admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:40:30 +00:00
parent c4e4684dfd
commit 5c4ada1756
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
63 changed files with 4565 additions and 4565 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0114.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010116 Vulnerabilities in OmniHTTPd default installation",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html"
},
{
"name" : "2211",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010116 Vulnerabilities in OmniHTTPd default installation",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html"
},
{
"name": "2211",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2211"
}
]
}
}

130
2001/0xxx/CVE-2001-0305.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010216 Thinking Arts Store.cgi Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0324.html"
},
{
"name" : "2385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010216 Thinking Arts Store.cgi Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0324.html"
},
{
"name": "2385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2385"
}
]
}
}

150
2001/0xxx/CVE-2001-0373.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010323 NT crash dump files insecure by default",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html"
},
{
"name" : "2501",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2501"
},
{
"name" : "win-userdmp-insecure-permission(6275)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6275"
},
{
"name" : "5683",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010323 NT crash dump files insecure by default",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html"
},
{
"name": "2501",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2501"
},
{
"name": "5683",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5683"
},
{
"name": "win-userdmp-insecure-permission(6275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6275"
}
]
}
}

140
2001/0xxx/CVE-2001-0551.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0551",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0551",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#860296",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/860296"
},
{
"name" : "HPSBUX0105-151",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/hp/2001-q2/0044.html"
},
{
"name" : "oval:org.mitre.oval:def:5958",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:5958",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5958"
},
{
"name": "VU#860296",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/860296"
},
{
"name": "HPSBUX0105-151",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2001-q2/0044.html"
}
]
}
}

160
2001/0xxx/CVE-2001-0570.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010503 minicom exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/181922"
},
{
"name" : "RHSA-2001:067",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-067.html"
},
{
"name" : "CSSA-2001-016.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-016.0.txt"
},
{
"name" : "20010517 Immunix OS Security update for minicom",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=99014300904714&w=2"
},
{
"name" : "minicom-xmodem-format-string(6498)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010503 minicom exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/181922"
},
{
"name": "RHSA-2001:067",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-067.html"
},
{
"name": "minicom-xmodem-format-string(6498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6498"
},
{
"name": "20010517 Immunix OS Security update for minicom",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99014300904714&w=2"
},
{
"name": "CSSA-2001-016.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-016.0.txt"
}
]
}
}

200
2001/0xxx/CVE-2001-0873.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010908 Multiple vendor 'Taylor UUCP' problems.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/212892"
},
{
"name" : "20011130 Redhat 7.0 local root (via uucp) (attempt 2)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100715446131820"
},
{
"name" : "CSSA-2001-033.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt"
},
{
"name" : "CLA-2001:425",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425"
},
{
"name" : "DSA-079",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2001/dsa-079"
},
{
"name" : "SuSE-SA:2001:38",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html"
},
{
"name" : "3312",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3312"
},
{
"name" : "uucp-argument-gain-privileges(7099)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7099"
},
{
"name" : "RHSA-2001:165",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2001-165.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010908 Multiple vendor 'Taylor UUCP' problems.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/212892"
},
{
"name": "CSSA-2001-033.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt"
},
{
"name": "uucp-argument-gain-privileges(7099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7099"
},
{
"name": "CLA-2001:425",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425"
},
{
"name": "3312",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3312"
},
{
"name": "SuSE-SA:2001:38",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html"
},
{
"name": "RHSA-2001:165",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2001-165.html"
},
{
"name": "20011130 Redhat 7.0 local root (via uucp) (attempt 2)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100715446131820"
},
{
"name": "DSA-079",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-079"
}
]
}
}

170
2001/1xxx/CVE-2001-1315.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html"
},
{
"name" : "VU#657547",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/657547"
},
{
"name" : "L-116",
"refsource" : "CIAC",
"url" : "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name" : "CA-2001-18",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2001-18.html"
},
{
"name" : "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM"
},
{
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
"refsource" : "MISC",
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Critical Path (1) InJoin Directory Server or (2) LiveContent Directory allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed BER encodings, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM"
},
{
"name": "CA-2001-18",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-18.html"
},
{
"name": "20010731 RE: CERT Advisory CA-2001-18, Critical Path directory products ar e vulnerable",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
},
{
"name": "L-116",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
},
{
"name": "VU#657547",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/657547"
}
]
}
}

