admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:24:59 +00:00
parent b1673f8938
commit 5333b1fb5d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4195 additions and 4195 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/1xxx/CVE-2002-1520.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1520", "ID": "CVE-2002-1520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html" "lang": "eng",
}, "value": "The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges."
{ }
"name" : "20020926 Watchguard firewall appliances security issues", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5815", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5815" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "firebox-vclass-cli-admin-privileges(10218)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10218.php" ]
}, },
{ "references": {
"name" : "4831", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4831" "name": "20020926 Watchguard firewall appliances security issues",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html"
} },
} {
"name": "20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html"
},
{
"name": "4831",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4831"
},
{
"name": "firebox-vclass-cli-admin-privileges(10218)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10218.php"
},
{
"name": "5815",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5815"
}
]
}
}

140
2002/1xxx/CVE-2002-1959.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1959", "ID": "CVE-2002-1959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.nagios.org/changelog.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.nagios.org/changelog.php" "lang": "eng",
}, "value": "Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrary commands via shell metacharacters in plugin output."
{ }
"name" : "5174", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5174" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nagios-plugin-command-execution(9508)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9508.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5174"
},
{
"name": "nagios-plugin-command-execution(9508)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9508.php"
},
{
"name": "http://www.nagios.org/changelog.php",
"refsource": "CONFIRM",
"url": "http://www.nagios.org/changelog.php"
}
]
}
}

34
2003/0xxx/CVE-2003-0029.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0029", "ID": "CVE-2003-0029",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2003/0xxx/CVE-2003-0234.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0234", "ID": "CVE-2003-0234",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2003/0xxx/CVE-2003-0319.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0319", "ID": "CVE-2003-0319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030517 Buffer overflow vulnerability found in MailMax version 5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105319299407291&w=2" "lang": "eng",
}, "value": "Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command."
{ }
"name" : "20030517 Buffer overflow vulnerability found in MailMax version 5", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030517 Buffer overflow vulnerability found in MailMax version 5",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105319299407291&w=2"
},
{
"name": "20030517 Buffer overflow vulnerability found in MailMax version 5",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html"
}
]
}
}

170
2003/0xxx/CVE-2003-0787.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0787", "ID": "CVE-2003-0787",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030923 Multiple PAM vulnerabilities in portable OpenSSH", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/338617" "lang": "eng",
}, "value": "The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges."
{ }
"name" : "20030923 Portable OpenSSH 3.7.1p2 released", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/338616" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.openssh.com/txt/sshpam.adv", ]
"refsource" : "CONFIRM", }
"url" : "http://www.openssh.com/txt/sshpam.adv" ]
}, },
{ "references": {
"name" : "VU#209807", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/209807" "name": "http://www.openssh.com/txt/sshpam.adv",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssh.com/txt/sshpam.adv"
"name" : "8677", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8677" "name": "8677",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/8677"
} },
} {
"name": "VU#209807",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/209807"
},
{
"name": "20030923 Multiple PAM vulnerabilities in portable OpenSSH",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338617"
},
{
"name": "20030923 Portable OpenSSH 3.7.1p2 released",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/338616"
},
{
"name": "20030924 [OpenPKG-SA-2003.042] OpenPKG Security Advisory (openssh)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010812.html"
}
]
}
}

130
2003/0xxx/CVE-2003-0887.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0887", "ID": "CVE-2003-0887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6" "lang": "eng",
}, "value": "ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file."
{ }
"name" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5", ]
"refsource" : "CONFIRM", },
"url" : "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5",
"refsource": "CONFIRM",
"url": "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?r1=1.4&r2=1.5"
},
{
"name": "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6",
"refsource": "CONFIRM",
"url": "http://cvs.mandriva.com/cgi-bin/viewcvs.cgi/SPECS/ez-ipupdate/ez-ipupdate.spec?rev=1.6"
}
]
}
}

130
2003/0xxx/CVE-2003-0938.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0938", "ID": "CVE-2003-0938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious \"NETAPI32.DLL\" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "A111703-1", "description_data": [
"refsource" : "ATSTAKE", {
"url" : "http://www.atstake.com/research/advisories/2003/a111703-1.txt" "lang": "eng",
}, "value": "vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows local users to gain SYSTEM privileges via a malicious \"NETAPI32.DLL\" in the current working directory, which is found and loaded by SAP DB before the real DLL, as demonstrated using the SQLAT stored procedure."
{ }
"name" : "sapdb-NETAPI32-gain-privileges(13765)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13765" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A111703-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a111703-1.txt"
},
{
"name": "sapdb-NETAPI32-gain-privileges(13765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13765"
}
]
}
}

170
2003/1xxx/CVE-2003-1141.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1141", "ID": "CVE-2003-1141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031104 NIPrint remote exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/343318" "lang": "eng",
}, "value": "Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515."
{ }
"name" : "20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/343257" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8968", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8968" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2774", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/2774" ]
}, },
{ "references": {
"name" : "10143", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10143" "name": "niprint-bo(13591)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13591"
"name" : "niprint-bo(13591)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13591" "name": "20031104 SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/343257"
} },
} {
"name": "2774",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2774"
},
{
"name": "20031104 NIPrint remote exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343318"
},
{
"name": "8968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8968"
},
{
"name": "10143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10143"
}
]
}
}

150
2003/1xxx/CVE-2003-1515.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1515", "ID": "CVE-2003-1515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031012 Origo ASR-8100 ADSL router remote factory reset", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/341752" "lang": "eng",
}, "value": "Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults."
{ }
"name" : "8855", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8855" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3300", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "origo-default-settings-restore(13463)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13463" ]
} },
] "references": {
} "reference_data": [
} {
"name": "origo-default-settings-restore(13463)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13463"
},
{
"name": "20031012 Origo ASR-8100 ADSL router remote factory reset",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/341752"
},
{
"name": "3300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3300"
},
{
"name": "8855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8855"
}
]
}
}

