client subject to man-in-the-middle attacks."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Improper Validation of Certificate with Host Mismatch" "value": "Improper Validation of Certificate with Host Mismatch"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released", "name": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E" "url": "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b"
}, },
{ {
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2", "name": "RHSA-2018:2428",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2" "url": "https://access.redhat.com/errata/RHSA-2018:2428"
}, },
{ {
"name" : "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b", "name": "RHSA-2018:3817",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://github.com/apache/cxf/commit/fae6fabf9bd7647f5e9cb68897a7d72b545b741b" "url": "https://access.redhat.com/errata/RHSA-2018:3817"
}, },
{ {
"name" : "RHSA-2018:2276", "name": "RHSA-2018:2643",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2276" "url": "https://access.redhat.com/errata/RHSA-2018:2643"
}, },
{ {
"name" : "RHSA-2018:2277", "name": "[cxf-user] 20180628 Apache CXF 3.2.6 and 3.1.16 are released",
"refsource" : "REDHAT", "refsource": "MLIST",
"url" : "https://access.redhat.com/errata/RHSA-2018:2277" "url": "https://lists.apache.org/thread.html/1f8ff31df204ad0374ab26ad333169e0387a5e7ec92422f337431866@%3Cdev.cxf.apache.org%3E"
}, },
{ {
"name" : "RHSA-2018:2279", "name": "106357",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "https://access.redhat.com/errata/RHSA-2018:2279" "url": "http://www.securityfocus.com/bid/106357"
}, },
{ {
"name" : "RHSA-2018:2423", "name": "RHSA-2018:2279",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2423" "url": "https://access.redhat.com/errata/RHSA-2018:2279"
}, },
{ {
"name" : "RHSA-2018:2424", "name": "RHSA-2018:2424",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2424" "url": "https://access.redhat.com/errata/RHSA-2018:2424"
}, },
{ {
"name" : "RHSA-2018:2425", "name": "RHSA-2018:2276",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2425" "url": "https://access.redhat.com/errata/RHSA-2018:2276"
}, },
{ {
"name" : "RHSA-2018:2428", "name": "RHSA-2018:2423",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2428" "url": "https://access.redhat.com/errata/RHSA-2018:2423"
}, },
{ {
"name" : "RHSA-2018:2643", "name": "RHSA-2018:2425",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2643" "url": "https://access.redhat.com/errata/RHSA-2018:2425"
}, },
{ {
"name" : "RHSA-2018:3768", "name": "RHSA-2018:2277",
"refsource" : "REDHAT", "refsource": "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3768" "url": "https://access.redhat.com/errata/RHSA-2018:2277"
}, },
{ {
"name" : "RHSA-2018:3817", "name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2018:3817" "url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8039.txt.asc?version=1&modificationDate=1530184663000&api=v2"
}, },
{ {
"name" : "106357", "name": "1041199",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/106357" "url": "http://www.securitytracker.com/id/1041199"
}, },
{ {
"name" : "1041199", "name": "RHSA-2018:3768",
"refsource" : "SECTRACK", "refsource": "REDHAT",
"url" : "http://www.securitytracker.com/id/1041199" "url": "https://access.redhat.com/errata/RHSA-2018:3768"
} }
] ]
} }

158
2018/8xxx/CVE-2018-8320.json
View File

@ -1,183 +1,183 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8320", "ID": "CVE-2018-8320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." "value": "A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka \"Windows DNS Security Feature Bypass Vulnerability.\" This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Security Feature Bypass" "value": "Security Feature Bypass"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320", "name": "105503",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320" "url": "http://www.securityfocus.com/bid/105503"
}, },
{ {
"name" : "105503", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/105503" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8320"
}, },
{ {
"name" : "1041830", "name": "1041830",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041830" "url": "http://www.securitytracker.com/id/1041830"
} }
] ]
} }

200
2018/8xxx/CVE-2018-8407.json
View File

@ -1,240 +1,240 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8407", "ID": "CVE-2018-8407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for ARM64-based Systems" "version_value": "Version 1709 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for ARM64-based Systems" "version_value": "Version 1803 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for ARM64-based Systems" "version_value": "Version 1809 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An information disclosure vulnerability exists when \"Kernel Remote Procedure Call Provider\" driver improperly initializes objects in memory, aka \"MSRPC Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers." "value": "An information disclosure vulnerability exists when \"Kernel Remote Procedure Call Provider\" driver improperly initializes objects in memory, aka \"MSRPC Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Information Disclosure" "value": "Information Disclosure"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407", "name": "1042123",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407" "url": "http://www.securitytracker.com/id/1042123"
}, },
{ {
"name" : "105794", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/105794" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8407"
}, },
{ {
"name" : "1042123", "name": "105794",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1042123" "url": "http://www.securityfocus.com/bid/105794"
} }
] ]
} }