210
2001/1xxx/CVE-2001-1398.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010405 Trustix Security Advisory #2001-0003 - kernel",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=98653252326445&w=2"
},
{
"name" : "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=98684172109474&w=2"
},
{
"name" : "http://www.linux.org.uk/VERSION/relnotes.2219.html",
"refsource" : "CONFIRM",
"url" : "http://www.linux.org.uk/VERSION/relnotes.2219.html"
},
{
"name" : "IMNX-2001-70-010-01",
"refsource" : "IMMUNIX",
"url" : "http://marc.info/?l=bugtraq&m=98575345009963&w=2"
},
{
"name" : "CSSA-2001-012.0",
"refsource" : "CALDERA",
"url" : "http://marc.info/?l=bugtraq&m=98637996127004&w=2"
},
{
"name" : "MDKSA-2001:037",
"refsource" : "MANDRAKE",
"url" : "http://marc.info/?l=bugtraq&m=98759029811377&w=2"
},
{
"name" : "DSA-047",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2001/dsa-047"
},
{
"name" : "SuSE-SA:2001:018",
"refsource" : "SUSE",
"url" : "http://marc.info/?l=bugtraq&m=99013830726309&w=2"
},
{
"name" : "CLA-2001:394",
"refsource" : "CONECTIVA",
"url" : "http://marc.info/?l=bugtraq&m=98775114228203&w=2"
},
{
"name" : "RHSA-2001:047",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-047.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Masquerading code for Linux kernel before 2.2.19 does not fully check packet lengths in certain cases, which may lead to a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:047",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-047.html"
},
{
"name": "CSSA-2001-012.0",
"refsource": "CALDERA",
"url": "http://marc.info/?l=bugtraq&m=98637996127004&w=2"
},
{
"name": "http://www.linux.org.uk/VERSION/relnotes.2219.html",
"refsource": "CONFIRM",
"url": "http://www.linux.org.uk/VERSION/relnotes.2219.html"
},
{
"name": "DSA-047",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2001/dsa-047"
},
{
"name": "MDKSA-2001:037",
"refsource": "MANDRAKE",
"url": "http://marc.info/?l=bugtraq&m=98759029811377&w=2"
},
{
"name": "20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98684172109474&w=2"
},
{
"name": "IMNX-2001-70-010-01",
"refsource": "IMMUNIX",
"url": "http://marc.info/?l=bugtraq&m=98575345009963&w=2"
},
{
"name": "CLA-2001:394",
"refsource": "CONECTIVA",
"url": "http://marc.info/?l=bugtraq&m=98775114228203&w=2"
},
{
"name": "20010405 Trustix Security Advisory #2001-0003 - kernel",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98653252326445&w=2"
},
{
"name": "SuSE-SA:2001:018",
"refsource": "SUSE",
"url": "http://marc.info/?l=bugtraq&m=99013830726309&w=2"
}
]
}
}

190
2006/2xxx/CVE-2006-2021.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060421 [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/431655/100/0/threaded"
},
{
"name" : "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1",
"refsource" : "MISC",
"url" : "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1"
},
{
"name" : "17641",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17641"
},
{
"name" : "ADV-2006-1457",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1457"
},
{
"name" : "24806",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/24806"
},
{
"name" : "19744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19744"
},
{
"name" : "750",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/750"
},
{
"name" : "asterisk-audio-directory-traversal(25996)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. NOTE: this issue can also be used to determine existence of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060421 [SecuriWeb 2006.1] directory traversal in Asterisk@Home and ARI",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431655/100/0/threaded"
},
{
"name": "ADV-2006-1457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1457"
},
{
"name": "19744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19744"
},
{
"name": "asterisk-audio-directory-traversal(25996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25996"
},
{
"name": "750",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/750"
},
{
"name": "17641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17641"
},
{
"name": "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1",
"refsource": "MISC",
"url": "http://www.securiweb.net/wiki/Ressources/AvisDeSecurite/2006.1"
},
{
"name": "24806",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24806"
}
]
}
}

200
2006/2xxx/CVE-2006-2062.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version \"Full Version\", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html"
},
{
"name" : "25023",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25023"
},
{
"name" : "25024",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25024"
},
{
"name" : "25025",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25025"
},
{
"name" : "25026",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25026"
},
{
"name" : "25027",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25027"
},
{
"name" : "25028",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25028"
},
{
"name" : "25029",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25029"
},
{
"name" : "19867",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19867"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version \"Full Version\", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25028",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25028"
},
{
"name": "25027",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25027"
},
{
"name": "http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html"
},
{
"name": "25025",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25025"
},
{
"name": "19867",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19867"
},
{
"name": "25029",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25029"
},
{
"name": "25023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25023"
},
{
"name": "25026",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25026"
},
{
"name": "25024",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25024"
}
]
}
}

300
2006/2xxx/CVE-2006-2195.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-2195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt",
"refsource" : "MISC",
"url" : "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name" : "http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146"
},
{
"name" : "http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name" : "DSA-1098",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1098"
},
{
"name" : "DSA-1099",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1099"
},
{
"name" : "GLSA-200606-28",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name" : "SUSE-SR:2006:016",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name" : "18436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18436"
},
{
"name" : "ADV-2006-2356",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name" : "26513",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26513"
},
{
"name" : "26514",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26514"
},
{
"name" : "1016310",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016310"
},
{
"name" : "20672",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20672"
},
{
"name" : "20750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20750"
},
{
"name" : "20849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20849"
},
{
"name" : "20661",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20661"
},
{
"name" : "20960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20960"
},
{
"name" : "horde-test-problem-xss(27168)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146"
},
{
"name": "horde-test-problem-xss(27168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27168"
},
{
"name": "20750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20750"
},
{
"name": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt",
"refsource": "MISC",
"url": "http://overlays.gentoo.org/dev/chtekk/browser/horde/www-apps/horde/files/horde-3.1.1-xss.diff?rev=4&format=txt"
},
{
"name": "http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php?r1=2.25&r2=2.26&f=horde%2Ftemplates%2Fproblem%2Fproblem.inc"
},
{
"name": "1016310",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016310"
},
{
"name": "DSA-1098",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1098"
},
{
"name": "20672",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20672"
},
{
"name": "DSA-1099",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1099"
},
{
"name": "20849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20849"
},
{
"name": "26514",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26514"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=136830",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=136830"
},
{
"name": "20661",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20661"
},
{
"name": "26513",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26513"
},
{
"name": "SUSE-SR:2006:016",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_16_sr.html"
},
{
"name": "ADV-2006-2356",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2356"
},
{
"name": "GLSA-200606-28",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-28.xml"
},
{
"name": "20960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20960"
},
{
"name": "18436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18436"
}
]
}
}