170
2004/2xxx/CVE-2004-2219.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2219", "ID": "CVE-2004-2219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040815 NullyFake - Site Spoofing in MSIE", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake."
{ }
"name" : "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt", ]
"refsource" : "MISC", },
"url" : "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8978", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8978" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1010957", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1010957" ]
}, },
{ "references": {
"name" : "12304", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12304" "name": "20040815 NullyFake - Site Spoofing in MSIE",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2004-08/0215.html"
"name" : "ie-address-bar-spoofing(17007)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007" "name": "12304",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/12304"
} },
} {
"name": "8978",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8978"
},
{
"name": "ie-address-bar-spoofing(17007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17007"
},
{
"name": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt",
"refsource": "MISC",
"url": "http://umbrella.name/originalvuln/msie/NullyFake/nullyfake-content.txt"
},
{
"name": "1010957",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010957"
}
]
}
}

160
2004/2xxx/CVE-2004-2440.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2440", "ID": "CVE-2004-2440",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=271699", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=271699" "lang": "eng",
}, "value": "Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users."
{ }
"name" : "11299", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11299" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1011486", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1011486" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12685", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12685/" ]
}, },
{ "references": {
"name" : "proxytunnel-information-disclosure(17566)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17566" "name": "1011486",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1011486"
} },
} {
"name": "11299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11299"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=271699",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=271699"
},
{
"name": "proxytunnel-information-disclosure(17566)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17566"
},
{
"name": "12685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12685/"
}
]
}
}

130
2004/2xxx/CVE-2004-2684.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2684", "ID": "CVE-2004-2684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Cache-News] 20040309 Security Alert - %template", "description_data": [
"refsource" : "MLIST", {
"url" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514" "lang": "eng",
}, "value": "Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\\studio\\templates and (b) Devuser\\studio\\templates."
{ }
"name" : "[Cache-News] 20040310 Updated Security Alert - %template", ]
"refsource" : "MLIST", },
"url" : "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Cache-News] 20040310 Updated Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/7af3237a57e97f14/da52318590c68c75"
},
{
"name": "[Cache-News] 20040309 Security Alert - %template",
"refsource": "MLIST",
"url": "http://groups.google.com/group/intersystems-public-cache/browse_thread/thread/cda052864061faf7/b1c4ad61ca27c514"
}
]
}
}

34
2008/2xxx/CVE-2008-2260.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-2260", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-2260",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

180
2008/2xxx/CVE-2008-2820.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2820", "ID": "CVE-2008-2820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080616 [DSECRG-08-026] LFI in Open Azimyt CMS 0.22", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493377/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in lang/lang-system.php in Open Azimyt CMS 0.22 minimal and 0.21 stable allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter."
{ }
"name" : "5831", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/5831" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://open-azimyt-cms.googlecode.com/files/security_patch.zip", "description": [
"refsource" : "CONFIRM", {
"url" : "http://open-azimyt-cms.googlecode.com/files/security_patch.zip" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29756", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/29756" ]
}, },
{ "references": {
"name" : "30691", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30691" "name": "5831",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5831"
"name" : "3955", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3955" "name": "openazimyt-langsystem-file-include(43102)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43102"
"name" : "openazimyt-langsystem-file-include(43102)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43102" "name": "20080616 [DSECRG-08-026] LFI in Open Azimyt CMS 0.22",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/493377/100/0/threaded"
} },
} {
"name": "30691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30691"
},
{
"name": "3955",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3955"
},
{
"name": "29756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29756"
},
{
"name": "http://open-azimyt-cms.googlecode.com/files/security_patch.zip",
"refsource": "CONFIRM",
"url": "http://open-azimyt-cms.googlecode.com/files/security_patch.zip"
}
]
}
}

210
2012/0xxx/CVE-2012-0065.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0065", "ID": "CVE-2012-0065",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120119 CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/01/19/25" "lang": "eng",
}, "value": "Heap-based buffer overflow in the receive_packet function in libusbmuxd/libusbmuxd.c in usbmuxd 1.0.5 through 1.0.7 allows physically proximate attackers to execute arbitrary code via a long SerialNumber field in a property list."
{ }
"name" : "[oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2012/01/19/26" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=399409", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=399409" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6", ]
"refsource" : "CONFIRM", }
"url" : "http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228" "name": "MDVSA-2013:133",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133"
"name" : "MDVSA-2012:133", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133" "name": "[oss-security] 20120119 Re: CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2012/01/19/26"
"name" : "MDVSA-2013:133", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:133" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0228"
"name" : "51573", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51573" "name": "51573",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51573"
"name" : "47545", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47545" "name": "MDVSA-2012:133",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:133"
"name" : "usbmuxd-libusbmuxd-bo(72546)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546" "name": "47545",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/47545"
} },
} {
"name": "http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6",
"refsource": "CONFIRM",
"url": "http://git.marcansoft.com/?p=usbmuxd.git;a=commitdiff;h=f794991993af56a74795891b4ff9da506bc893e6"
},
{
"name": "usbmuxd-libusbmuxd-bo(72546)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72546"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=399409",
"refsource": "MISC",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=399409"
},
{
"name": "[oss-security] 20120119 CVE request: usbmuxd 1.0.7 \"receive_packet()\" Buffer Overflow Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/19/25"
}
]
}
}