210
2018/8xxx/CVE-2018-8421.json
View File

@ -1,275 +1,275 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8421", "ID": "CVE-2018-8421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft .NET Framework", "product_name": "Microsoft .NET Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "3.5 on Windows 10 for 32-bit Systems" "version_value": "3.5 on Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 for x64-based Systems" "version_value": "3.5 on Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems" "version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for 32-bit systems" "version_value": "3.5 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "3.5 on Windows 8.1 for x64-based systems" "version_value": "3.5 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012" "version_value": "3.5 on Windows Server 2012"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2" "version_value": "3.5 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)" "version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016" "version_value": "3.5 on Windows Server 2016"
}, },
{ {
"version_value" : "3.5 on Windows Server 2016 (Server Core installation)" "version_value": "3.5 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)" "version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1" "version_value": "3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for 32-bit systems" "version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.5.2 on Windows 8.1 for x64-based systems" "version_value": "4.5.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.5.2 on Windows RT 8.1" "version_value": "4.5.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012" "version_value": "4.5.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2" "version_value": "4.5.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2" "version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
}, },
{ {
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)" "version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
}, },
{ {
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)" "version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems" "version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)" "version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems" "version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)" "version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems" "version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0." "value": "A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka \".NET Framework Remote Code Execution Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Remote Code Execution" "value": "Remote Code Execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8421"
}, },
{ {
"name" : "105222", "name": "1041636",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/105222" "url": "http://www.securitytracker.com/id/1041636"
}, },
{ {
"name" : "1041636", "name": "105222",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1041636" "url": "http://www.securityfocus.com/bid/105222"
} }
] ]
} }

106
2018/8xxx/CVE-2018-8522.json
View File

@ -1,115 +1,115 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8522", "ID": "CVE-2018-8522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2019 for 32-bit editions" "version_value": "2019 for 32-bit editions"
}, },
{ {
"version_value" : "2019 for 64-bit editions" "version_value": "2019 for 64-bit editions"
} }
] ]
} }
}, },
{ {
"product_name" : "Office", "product_name": "Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "365 ProPlus for 32-bit Systems" "version_value": "365 ProPlus for 32-bit Systems"
}, },
{ {
"version_value" : "365 ProPlus for 64-bit Systems" "version_value": "365 ProPlus for 64-bit Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Microsoft Outlook", "product_name": "Microsoft Outlook",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 2 (32-bit editions)" "version_value": "2010 Service Pack 2 (32-bit editions)"
}, },
{ {
"version_value" : "2010 Service Pack 2 (64-bit editions)" "version_value": "2010 Service Pack 2 (64-bit editions)"
}, },
{ {
"version_value" : "2013 RT Service Pack 1" "version_value": "2013 RT Service Pack 1"
}, },
{ {
"version_value" : "2013 Service Pack 1 (32-bit editions)" "version_value": "2013 Service Pack 1 (32-bit editions)"
}, },
{ {
"version_value" : "2013 Service Pack 1 (64-bit editions)" "version_value": "2013 Service Pack 1 (64-bit editions)"
}, },
{ {
"version_value" : "2016 (32-bit edition)" "version_value": "2016 (32-bit edition)"
}, },
{ {
"version_value" : "2016 (64-bit edition)" "version_value": "2016 (64-bit edition)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582." "value": "A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka \"Microsoft Outlook Remote Code Execution Vulnerability.\" This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique from CVE-2018-8524, CVE-2018-8576, CVE-2018-8582."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Remote Code Execution" "value": "Remote Code Execution"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522", "name": "1042110",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522" "url": "http://www.securitytracker.com/id/1042110"
}, },
{ {
"name" : "105820", "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/105820" "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8522"
}, },
{ {
"name" : "1042110", "name": "105820",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1042110" "url": "http://www.securityfocus.com/bid/105820"
} }
] ]
} }

74
2018/8xxx/CVE-2018-8960.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8960", "ID": "CVE-2018-8960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read." "value": "The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 does not properly restrict memory allocation, leading to a heap-based buffer over-read."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1020", "name": "https://github.com/ImageMagick/ImageMagick/issues/1020",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1020" "url": "https://github.com/ImageMagick/ImageMagick/issues/1020"
}, },
{ {
"name" : "USN-3681-1", "name": "USN-3681-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/" "url": "https://usn.ubuntu.com/3681-1/"
}, },
{ {
"name" : "103523", "name": "103523",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103523" "url": "http://www.securityfocus.com/bid/103523"
} }
] ]
} }