170
2006/2xxx/CVE-2006-2240.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en"
},
{
"name" : "VU#955777",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/955777"
},
{
"name" : "17791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17791"
},
{
"name" : "19894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19894"
},
{
"name" : "dns-improper-request-handling(26081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dns-improper-request-handling(26081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26081"
},
{
"name": "VU#955777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/955777"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20060425-00312.pdf?lang=en"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20060425-00311.html?lang=en"
},
{
"name": "19894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19894"
},
{
"name": "17791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17791"
}
]
}
}

160
2006/2xxx/CVE-2006-2794.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060528 Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435287/100/0/threaded"
},
{
"name" : "http://www.nukedx.com/?viewdoc=39",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=39"
},
{
"name" : "20355",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20355"
},
{
"name" : "1021",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1021"
},
{
"name" : "aspsitem-hesabim-information-disclosure(26859)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20355"
},
{
"name": "aspsitem-hesabim-information-disclosure(26859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26859"
},
{
"name": "http://www.nukedx.com/?viewdoc=39",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=39"
},
{
"name": "20060528 Advisory: ASPSitem <= 2.0 Multiple Vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435287/100/0/threaded"
},
{
"name": "1021",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1021"
}
]
}
}

210
2008/5xxx/CVE-2008-5317.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain \"number of entries\" value, which is interpreted improperly, leading to an allocation of insufficient memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081128 CVE request: lcms (old issues)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name" : "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17",
"refsource" : "CONFIRM",
"url" : "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17"
},
{
"name" : "DSA-1684",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1684"
},
{
"name" : "RHSA-2009:0011",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name" : "USN-693-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/693-1/"
},
{
"name" : "32708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32708"
},
{
"name" : "oval:org.mitre.oval:def:10685",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10685"
},
{
"name" : "33066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33066"
},
{
"name" : "33219",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33219"
},
{
"name" : "lcms-cmsallocgamma-bo(47120)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain \"number of entries\" value, which is interpreted improperly, leading to an allocation of insufficient memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33219",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33219"
},
{
"name": "32708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32708"
},
{
"name": "33066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33066"
},
{
"name": "oval:org.mitre.oval:def:10685",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10685"
},
{
"name": "DSA-1684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1684"
},
{
"name": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17",
"refsource": "CONFIRM",
"url": "http://lcms.cvs.sourceforge.net/viewvc/lcms/lcms/src/cmsgamma.c?view=diff&r1=1.16&r2=1.17"
},
{
"name": "[oss-security] 20081128 CVE request: lcms (old issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/3"
},
{
"name": "lcms-cmsallocgamma-bo(47120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47120"
},
{
"name": "RHSA-2009:0011",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0011.html"
},
{
"name": "USN-693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/693-1/"
}
]
}
}

180
2008/5xxx/CVE-2008-5336.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081124 WebStudio CMS 'pageid' Blind SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498597/100/0/threaded"
},
{
"name" : "7216",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7216"
},
{
"name" : "7236",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7236"
},
{
"name" : "32449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32449"
},
{
"name" : "ADV-2008-3273",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3273"
},
{
"name" : "4690",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4690"
},
{
"name" : "webstudiocms-index-sql-injection(46818)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in WebStudio CMS allows remote attackers to execute arbitrary SQL commands via the pageid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3273",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3273"
},
{
"name": "7236",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7236"
},
{
"name": "4690",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4690"
},
{
"name": "32449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32449"
},
{
"name": "20081124 WebStudio CMS 'pageid' Blind SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498597/100/0/threaded"
},
{
"name": "webstudiocms-index-sql-injection(46818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46818"
},
{
"name": "7216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7216"
}
]
}
}

230
2008/5xxx/CVE-2008-5714.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
},
{
"name" : "[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource" : "MLIST",
"url" : "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
},
{
"name" : "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966",
"refsource" : "CONFIRM",
"url" : "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966"
},
{
"name" : "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966",
"refsource" : "CONFIRM",
"url" : "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966"
},
{
"name" : "SUSE-SR:2009:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name" : "SUSE-SR:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name" : "USN-776-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name" : "33020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33020"
},
{
"name" : "33568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33568"
},
{
"name" : "34642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34642"
},
{
"name" : "35062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35062"
},
{
"name" : "qemu-monitor-weak-security(47683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[qemu-devel] 20081210 Re: [RESEND] [PATCH v2] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html"
},
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "qemu-monitor-weak-security(47683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47683"
},
{
"name": "[qemu-devel] 20081123 [PATCH] Fix off-by-one bug limiting VNC passwords to 7 chars",
"refsource": "MLIST",
"url": "http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966"
},
{
"name": "33020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33020"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966",
"refsource": "CONFIRM",
"url": "http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966"
}
]
}
}