160
2012/0xxx/CVE-2012-0180.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0180", "ID": "CVE-2012-0180",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka \"Windows and Messages Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-034", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034" "lang": "eng",
}, "value": "win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka \"Windows and Messages Vulnerability.\""
{ }
"name" : "TA12-129A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53324", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53324" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15466", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15466" ]
}, },
{ "references": {
"name" : "1027039", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027039" "name": "oval:org.mitre.oval:def:15466",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15466"
} },
} {
"name": "1027039",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027039"
},
{
"name": "MS12-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "53324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53324"
}
]
}
}

170
2012/0xxx/CVE-2012-0228.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-0228", "ID": "CVE-2012-0228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf" "lang": "eng",
}, "value": "Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not properly implement client controls, which allows remote attackers to bypass intended access restrictions via unspecified vectors."
{ }
"name" : "52851", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52851" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80890", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80890" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026886", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026886" ]
}, },
{ "references": {
"name" : "1026887", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026887" "name": "1026886",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026886"
"name" : "48603", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48603" "name": "48603",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48603"
} },
} {
"name": "80890",
"refsource": "OSVDB",
"url": "http://osvdb.org/80890"
},
{
"name": "52851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52851"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-062-01.pdf"
},
{
"name": "1026887",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026887"
}
]
}
}

140
2012/0xxx/CVE-2012-0427.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0427", "ID": "CVE-2012-0427",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download.novell.com/Download?buildid=tGCXHQR48E4~", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=tGCXHQR48E4~" "lang": "eng",
}, "value": "yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name."
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=604730", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=604730" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.novell.com/security/cve/CVE-2012-0427.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.novell.com/security/cve/CVE-2012-0427.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.novell.com/security/cve/CVE-2012-0427.html",
"refsource": "CONFIRM",
"url": "https://support.novell.com/security/cve/CVE-2012-0427.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=604730",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=604730"
},
{
"name": "http://download.novell.com/Download?buildid=tGCXHQR48E4~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=tGCXHQR48E4~"
}
]
}
}

370
2012/0xxx/CVE-2012-0884.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0884", "ID": "CVE-2012-0884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openssl.org/news/secadv_20120312.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.openssl.org/news/secadv_20120312.txt" "lang": "eng",
}, "value": "The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack."
{ }
"name" : "https://downloads.avaya.com/css/P8/documents/100162507", ]
"refsource" : "CONFIRM", },
"url" : "https://downloads.avaya.com/css/P8/documents/100162507" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2454", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2454" ]
}, },
{ "references": {
"name" : "FEDORA-2012-4665", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html" "name": "FEDORA-2012-4630",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html"
"name" : "FEDORA-2012-4630", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077666.html" "name": "RHSA-2012:0531",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
"name" : "FEDORA-2012-18035", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004564"
"name" : "FEDORA-2012-4659", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html" "name": "FEDORA-2012-18035",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092905.html"
"name" : "HPSBOV02793", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" "name": "https://downloads.avaya.com/css/P8/documents/100162507",
}, "refsource": "CONFIRM",
{ "url": "https://downloads.avaya.com/css/P8/documents/100162507"
"name" : "SSRT100891", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134039053214295&w=2" "name": "RHSA-2012:1308",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1308.html"
"name" : "HPSBMU02776", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" "name": "openSUSE-SU-2012:0547",
}, "refsource": "SUSE",
{ "url": "https://hermes.opensuse.org/messages/14330767"
"name" : "HPSBUX02782", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" "name": "RHSA-2012:1307",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1307.html"
"name" : "SSRT100844", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133728068926468&w=2" "name": "http://www.openssl.org/news/secadv_20120312.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.openssl.org/news/secadv_20120312.txt"
"name" : "SSRT100852", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=133951357207000&w=2" "name": "48916",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48916"
"name" : "RHSA-2012:1306", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1306.html" "name": "RHSA-2012:0488",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
"name" : "RHSA-2012:1307", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1307.html" "name": "DSA-2454",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2454"
"name" : "RHSA-2012:1308", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1308.html" "name": "48895",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48895"
"name" : "RHSA-2012:0488", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0488.html" "name": "48580",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48580"
"name" : "RHSA-2012:0531", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0531.html" "name": "VU#737740",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/737740"
"name" : "RHSA-2012:0426", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0426.html" "name": "RHSA-2012:1306",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1306.html"
"name" : "openSUSE-SU-2012:0547", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/14330767" "name": "FEDORA-2012-4665",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077086.html"
"name" : "VU#737740", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/737740" "name": "HPSBOV02793",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2"
"name" : "48895", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48895" "name": "57353",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57353"
"name" : "48916", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48916" "name": "RHSA-2012:0426",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0426.html"
"name" : "57353", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57353" "name": "HPSBUX02782",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2"
"name" : "48580", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48580" "name": "SSRT100891",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=134039053214295&w=2"
} },
} {
"name": "SSRT100852",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
},
{
"name": "FEDORA-2012-4659",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077221.html"
},
{
"name": "HPSBMU02776",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133951357207000&w=2"
},
{
"name": "SSRT100844",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133728068926468&w=2"
}
]
}
}