180
2008/5xxx/CVE-2008-5749.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome \"will ask for user permission\" and \"cannot launch the applet even [if] you have given out the permission.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081223 Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499570/100/0/threaded"
},
{
"name" : "20081225 Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499581/100/0/threaded"
},
{
"name" : "20081226 Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499616/100/0/threaded"
},
{
"name" : "7566",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7566"
},
{
"name" : "http://retrogod.altervista.org/9sg_chrome.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_chrome.html"
},
{
"name" : "32997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32997"
},
{
"name" : "4821",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome \"will ask for user permission\" and \"cannot launch the applet even [if] you have given out the permission.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/9sg_chrome.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_chrome.html"
},
{
"name": "20081226 Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499616/100/0/threaded"
},
{
"name": "32997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32997"
},
{
"name": "7566",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7566"
},
{
"name": "20081223 Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499570/100/0/threaded"
},
{
"name": "20081225 Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499581/100/0/threaded"
},
{
"name": "4821",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4821"
}
]
}
}

160
2011/2xxx/CVE-2011-2084.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name" : "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name" : "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name" : "53660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53660"
},
{
"name" : "49259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49259"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allows remote authenticated users to read (1) hashes of former passwords and (2) ticket correspondence history by leveraging access to a privileged account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20120522 RT 3.8.12 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000203.html"
},
{
"name": "49259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49259"
},
{
"name": "[rt-announce] 20120522 RT 4.0.6 Released - Security Release",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000204.html"
},
{
"name": "[rt-announce] 20120522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-May/000202.html"
},
{
"name": "53660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53660"
}
]
}
}

230
2011/2xxx/CVE-2011-2359.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=78841",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=78841"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "http://support.apple.com/kb/HT5000",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5000"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "APPLE-SA-2011-10-12-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name" : "DSA-2307",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2307"
},
{
"name" : "74229",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74229"
},
{
"name" : "oval:org.mitre.oval:def:14671",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14671"
},
{
"name" : "google-chrome-bad-line-ce(68941)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68941"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 13.0.782.107 does not properly track line boxes during rendering, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a \"stale pointer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "google-chrome-bad-line-ce(68941)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68941"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=78841",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=78841"
},
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "DSA-2307",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2307"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "APPLE-SA-2011-10-12-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:14671",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14671"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "74229",
"refsource": "OSVDB",
"url": "http://osvdb.org/74229"
},
{
"name": "http://support.apple.com/kb/HT5000",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5000"
}
]
}
}

160
2011/2xxx/CVE-2011-2802.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=88591",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=88591"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name" : "74253",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74253"
},
{
"name" : "oval:org.mitre.oval:def:14236",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14236"
},
{
"name" : "google-chrome-lookup-dos(68964)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google V8, as used in Google Chrome before 13.0.782.107, does not properly perform const lookups, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14236"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "74253",
"refsource": "OSVDB",
"url": "http://osvdb.org/74253"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=88591",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=88591"
},
{
"name": "google-chrome-lookup-dos(68964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68964"
}
]
}
}

190
2011/2xxx/CVE-2011-2831.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4981",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4981"
},
{
"name" : "http://support.apple.com/kb/HT4999",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4999"
},
{
"name" : "http://support.apple.com/kb/HT5000",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5000"
},
{
"name" : "APPLE-SA-2011-10-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name" : "APPLE-SA-2011-10-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name" : "APPLE-SA-2011-10-12-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name" : "50066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50066"
},
{
"name" : "oval:org.mitre.oval:def:17317",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other CVEs listed in APPLE-SA-2011-10-11-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT4981",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4981"
},
{
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "APPLE-SA-2011-10-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00000.html"
},
{
"name": "APPLE-SA-2011-10-12-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00004.html"
},
{
"name": "50066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50066"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
},
{
"name": "http://support.apple.com/kb/HT5000",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5000"
},
{
"name": "oval:org.mitre.oval:def:17317",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17317"
}
]
}
}

150
2011/3xxx/CVE-2011-3138.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029497",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029497"
},
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029498",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"name" : "IV01318",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318"
},
{
"name" : "ibm-tfim-security-bypass(69198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69198"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LTPA STS module support implementation in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 relies on a static instance of a Java Development Kit (JDK) class, which might allow attackers to bypass LTPA token signature verification by leveraging lack of thread safety."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV01318",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV01318"
},
{
"name": "ibm-tfim-security-bypass(69198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69198"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029498",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029498"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029497",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029497"
}
]
}
}