240
2012/1xxx/CVE-2012-1176.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1176", "ID": "CVE-2012-1176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120314 CVE request: pyfribidi buffer overflow flaw", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/14/4" "lang": "eng",
}, "value": "Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi before 0.11.0 allows remote attackers to cause a denial of service (application crash) via a 4-byte utf-8 sequence."
{ }
"name" : "[oss-security] 20120314 Re: CVE request: pyfribidi buffer overflow flaw", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/03/14/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189", "description": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot", ]
"refsource" : "MISC", }
"url" : "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=801896", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=801896" "name": "[oss-security] 20120314 Re: CVE request: pyfribidi buffer overflow flaw",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/14/9"
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35055", },
"refsource" : "MISC", {
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35055" "name": "fribidi-utf8-bo(74001)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74001"
"name" : "https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a" "name": "https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a"
"name" : "https://github.com/pediapress/pyfribidi/issues/2%29:", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/pediapress/pyfribidi/issues/2%29:" "name": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot",
}, "refsource": "MISC",
{ "url": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/aacd036037217998/8d095f85f3665bff?lnk=raot"
"name" : "FEDORA-2012-3513", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075293.html" "name": "FEDORA-2012-3537",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076038.html"
"name" : "FEDORA-2012-3537", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076038.html" "name": "[oss-security] 20120314 CVE request: pyfribidi buffer overflow flaw",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/14/4"
"name" : "FEDORA-2012-3549", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076053.html" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189"
"name" : "52451", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52451" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=801896",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=801896"
"name" : "fribidi-utf8-bo(74001)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74001" "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35055",
} "refsource": "MISC",
] "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35055"
} },
} {
"name": "52451",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52451"
},
{
"name": "FEDORA-2012-3513",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075293.html"
},
{
"name": "https://github.com/pediapress/pyfribidi/issues/2%29:",
"refsource": "CONFIRM",
"url": "https://github.com/pediapress/pyfribidi/issues/2%29:"
},
{
"name": "FEDORA-2012-3549",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076053.html"
}
]
}
}

170
2012/1xxx/CVE-2012-1240.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-1240", "ID": "CVE-2012-1240",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg", "description_data": [
"refsource" : "MISC", {
"url" : "https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#90055996", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN90055996/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2012-000032", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000032" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53008", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53008" ]
}, },
{ "references": {
"name" : "48813", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48813" "name": "48813",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48813"
"name" : "dokodemorikunabi2012-unspecified-xss(74893)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74893" "name": "JVN#90055996",
} "refsource": "JVN",
] "url": "http://jvn.jp/en/jp/JVN90055996/index.html"
} },
} {
"name": "https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg",
"refsource": "MISC",
"url": "https://chrome.google.com/webstore/detail/cfmkbngdlheahmooldblflapbpngmmbg"
},
{
"name": "53008",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53008"
},
{
"name": "dokodemorikunabi2012-unspecified-xss(74893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74893"
},
{
"name": "JVNDB-2012-000032",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000032"
}
]
}
}

34
2012/1xxx/CVE-2012-1285.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1285", "ID": "CVE-2012-1285",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/1xxx/CVE-2012-1559.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1559", "ID": "CVE-2012-1559",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2012/1xxx/CVE-2012-1842.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1842", "ID": "CVE-2012-1842",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the Quantum Scalar i500 tape library with firmware before i7.0.3 (604G.GS00100), also distributed as the Dell ML6000 tape library with firmware before A20-00 (590G.GS00100), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY", ]
"refsource" : "MISC", },
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#913483", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/913483" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80239", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80239" ]
}, },
{ "references": {
"name" : "80225", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80225" "name": "48453",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48453"
"name" : "48403", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48403" "name": "VU#913483",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/913483"
"name" : "48453", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48453" "name": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8",
} "refsource": "MISC",
] "url": "http://www.kb.cert.org/vuls/id/MAPG-8NNKN8"
} },
} {
"name": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8NVRPY"
},
{
"name": "80239",
"refsource": "OSVDB",
"url": "http://osvdb.org/80239"
},
{
"name": "48403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48403"
},
{
"name": "80225",
"refsource": "OSVDB",
"url": "http://osvdb.org/80225"
}
]
}
}

140
2012/5xxx/CVE-2012-5207.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-5207", "ID": "CVE-2012-5207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1661."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBGN02854", "description_data": [
"refsource" : "HP", {
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" "lang": "eng",
}, "value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown vectors, aka ZDI-CAN-1661."
{ }
"name" : "SSRT101021", ]
"refsource" : "HP", },
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100881", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136268852804156&w=2" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "SSRT100881",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136268852804156&w=2"
},
{
"name": "SSRT101021",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276"
},
{
"name": "HPSBGN02854",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03689276"
}
]
}
}

220
2012/5xxx/CVE-2012-5532.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5532", "ID": "CVE-2012-5532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/27/12" "lang": "eng",
}, "value": "The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as distributed in the Linux kernel before 3.8-rc1, allows local users to cause a denial of service (daemon exit) via a crafted application that sends a Netlink message. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2669."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/testing/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/testing/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2" ]
}, },
{ "references": {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=761200", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=761200" "name": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/patch-3.8-rc1.bz2"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=877572", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=877572" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95a69adab9acfc3981c504737a2b6578e4d846ef"
"name" : "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef" "name": "MDVSA-2013:176",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"name" : "MDVSA-2013:176", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176" "name": "https://bugzilla.novell.com/show_bug.cgi?id=761200",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.novell.com/show_bug.cgi?id=761200"
"name" : "RHSA-2013:0807", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0807.html" "name": "[oss-security] 20121127 Re: CVE-2012-5532 hypervkvpd DoS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/11/27/12"
"name" : "56710", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56710" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=877572",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=877572"
"name" : "kernel-hypervkvpd-dos(80337)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80337" "name": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/",
} "refsource": "CONFIRM",
] "url": "http://www.kernel.org/pub/linux/kernel/v3.x/testing/"
} },
} {
"name": "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/95a69adab9acfc3981c504737a2b6578e4d846ef"
},
{
"name": "RHSA-2013:0807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0807.html"
},
{
"name": "kernel-hypervkvpd-dos(80337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80337"
},
{
"name": "56710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56710"
}
]
}
}

140
2012/5xxx/CVE-2012-5936.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-5936", "ID": "CVE-2012-5936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21627985", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21627985" "lang": "eng",
}, "value": "IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sterling-b2b-cookie-disclosure(80401)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80401" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "sterling-b2b-cookie-disclosure(80401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80401"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21627985",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21627985"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640830"
}
]
}
}

138
2017/1002xxx/CVE-2017-1002014.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2017-04-01", "DATE_ASSIGNED": "2017-04-01",
"ID" : "CVE-2017-1002014", "ID": "CVE-2017-1002014",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z" "UPDATED": "2017-08-10T14:41Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "image-gallery-with-slideshow", "product_name": "image-gallery-with-slideshow",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "1.5.2" "version_value": "1.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Anblik" "vendor_name": "Anblik"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=189", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=189" "lang": "eng",
}, "value": "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter."
{ }
"name" : "https://wordpress.org/plugins/image-gallery-with-slideshow/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/image-gallery-with-slideshow/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/image-gallery-with-slideshow/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/image-gallery-with-slideshow/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=189",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=189"
}
]
}
}

258
2017/3xxx/CVE-2017-3142.json
View File

@ -1,131 +1,131 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-officer@isc.org", "ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-29T00:00:00.000Z", "DATE_PUBLIC": "2017-06-29T00:00:00.000Z",
"ID" : "CVE-2017-3142", "ID": "CVE-2017-3142",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "An error in TSIG authentication can permit unauthorized zone transfers" "TITLE": "An error in TSIG authentication can permit unauthorized zone transfers"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIND 9", "product_name": "BIND 9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2" "version_value": "9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ISC" "vendor_name": "ISC"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "ISC would like to thank Clément Berthaux from Synacktiv for reporting this issue.\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "An unauthorized AXFR (full zone transfer) permits an attacker to view the entire contents of a zone. Protection of zone contents is often a commercial or business requirement. \nIf accepted, a NOTIFY sets the zone refresh interval to 'now'. If there is not already a refresh cycle in progress then named will initiate one by asking for the SOA RR from its list of masters. If there is already a refresh cycle in progress, then named will queue the new refresh request. If there is already a queued refresh request, the new NOTIFY will be discarded. Bogus notifications can't be used to force a zone transfer from a malicious server, but could trigger a high rate of zone refresh cycles."
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "ISC would like to thank Cl\u00e9ment Berthaux from Synacktiv for reporting this issue.\n"
"name" : "https://kb.isc.org/docs/aa-01504", }
"refsource" : "CONFIRM", ],
"url" : "https://kb.isc.org/docs/aa-01504" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" {
}, "lang": "eng",
{ "value": "An attacker who is able to send and receive messages to an authoritative DNS server and who has knowledge of a valid TSIG key name may be able to circumvent TSIG authentication of AXFR requests via a carefully constructed request packet. A server that relies solely on TSIG keys for protection with no other ACL protection could be manipulated into: providing an AXFR of a zone to an unauthorized recipient or accepting bogus NOTIFY packets. Affects BIND 9.4.0->9.8.8, 9.9.0->9.9.10-P1, 9.10.0->9.10.5-P1, 9.11.0->9.11.1-P1, 9.9.3-S1->9.9.10-S2, 9.10.5-S1->9.10.5-S2."
"name" : "DSA-3904", }
"refsource" : "DEBIAN", ]
"url" : "https://www.debian.org/security/2017/dsa-3904" },
}, "impact": {
{ "cvss": {
"name" : "RHSA-2017:1679", "attackComplexity": "LOW",
"refsource" : "REDHAT", "attackVector": "NETWORK",
"url" : "https://access.redhat.com/errata/RHSA-2017:1679" "availabilityImpact": "NONE",
}, "baseScore": 5.3,
{ "baseSeverity": "MEDIUM",
"name" : "RHSA-2017:1680", "confidentialityImpact": "LOW",
"refsource" : "REDHAT", "integrityImpact": "NONE",
"url" : "https://access.redhat.com/errata/RHSA-2017:1680" "privilegesRequired": "NONE",
}, "scope": "UNCHANGED",
{ "userInteraction": "NONE",
"name" : "99339", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"refsource" : "BID", "version": "3.0"
"url" : "http://www.securityfocus.com/bid/99339" }
}, },
{ "problemtype": {
"name" : "1038809", "problemtype_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038809" "description": [
} {
] "lang": "eng",
}, "value": "An unauthorized AXFR (full zone transfer) permits an attacker to view the entire contents of a zone. Protection of zone contents is often a commercial or business requirement. \nIf accepted, a NOTIFY sets the zone refresh interval to 'now'. If there is not already a refresh cycle in progress then named will initiate one by asking for the SOA RR from its list of masters. If there is already a refresh cycle in progress, then named will queue the new refresh request. If there is already a queued refresh request, the new NOTIFY will be discarded. Bogus notifications can't be used to force a zone transfer from a malicious server, but could trigger a high rate of zone refresh cycles."
"solution" : [ }
{ ]
"lang" : "eng", }
"value" : " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3" ]
} },
], "references": {
"source" : { "reference_data": [
"discovery" : "UNKNOWN" {
}, "name": "RHSA-2017:1680",
"work_around" : [ "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:1680"
"lang" : "eng", },
"value" : "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html. (Note that this technique may not be effective against bogus NOTIFY packets if an attacker is able to reach the target DNS server whilst using a spoofed sending address)." {
} "name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us",
] "refsource": "CONFIRM",
} "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"
},
{
"name": "RHSA-2017:1679",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1679"
},
{
"name": "99339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99339"
},
{
"name": "1038809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038809"
},
{
"name": "DSA-3904",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3904"
},
{
"name": "https://kb.isc.org/docs/aa-01504",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01504"
}
]
},
"solution": [
{
"lang": "eng",
"value": " Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P2\n BIND 9 version 9.10.5-P2\n BIND 9 version 9.11.1-P2\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S3\n BIND 9 version 9.10.5-S3"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "The effects of this vulnerability can be mitigated by using Access Control Lists (ACLs) that require both address range validation and use of TSIG authentication in conjunction. For information on how to configure this type of compound authentication control, please see: https://kb.isc.org/article/AA-00723/0/Using-Access-Control-Lists-ACLs-with-both-addresses-and-keys.html. (Note that this technique may not be effective against bogus NOTIFY packets if an attacker is able to reach the target DNS server whilst using a spoofed sending address)."
}
]
}