270
2011/3xxx/CVE-2011-3561.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-3561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name" : "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/developerworks/java/jdk/alerts/"
},
{
"name" : "HPSBUX02730",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
},
{
"name" : "SSRT100710",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
},
{
"name" : "HPSBMU02797",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "SSRT100867",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name" : "HPSBMU02799",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name" : "RHSA-2011:1384",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "SUSE-SU-2012:0114",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name" : "50250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50250"
},
{
"name" : "76513",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/76513"
},
{
"name" : "oval:org.mitre.oval:def:14274",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14274"
},
{
"name" : "1026215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026215"
},
{
"name" : "48308",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48308"
},
{
"name" : "oracle-jre-unspec-info-disc(70833)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JavaFX 2.0 allows remote attackers to affect confidentiality via unknown vectors related to Deployment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02799",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2"
},
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "HPSBUX02730",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
},
{
"name": "76513",
"refsource": "OSVDB",
"url": "http://osvdb.org/76513"
},
{
"name": "SUSE-SU-2012:0114",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00049.html"
},
{
"name": "oval:org.mitre.oval:def:14274",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14274"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "SSRT100710",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132750579901589&w=2"
},
{
"name": "50250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50250"
},
{
"name": "RHSA-2011:1384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1384.html"
},
{
"name": "oracle-jre-unspec-info-disc(70833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70833"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html"
},
{
"name": "SSRT100867",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "1026215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026215"
},
{
"name": "HPSBMU02797",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134254957702612&w=2"
},
{
"name": "http://www.ibm.com/developerworks/java/jdk/alerts/",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/developerworks/java/jdk/alerts/"
}
]
}
}

130
2013/0xxx/CVE-2013-0390.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2013/0xxx/CVE-2013-0704.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-0704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#78601526",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN78601526/index.html"
},
{
"name" : "JVNDB-2013-000010",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the GREE application before 1.3.3 for Android allows remote attackers to obtain sensitive information via a crafted URL, which is not properly handled during interaction with other applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#78601526",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN78601526/index.html"
},
{
"name": "JVNDB-2013-000010",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000010"
}
]
}
}

34
2013/0xxx/CVE-2013-0738.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0738",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0738",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2013/1xxx/CVE-2013-1061.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://launchpadlibrarian.net/150156695/software-properties_0.92.17.2_0.92.17.3.diff.gz",
"refsource" : "MISC",
"url" : "http://launchpadlibrarian.net/150156695/software-properties_0.92.17.2_0.92.17.3.diff.gz"
},
{
"name" : "https://launchpad.net/ubuntu/+source/software-properties/0.82.7.5",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/software-properties/0.82.7.5"
},
{
"name" : "https://launchpad.net/ubuntu/+source/software-properties/0.92.17.3",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/software-properties/0.92.17.3"
},
{
"name" : "https://launchpad.net/ubuntu/+source/software-properties/0.92.9.3",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/ubuntu/+source/software-properties/0.92.9.3"
},
{
"name" : "USN-1960-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1960-1"
},
{
"name" : "54909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54909"
},
{
"name" : "softwareproperties-cve20131061-sec-bypass(87381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before 0.92.17.3, 0.92.9 before 0.92.9.3, and 0.82.7 before 0.82.7.5 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/ubuntu/+source/software-properties/0.82.7.5",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/software-properties/0.82.7.5"
},
{
"name": "http://launchpadlibrarian.net/150156695/software-properties_0.92.17.2_0.92.17.3.diff.gz",
"refsource": "MISC",
"url": "http://launchpadlibrarian.net/150156695/software-properties_0.92.17.2_0.92.17.3.diff.gz"
},
{
"name": "https://launchpad.net/ubuntu/+source/software-properties/0.92.17.3",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/software-properties/0.92.17.3"
},
{
"name": "https://launchpad.net/ubuntu/+source/software-properties/0.92.9.3",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/software-properties/0.92.9.3"
},
{
"name": "54909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54909"
},
{
"name": "softwareproperties-cve20131061-sec-bypass(87381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87381"
},
{
"name": "USN-1960-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1960-1"
}
]
}
}

160
2013/1xxx/CVE-2013-1506.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-1506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "GLSA-201308-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "RHSA-2013:0772",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0772.html"
},
{
"name" : "53372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53372"
},
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "RHSA-2013:0772",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0772.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2013/1xxx/CVE-2013-1748.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name" : "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/04/17/5"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130417 Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/2"
},
{
"name": "[oss-security] 20130417 Re: Multiple vulnerabilities in PHP Address Book v8.2.5",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/04/17/5"
}
]
}
}

270
2013/1xxx/CVE-2013-1776.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name" : "http://www.sudo.ws/repos/sudo/rev/632f8e028191",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name" : "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"name" : "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "DSA-2642",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2642"
},
{
"name" : "RHSA-2013:1353",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name" : "SSA:2013-065-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"
},
{
"name" : "openSUSE-SU-2013:0495",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name" : "58207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58207"
},
{
"name" : "sudo-ttytickets-sec-bypass(82453)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/632f8e028191",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}

150
2013/1xxx/CVE-2013-1810.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130119 CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q1/127"
},
{
"name" : "[oss-security] 20130302 Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q1/556"
},
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=15384",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=15384"
},
{
"name" : "51853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web script or HTML via a (1) category name in the summary_print_by_category function or (2) project name in the summary_print_by_project function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130119 CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/127"
},
{
"name": "[oss-security] 20130302 Re: CVE request: MantisBT 1.2.12 only summary.php category/project names XSS vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/556"
},
{
"name": "51853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51853"
},
{
"name": "http://www.mantisbt.org/bugs/view.php?id=15384",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=15384"
}
]
}
}