306
2017/3xxx/CVE-2017-3167.json
View File

@ -1,155 +1,155 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-3167", "ID": "CVE-2017-3167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache HTTP Server", "product_name": "Apache HTTP Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.2.0 to 2.2.32" "version_value": "2.2.0 to 2.2.32"
}, },
{ {
"version_value" : "2.4.0 to 2.4.25" "version_value": "2.4.0 to 2.4.25"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass (CWE-287)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E" "lang": "eng",
}, "value": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed."
{ }
"name" : "https://www.nomachine.com/SU08O00185", ]
"refsource" : "CONFIRM", },
"url" : "https://www.nomachine.com/SU08O00185" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
}, "value": "Authentication Bypass (CWE-287)"
{ }
"name" : "https://support.apple.com/HT208221", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208221" ]
}, },
{ "references": {
"name" : "https://security.netapp.com/advisory/ntap-20180601-0002/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180601-0002/" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us", },
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us" "name": "RHSA-2017:2479",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2479"
"name" : "DSA-3896", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3896" "name": "RHSA-2017:2483",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2483"
"name" : "GLSA-201710-32", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-32" "name": "https://security.netapp.com/advisory/ntap-20180601-0002/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20180601-0002/"
"name" : "RHSA-2017:3193", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3193" "name": "https://www.nomachine.com/SU08O00185",
}, "refsource": "CONFIRM",
{ "url": "https://www.nomachine.com/SU08O00185"
"name" : "RHSA-2017:3194", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3194" "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
}, "refsource": "CONFIRM",
{ "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"
"name" : "RHSA-2017:3195", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3195" "name": "RHSA-2017:3475",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3475"
"name" : "RHSA-2017:3475", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3475" "name": "99135",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99135"
"name" : "RHSA-2017:3476", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3476" "name": "RHSA-2017:3195",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3195"
"name" : "RHSA-2017:3477", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3477" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "RHSA-2017:2478", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2478" "name": "RHSA-2017:3476",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3476"
"name" : "RHSA-2017:2479", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2479" "name": "[dev] 20170619 CVE-2017-3167: ap_get_basic_auth_pw authentication bypass",
}, "refsource": "MLIST",
{ "url": "https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4@%3Cdev.httpd.apache.org%3E"
"name" : "RHSA-2017:2483", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2483" "name": "RHSA-2017:3477",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3477"
"name" : "99135", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99135" "name": "DSA-3896",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3896"
"name" : "1038711", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038711" "name": "RHSA-2017:3194",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:3194"
} },
} {
"name": "RHSA-2017:3193",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3193"
},
{
"name": "1038711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038711"
},
{
"name": "GLSA-201710-32",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-32"
},
{
"name": "RHSA-2017:2478",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2478"
}
]
}
}

166
2017/3xxx/CVE-2017-3348.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3348", "ID": "CVE-2017-3348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Marketing", "product_name": "Marketing",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95500", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95500" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95500"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

166
2017/3xxx/CVE-2017-3593.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3593", "ID": "CVE-2017-3593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebCenter Sites", "product_name": "WebCenter Sites",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.1.1.8.0" "version_value": "11.1.1.8.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.0.0" "version_value": "12.2.1.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.1.0" "version_value": "12.2.1.1.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.2.0" "version_value": "12.2.1.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N)."
{ }
"name" : "97879", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97879" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038291", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038291" "lang": "eng",
} "value": "Easily \"exploitable\" vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038291"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "97879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97879"
}
]
}
}

130
2017/6xxx/CVE-2017-6617.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6617", "ID": "CVE-2017-6617",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Integrated Management Controller", "product_name": "Cisco Integrated Management Controller",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Integrated Management Controller" "version_value": "Cisco Integrated Management Controller"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2" "lang": "eng",
}, "value": "A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The vulnerability exists because the affected software does not assign a new session identifier to a user session when a user authenticates to the web-based GUI. An attacker could exploit this vulnerability by using a hijacked session identifier to connect to the software through the web-based GUI. A successful exploit could allow the attacker to hijack an authenticated user's browser session on the affected system. Cisco Bug IDs: CSCvd14583."
{ }
"name" : "97929", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97929" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97929"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-cimc2"
}
]
}
}

150
2017/7xxx/CVE-2017-7003.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7003", "ID": "CVE-2017-7003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207797", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207797" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the \"CoreText\" component. It allows remote attackers to cause a denial of service (application crash) via a crafted file."
{ }
"name" : "https://support.apple.com/HT207798", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207800", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207800" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207801", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207801" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
},
{
"name": "https://support.apple.com/HT207800",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207800"
},
{
"name": "https://support.apple.com/HT207798",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207798"
},
{
"name": "https://support.apple.com/HT207801",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207801"
}
]
}
}