34
2013/1xxx/CVE-2013-1817.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1817",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1817",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2013/4xxx/CVE-2013-4147.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130719 Re: CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q3/145"
},
{
"name" : "http://cxsecurity.com/issue/WLB-2013070028",
"refsource" : "MISC",
"url" : "http://cxsecurity.com/issue/WLB-2013070028"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612"
},
{
"name" : "95518",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95518"
},
{
"name" : "yardradius-log-version-format-string(85892)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612"
},
{
"name": "http://cxsecurity.com/issue/WLB-2013070028",
"refsource": "MISC",
"url": "http://cxsecurity.com/issue/WLB-2013070028"
},
{
"name": "95518",
"refsource": "OSVDB",
"url": "http://osvdb.org/95518"
},
{
"name": "[oss-security] 20130719 Re: CVE Request : Radius Daemon (YardRadius v1.1.2-4 ) Multiple Format String Vulnerabilities",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/145"
},
{
"name": "yardradius-log-version-format-string(85892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85892"
}
]
}
}

120
2013/4xxx/CVE-2013-4629.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4629",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-261327.htm"
}
]
}
}

34
2013/4xxx/CVE-2013-4751.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4751",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4751",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/5xxx/CVE-2013-5156.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5156",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5934",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5934"
},
{
"name" : "APPLE-SA-2013-09-18-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
},
{
"name" : "1029054",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029054"
},
{
"name" : "54886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a crafted app that sends direct requests to the daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029054"
},
{
"name": "54886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54886"
},
{
"name": "http://support.apple.com/kb/HT5934",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5934"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

120
2013/5xxx/CVE-2013-5476.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130925 Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-cce"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, when content filtering or HTTP ALG inspection is enabled, allows remote attackers to cause a denial of service (device reload or hang) via crafted IPv4 HTTP traffic, aka Bug ID CSCtx56174."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130925 Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-cce"
}
]
}
}

130
2013/5xxx/CVE-2013-5566.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-5566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31663",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31663"
},
{
"name" : "20131106 Cisco MDS Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5566"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote attackers to cause a denial of service (supervisor CPU consumption) via Authentication Header (AH) authentication in a Virtual Router Redundancy Protocol (VRRP) frame, aka Bug ID CSCte27874."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131106 Cisco MDS Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5566"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31663",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31663"
}
]
}
}

130
2013/5xxx/CVE-2013-5845.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name" : "63063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63063"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "63063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63063"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
]
}
}

150
2017/0xxx/CVE-2017-0123.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-0123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Uniscribe",
"version" : {
"version_data" : [
{
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-0123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Uniscribe",
"version": {
"version_data": [
{
"version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41655",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41655/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123"
},
{
"name" : "96669",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96669"
},
{
"name" : "1037992",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96669"
},
{
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0123"
},
{
"name": "41655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41655/"
}
]
}
}

156
2017/0xxx/CVE-2017-0759.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2017-09-05T00:00:00",
"ID" : "CVE-2017-0759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-09-05T00:00:00",
"ID": "CVE-2017-0759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "100649",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36715268."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100649"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
}
]
}
}

134
2017/1000xxx/CVE-2017-1000013.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.265596",
"ID" : "CVE-2017-1000013",
"REQUESTER" : "security@phpmyadmin.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "phpMyAdmin",
"version" : {
"version_data" : [
{
"version_value" : "All 4.6.x versions (prior to 4.6.6), 4.4.x versions (prior to 4.4.15.10), and 4.0.x versions (prior to 4.0.10.19) are affected"
}
]
}
}
]
},
"vendor_name" : "phpMyAdmin"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Open redirect"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.265596",
"ID": "CVE-2017-1000013",
"REQUESTER": "security@phpmyadmin.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.phpmyadmin.net/security/PMASA-2017-1",
"refsource" : "CONFIRM",
"url" : "https://www.phpmyadmin.net/security/PMASA-2017-1"
},
{
"name" : "95720",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.phpmyadmin.net/security/PMASA-2017-1",
"refsource": "CONFIRM",
"url": "https://www.phpmyadmin.net/security/PMASA-2017-1"
},
{
"name": "95720",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95720"
}
]
}
}

134
2017/1000xxx/CVE-2017-1000042.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.290995",
"ID" : "CVE-2017-1000042",
"REQUESTER" : "ulsh@mapbox.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mapbox.js",
"version" : {
"version_data" : [
{
"version_value" : "v2.1.6 and earlier; v1.6.4 and earlier"
}
]
}
}
]
},
"vendor_name" : "Mapbox"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.290995",
"ID": "CVE-2017-1000042",
"REQUESTER": "ulsh@mapbox.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/54327",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/54327"
},
{
"name" : "https://nodesecurity.io/advisories/49",
"refsource" : "CONFIRM",
"url" : "https://nodesecurity.io/advisories/49"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/54327",
"refsource": "MISC",
"url": "https://hackerone.com/reports/54327"
},
{
"name": "https://nodesecurity.io/advisories/49",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/49"
}
]
}
}

130
2017/12xxx/CVE-2017-12138.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/XOOPS/XoopsCore25/issues/523",
"refsource" : "CONFIRM",
"url" : "https://github.com/XOOPS/XoopsCore25/issues/523"
},
{
"name" : "100091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php because of the URL filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100091"
},
{
"name": "https://github.com/XOOPS/XoopsCore25/issues/523",
"refsource": "CONFIRM",
"url": "https://github.com/XOOPS/XoopsCore25/issues/523"
}
]
}
}

122
2017/12xxx/CVE-2017-12170.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-08-14T00:00:00",
"ID" : "CVE-2017-12170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pure-ftpd",
"version" : {
"version_data" : [
{
"version_value" : "Fedora downstream version pure-ftpd-1.0.46-1"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unsafe configuration"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-08-14T00:00:00",
"ID": "CVE-2017-12170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pure-ftpd",
"version": {
"version_data": [
{
"version_value": "Fedora downstream version pure-ftpd-1.0.46-1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1493114",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unsafe configuration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1493114"
}
]
}
}

140
2017/12xxx/CVE-2017-12215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Email Security Appliance",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Email Security Appliance"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance",
"version": {
"version_data": [
{
"version_value": "Cisco Email Security Appliance"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa"
},
{
"name" : "100920",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100920"
},
{
"name" : "1039414",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the email message filtering feature of Cisco AsyncOS Software for the Cisco Email Security Appliance could allow an unauthenticated, remote attacker to cause an affected device to run out of memory and stop scanning and forwarding email messages. When system memory is depleted, it can cause the filtering process to crash, resulting in a denial of service (DoS) condition on the device. This vulnerability affects software version 9.0 through the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. Cisco Bug IDs: CSCvd29354."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100920",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100920"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-esa"
},
{
"name": "1039414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039414"
}
]
}
}

130
2017/12xxx/CVE-2017-12443.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170808 minidjvu multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/15"
},
{
"name" : "100422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 can cause a denial of service (invalid memory read and application crash) via a crafted djvu file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170808 minidjvu multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/15"
},
{
"name": "100422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100422"
}
]
}
}

34
2017/12xxx/CVE-2017-12660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/12xxx/CVE-2017-12892.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "100414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "100414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100414"
}
]
}
}

140
2017/12xxx/CVE-2017-12939.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://twitter.com/0x09AL/status/898635999185711108",
"refsource" : "MISC",
"url" : "https://twitter.com/0x09AL/status/898635999185711108"
},
{
"name" : "https://unity3d.com/security#issues",
"refsource" : "CONFIRM",
"url" : "https://unity3d.com/security#issues"
},
{
"name" : "100444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100444"
},
{
"name": "https://unity3d.com/security#issues",
"refsource": "CONFIRM",
"url": "https://unity3d.com/security#issues"
},
{
"name": "https://twitter.com/0x09AL/status/898635999185711108",
"refsource": "MISC",
"url": "https://twitter.com/0x09AL/status/898635999185711108"
}
]
}
}

130
2017/13xxx/CVE-2017-13649.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.unrealircd.org/view.php?id=4990",
"refsource" : "MISC",
"url" : "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name" : "100507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command. NOTE: the vendor indicates that there is no common or recommended scenario in which a root script would execute this kill command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.unrealircd.org/view.php?id=4990",
"refsource": "MISC",
"url": "https://bugs.unrealircd.org/view.php?id=4990"
},
{
"name": "100507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100507"
}
]
}
}

132
2017/16xxx/CVE-2017-16139.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "jikes node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. Accessible files are restricted to files with .htm and .js extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jikes node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jikes",
"refsource" : "MISC",
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jikes"
},
{
"name" : "https://nodesecurity.io/advisories/476",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url. Accessible files are restricted to files with .htm and .js extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/476",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/476"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jikes",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/jikes"
}
]
}
}

34
2017/16xxx/CVE-2017-16319.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16319",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16319",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2017/16xxx/CVE-2017-16353.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43111",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43111/"
},
{
"name" : "[debian-lts-announce] 20171103 [SECURITY] [DLA 1159-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html"
},
{
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name" : "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt",
"refsource" : "MISC",
"url" : "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt"
},
{
"name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8",
"refsource" : "MISC",
"url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8"
},
{
"name" : "https://blogs.securiteam.com/index.php/archives/3494",
"refsource" : "MISC",
"url" : "https://blogs.securiteam.com/index.php/archives/3494"
},
{
"name" : "DSA-4321",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4321"
},
{
"name" : "101653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure vulnerability found in the DescribeImage function of the magick/describe.c file, because of a heap-based buffer over-read. The portion of the code containing the vulnerability is responsible for printing the IPTC Profile information contained in the image. This vulnerability can be triggered with a specially crafted MIFF file. There is an out-of-bounds buffer dereference because certain increments are never checked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8",
"refsource": "MISC",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8"
},
{
"name": "101653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101653"
},
{
"name": "43111",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43111/"
},
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3494",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3494"
},
{
"name": "[debian-lts-announce] 20171103 [SECURITY] [DLA 1159-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html"
},
{
"name": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt",
"refsource": "MISC",
"url": "ftp://ftp.graphicsmagick.org/pub/GraphicsMagick/snapshots/ChangeLog.txt"
}
]
}
}