190
2017/7xxx/CVE-2017-7034.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7034", "ID": "CVE-2017-7034",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207921", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207921" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207923", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207923" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207924", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207924" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207927", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207927" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207928", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207928" "name": "99885",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99885"
"name" : "GLSA-201710-14", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-14" "name": "https://support.apple.com/HT207927",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207927"
"name" : "99885", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99885" "name": "https://support.apple.com/HT207924",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207924"
"name" : "1038950", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038950" "name": "https://support.apple.com/HT207928",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207928"
} },
} {
"name": "https://support.apple.com/HT207921",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207921"
},
{
"name": "https://support.apple.com/HT207923",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207923"
},
{
"name": "GLSA-201710-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-14"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
}
]
}
}

150
2017/7xxx/CVE-2017-7478.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7478", "ID": "CVE-2017-7478",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "openvpn", "product_name": "openvpn",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.3.12 and newer" "version_value": "2.3.12 and newer"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "OpenVPN Technologies, Inc" "vendor_name": "OpenVPN Technologies, Inc"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-617"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41993", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41993/" "lang": "eng",
}, "value": "OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated Denial of Service of server via received large control packet. Note that this issue is fixed in 2.3.15 and 2.4.2."
{ }
"name" : "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits", ]
"refsource" : "CONFIRM", },
"url" : "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98444", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98444" "lang": "eng",
}, "value": "CWE-617"
{ }
"name" : "1038473", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038473" ]
} },
] "references": {
} "reference_data": [
} {
"name": "41993",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41993/"
},
{
"name": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits",
"refsource": "CONFIRM",
"url": "https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits"
},
{
"name": "1038473",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038473"
},
{
"name": "98444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98444"
}
]
}
}

152
2017/7xxx/CVE-2017-7806.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7806", "ID": "CVE-2017-7806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "55" "version_value": "55"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free in layer manager with SVG"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378113", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1378113" "lang": "eng",
}, "value": "A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 55."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-18/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-18/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100389", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100389" "lang": "eng",
}, "value": "Use-after-free in layer manager with SVG"
{ }
"name" : "1039124", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039124" ]
} },
] "references": {
} "reference_data": [
} {
"name": "100389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100389"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-18/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-18/"
},
{
"name": "1039124",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039124"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378113",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1378113"
}
]
}
}

140
2017/7xxx/CVE-2017-7866.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7866", "ID": "CVE-2017-7866",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444" "lang": "eng",
}, "value": "FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c."
{ }
"name" : "https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264", ]
"refsource" : "MISC", },
"url" : "https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "97664", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97664" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "97664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97664"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=444"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264"
}
]
}
}

130
2017/8xxx/CVE-2017-8058.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8058", "ID": "CVE-2017-8058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f" "lang": "eng",
}, "value": "Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call."
{ }
"name" : "98318", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98318" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98318"
},
{
"name": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
]
}
}

120
2017/8xxx/CVE-2017-8381.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8381", "ID": "CVE-2017-8381",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mkv file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8381"
}
]
}
}

130
2017/8xxx/CVE-2017-8523.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8523", "ID": "CVE-2017-8523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016." "version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523" "lang": "eng",
}, "value": "Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka \"Microsoft Edge Security Feature Bypass Vulnerability\". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555."
{ }
"name" : "98928", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98928" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8523"
},
{
"name": "98928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98928"
}
]
}
}

142
2017/8xxx/CVE-2017-8580.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8580", "ID": "CVE-2017-8580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016", "product_name": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Win32K" "version_value": "Win32K"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8580", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8580" "lang": "eng",
}, "value": "Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability\". This CVE ID is unique from CVE-2017-8577, CVE-2017-8578, CVE-2017-8581, and CVE-2017-8467."
{ }
"name" : "99421", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99421" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038853", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038853" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99421"
},
{
"name": "1038853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038853"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8580",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8580"
}
]
}
}

140
2017/8xxx/CVE-2017-8686.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8686", "ID": "CVE-2017-8686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka \"Windows DHCP Server Remote Code Execution Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686" "lang": "eng",
}, "value": "The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive, due to a memory corruption vulnerability in the Windows Server DHCP service, aka \"Windows DHCP Server Remote Code Execution Vulnerability\"."
{ }
"name" : "100730", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100730" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039337", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039337" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8686"
},
{
"name": "100730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100730"
},
{
"name": "1039337",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039337"
}
]
}
}

140
2017/8xxx/CVE-2017-8820.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-8820", "ID": "CVE-2017-8820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9", "product_name": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9" "version_value": "Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516" "lang": "eng",
}, "value": "In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, remote attackers can cause a denial of service (NULL pointer dereference and application crash) against directory authorities via a malformed descriptor, aka TROVE-2017-010."
{ }
"name" : "https://bugs.torproject.org/24245", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.torproject.org/24245" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4054", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4054" "lang": "eng",
} "value": "denial of service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516",
"refsource": "CONFIRM",
"url": "https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516"
},
{
"name": "DSA-4054",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4054"
},
{
"name": "https://bugs.torproject.org/24245",
"refsource": "CONFIRM",
"url": "https://bugs.torproject.org/24245"
}
]
}
}

140
2018/10xxx/CVE-2018-10068.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10068", "ID": "CVE-2018-10068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jDownloads extension before 3.2.59 for Joomla! has XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44471", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44471/" "lang": "eng",
}, "value": "The jDownloads extension before 3.2.59 for Joomla! has XSS."
{ }
"name" : "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html", ]
"refsource" : "MISC", },
"url" : "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting", "description": [
"refsource" : "MISC", {
"url" : "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html",
"refsource": "MISC",
"url": "http://www.jdownloads.com/index.php/news/264-jdownloads-3-2-59-published.html"
},
{
"name": "44471",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44471/"
},
{
"name": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting",
"refsource": "MISC",
"url": "https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting"
}
]
}
}

120
2018/10xxx/CVE-2018-10136.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10136", "ID": "CVE-2018-10136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iScripts UberforX 2.2 has Stored XSS in the \"manage_settings\" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pastebin.com/TCEWRZEd", "description_data": [
"refsource" : "MISC", {
"url" : "https://pastebin.com/TCEWRZEd" "lang": "eng",
} "value": "iScripts UberforX 2.2 has Stored XSS in the \"manage_settings\" section of the Admin Panel via a value field to the /cms?section=manage_settings&action=edit URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/TCEWRZEd",
"refsource": "MISC",
"url": "https://pastebin.com/TCEWRZEd"
}
]
}
}

34
2018/10xxx/CVE-2018-10440.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10440", "ID": "CVE-2018-10440",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2018/10xxx/CVE-2018-10471.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10471", "ID": "CVE-2018-10471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html" "lang": "eng",
}, "value": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (out-of-bounds zero write and hypervisor crash) via unexpected INT 80 processing, because of an incorrect fix for CVE-2017-5754."
{ }
"name" : "https://xenbits.xen.org/xsa/advisory-259.html", ]
"refsource" : "CONFIRM", },
"url" : "https://xenbits.xen.org/xsa/advisory-259.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4201", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4201" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201810-06", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201810-06" ]
}, },
{ "references": {
"name" : "104003", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104003" "name": "104003",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/104003"
} },
} {
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-259.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-259.html"
},
{
"name": "DSA-4201",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"
}
]
}
}

120
2018/10xxx/CVE-2018-10676.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10676", "ID": "CVE-2018-10676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.html" "lang": "eng",
} "value": "CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices allow remote attackers to download a file and obtain sensitive credential information via a direct request for the download.rsp URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.cl/2018/05/0day-dvr-multivendor.html"
}
]
}
}

140
2018/10xxx/CVE-2018-10809.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10809", "ID": "CVE-2018-10809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44600", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44600/" "lang": "eng",
}, "value": "In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-8873."
{ }
"name" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NetFirewall.sys-0x00222040", ]
"refsource" : "MISC", },
"url" : "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NetFirewall.sys-0x00222040" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/147538/2345-Security-Guard-3.7-Denial-Of-Service.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/147538/2345-Security-Guard-3.7-Denial-Of-Service.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "44600",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44600/"
},
{
"name": "http://packetstormsecurity.com/files/147538/2345-Security-Guard-3.7-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147538/2345-Security-Guard-3.7-Denial-Of-Service.html"
},
{
"name": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NetFirewall.sys-0x00222040",
"refsource": "MISC",
"url": "https://github.com/anhkgg/poc/tree/master/2345%20security%20guard/2345NetFirewall.sys-0x00222040"
}
]
}
}

130
2018/13xxx/CVE-2018-13229.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13229", "ID": "CVE-2018-13229",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md" "lang": "eng",
}, "value": "The sell function of a smart contract implementation for RiptideCoin (RIPT), an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RiptideCoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
}
]
}
}

34
2018/13xxx/CVE-2018-13810.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13810", "ID": "CVE-2018-13810",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2018/17xxx/CVE-2018-17442.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17442", "ID": "CVE-2018-17442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45533", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45533/" "lang": "eng",
}, "value": "An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code."
{ }
"name" : "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2018/Oct/11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092", ]
"refsource" : "CONFIRM", }
"url" : "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092" ]
} },
] "references": {
} "reference_data": [
} {
"name": "45533",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45533/"
},
{
"name": "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.secureauth.com/labs/advisories/d-link-central-wifimanager-software-controller-multiple-vulnerabilities"
},
{
"name": "20181004 [CORE-2010-0010] - D-Link Central WiFiManager Software Controller Multiple",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Oct/11"
},
{
"name": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092",
"refsource": "CONFIRM",
"url": "https://securityadvisories.dlink.com/announcement/publication.aspx?name=SAP10092"
}
]
}
}

34
2018/17xxx/CVE-2018-17723.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17723", "ID": "CVE-2018-17723",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/17xxx/CVE-2018-17909.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-17T00:00:00", "DATE_PUBLIC": "2018-10-17T00:00:00",
"ID" : "CVE-2018-17909", "ID": "CVE-2018-17909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CX-Supervisor", "product_name": "CX-Supervisor",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions 3.4.1.0 and prior." "version_value": "Versions 3.4.1.0 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Omron" "vendor_name": "Omron"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "USE AFTER FREE CWE-416"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01" "lang": "eng",
}, "value": "When processing project files in Omron CX-Supervisor Versions 3.4.1.0 and prior, the application fails to check if it is referencing freed memory, which may allow an attacker to execute code under the context of the application."
{ }
"name" : "105691", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105691" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "USE AFTER FREE CWE-416"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-290-01"
},
{
"name": "105691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105691"
}
]
}
}

34
2018/9xxx/CVE-2018-9381.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9381", "ID": "CVE-2018-9381",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/9xxx/CVE-2018-9540.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9540", "ID": "CVE-2018-9540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9" "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
}, "value": "In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417"
{ }
"name" : "105849", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105849" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105849"
},
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
}

34
2018/9xxx/CVE-2018-9778.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9778", "ID": "CVE-2018-9778",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9859.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9859", "ID": "CVE-2018-9859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cve.naver.com/detail/cve-2018-9859.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cve.naver.com/detail/cve-2018-9859.html" "lang": "eng",
} "value": "The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2018-9859.html",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2018-9859.html"
}
]
}
}