140
2017/16xxx/CVE-2017-16615.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/",
"refsource" : "MISC",
"url" : "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/"
},
{
"name" : "https://github.com/thanethomson/MLAlchemy/issues/1",
"refsource" : "CONFIRM",
"url" : "https://github.com/thanethomson/MLAlchemy/issues/1"
},
{
"name" : "https://github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c",
"refsource" : "CONFIRM",
"url" : "https://github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in command execution because load is used where safe_load should have been used. An attacker can insert Python into loaded YAML to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c",
"refsource": "CONFIRM",
"url": "https://github.com/thanethomson/MLAlchemy/commit/bc795757febdcce430d89f9d08f75c32d6989d3c"
},
{
"name": "https://github.com/thanethomson/MLAlchemy/issues/1",
"refsource": "CONFIRM",
"url": "https://github.com/thanethomson/MLAlchemy/issues/1"
},
{
"name": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/",
"refsource": "MISC",
"url": "https://joel-malwarebenchmark.github.io/blog/2017/11/08/cve-2017-16615-critical-restful-web-applications-vulnerability/"
}
]
}
}

120
2017/16xxx/CVE-2017-16783.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/",
"refsource" : "MISC",
"url" : "https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CMS Made Simple 2.1.6, there is Server-Side Template Injection via the cntnt01detailtemplate parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-17-032-server-side-template-injection-vulnerability-in-cms-made-simple/"
}
]
}
}

34
2017/4xxx/CVE-2017-4112.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4112",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4112",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4356.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4356",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4356",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

182
2017/4xxx/CVE-2017-4933.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2017-12-19T00:00:00",
"ID" : "CVE-2017-4933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESXi",
"version" : {
"version_data" : [
{
"version_value" : "6.5 before ESXi650-201710401-BG"
}
]
}
},
{
"product_name" : "Workstation",
"version" : {
"version_data" : [
{
"version_value" : "12.x before 12.5.8"
}
]
}
},
{
"product_name" : "Fusion",
"version" : {
"version_data" : [
{
"version_value" : "8.x before 8.5.9"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap overflow via authenticated VNC session"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2017-12-19T00:00:00",
"ID": "CVE-2017-4933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESXi",
"version": {
"version_data": [
{
"version_value": "6.5 before ESXi650-201710401-BG"
}
]
}
},
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "12.x before 12.5.8"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "8.x before 8.5.9"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html",
"refsource" : "CONFIRM",
"url" : "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"name" : "1040024",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040024"
},
{
"name" : "1040025",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap overflow via authenticated VNC session"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2017-0021.html"
},
{
"name": "1040025",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040025"
},
{
"name": "1040024",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040024"
}
]
}
}

34
2018/18xxx/CVE-2018-18156.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18156",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18156",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/18xxx/CVE-2018-18869.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://qclover.github.io/2018/10/10/EmpireCMS_V7.5%E7%9A%84%E4%B8%80%E6%AC%A1%E5%AE%A1%E8%AE%A1.html",
"refsource" : "MISC",
"url" : "https://qclover.github.io/2018/10/10/EmpireCMS_V7.5%E7%9A%84%E4%B8%80%E6%AC%A1%E5%AE%A1%E8%AE%A1.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EmpireCMS V7.5 allows remote attackers to upload and execute arbitrary code via ..%2F directory traversal in a .php filename in the upload/e/admin/ecmscom.php path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://qclover.github.io/2018/10/10/EmpireCMS_V7.5%E7%9A%84%E4%B8%80%E6%AC%A1%E5%AE%A1%E8%AE%A1.html",
"refsource": "MISC",
"url": "https://qclover.github.io/2018/10/10/EmpireCMS_V7.5%E7%9A%84%E4%B8%80%E6%AC%A1%E5%AE%A1%E8%AE%A1.html"
}
]
}
}

34
2018/18xxx/CVE-2018-18973.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18973",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18973",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

214
2018/5xxx/CVE-2018-5147.json
View File

@ -1,109 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.7.2"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "59.0.1"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds memory write in libtremor"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.7.2"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "59.0.1"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180322 [SECURITY] [DLA 1312-1] libvorbisidec security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00016.html"
},
{
"name" : "[debian-lts-announce] 20180326 [SECURITY] [DLA 1319-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1446365",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1446365"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-08/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-08/"
},
{
"name" : "DSA-4141",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4141"
},
{
"name" : "DSA-4143",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4143"
},
{
"name" : "103432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103432"
},
{
"name" : "1040544",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The libtremor library has the same flaw as CVE-2018-5146. This library is used by Firefox in place of libvorbis on Android and ARM platforms. This vulnerability affects Firefox ESR < 52.7.2 and Firefox < 59.0.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds memory write in libtremor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4143",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4143"
},
{
"name": "[debian-lts-announce] 20180326 [SECURITY] [DLA 1319-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00022.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1446365",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1446365"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-08/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-08/"
},
{
"name": "[debian-lts-announce] 20180322 [SECURITY] [DLA 1312-1] libvorbisidec security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00016.html"
},
{
"name": "1040544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040544"
},
{
"name": "DSA-4141",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4141"
},
{
"name": "103432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103432"
}
]
}
}