admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:36:37 +00:00
parent d478a90c92
commit 5e737929fe
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
49 changed files with 3333 additions and 3333 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2002/0xxx/CVE-2002-0287.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0287",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0287",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020216 pforum: mysql-injection-bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101389284625019&w=2"
},
{
"name" : "http://www.powie.de/news/index.php",
"refsource" : "CONFIRM",
"url" : "http://www.powie.de/news/index.php"
},
{
"name" : "4114",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4114"
},
{
"name" : "pforum-quotes-sql-injection(8203)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8203.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020216 pforum: mysql-injection-bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101389284625019&w=2"
},
{
"name": "pforum-quotes-sql-injection(8203)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8203.php"
},
{
"name": "http://www.powie.de/news/index.php",
"refsource": "CONFIRM",
"url": "http://www.powie.de/news/index.php"
},
{
"name": "4114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4114"
}
]
}
}

138
2002/0xxx/CVE-2002-0362.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020506 w00w00 on AOL Instant Messenger remote overflow #2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102071080509955&w=2"
},
{
"name" : "4677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4677"
},
{
"name" : "aim-addexternalapp-bo(9017)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9017.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aim-addexternalapp-bo(9017)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9017.php"
},
{
"name": "20020506 w00w00 on AOL Instant Messenger remote overflow #2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102071080509955&w=2"
},
{
"name": "4677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4677"
}
]
}
}

218
2002/0xxx/CVE-2002-0380.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2002:094",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-094.html"
},
{
"name" : "RHSA-2002:121",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-121.html"
},
{
"name" : "RHSA-2003:214",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-214.html"
},
{
"name" : "FreeBSD-SA-02:29",
"refsource" : "FREEBSD",
"url" : "http://marc.info/?l=bugtraq&m=102650721503642&w=2"
},
{
"name" : "CLA-2002:491",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491"
},
{
"name" : "CSSA-2002-025.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt"
},
{
"name" : "DSA-255",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-255"
},
{
"name" : "20020606 TSLSA-2002-0055 - tcpdump",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102339541014226&w=2"
},
{
"name" : "tcpdump-nfs-bo(9216)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9216.php"
},
{
"name" : "4890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4890"
},
{
"name" : "HPSBTL0205-044",
"refsource" : "HP",
"url" : "http://online.securityfocus.com/advisories/4169"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2002-025.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt"
},
{
"name": "RHSA-2002:121",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-121.html"
},
{
"name": "4890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4890"
},
{
"name": "FreeBSD-SA-02:29",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=102650721503642&w=2"
},
{
"name": "tcpdump-nfs-bo(9216)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9216.php"
},
{
"name": "RHSA-2003:214",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-214.html"
},
{
"name": "DSA-255",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-255"
},
{
"name": "20020606 TSLSA-2002-0055 - tcpdump",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102339541014226&w=2"
},
{
"name": "CLA-2002:491",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491"
},
{
"name": "RHSA-2002:094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-094.html"
},
{
"name": "HPSBTL0205-044",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4169"
}
]
}
}

258
2002/0xxx/CVE-2002-0639.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0639",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020626 OpenSSH Security Advisory (adv.iss)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102514371522793&w=2"
},
{
"name" : "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102514631524575&w=2"
},
{
"name" : "20020627 How to reproduce OpenSSH Overflow.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102521542826833&w=2"
},
{
"name" : "VU#369347",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/369347"
},
{
"name" : "CA-2002-18",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name" : "DSA-134",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-134"
},
{
"name" : "HPSBUX0206-195",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name" : "CSSA-2002-030.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name" : "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html"
},
{
"name" : "CLA-2002:502",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502"
},
{
"name" : "ESA-20020702-016",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name" : "MDKSA-2002:040",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name" : "5093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5093"
},
{
"name" : "openssh-challenge-response-bo(9169)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9169.php"
},
{
"name" : "6245",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6245"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-134"
},
{
"name": "openssh-challenge-response-bo(9169)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9169.php"
},
{
"name": "20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html"
},
{
"name": "20020626 OpenSSH Security Advisory (adv.iss)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102514371522793&w=2"
},
{
"name": "6245",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6245"
},
{
"name": "CA-2002-18",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-18.html"
},
{
"name": "20020627 How to reproduce OpenSSH Overflow.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102521542826833&w=2"
},
{
"name": "5093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5093"
},
{
"name": "CSSA-2002-030.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt"
},
{
"name": "ESA-20020702-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2177.html"
},
{
"name": "VU#369347",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/369347"
},
{
"name": "CLA-2002:502",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502"
},
{
"name": "HPSBUX0206-195",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195"
},
{
"name": "MDKSA-2002:040",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040"
},
{
"name": "20020626 Revised OpenSSH Security Advisory (adv.iss)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102514631524575&w=2"
}
]
}
}

148
2002/0xxx/CVE-2002-0700.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka \"Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041"
},
{
"name" : "mcms-authentication-bo(9783)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9783.php"
},
{
"name" : "5420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5420"
},
{
"name" : "4862",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4862"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka \"Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mcms-authentication-bo(9783)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9783.php"
},
{
"name": "5420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5420"
},
{
"name": "MS02-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041"
},
{
"name": "4862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4862"
}
]
}
}

32
2002/1xxx/CVE-2002-1332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

278
2002/1xxx/CVE-2002-1344.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103962838628940&w=2"
},
{
"name" : "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name" : "CSSA-2003.003.0",
"refsource" : "CALDERA",
"url" : "http://www.securityfocus.com/archive/1/307045/30/26300/threaded"
},
{
"name" : "CLA-2002:552",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552"
},
{
"name" : "CLSA-2002:552",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552"
},
{
"name" : "DSA-209",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2002/dsa-209"
},
{
"name" : "MDKSA-2002:086",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php"
},
{
"name" : "OpenPKG-SA-2003.007",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html"
},
{
"name" : "RHSA-2002:229",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-229.html"
},
{
"name" : "RHSA-2002:256",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-256.html"
},
{
"name" : "CSSA-2003-003.0",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name" : "20021219 TSLSA-2002-0089 - wget",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104033016703851&w=2"
},
{
"name" : "N-022",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-022.shtml"
},
{
"name" : "VU#210148",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/210148"
},
{
"name" : "6352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6352"
},
{
"name" : "6360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6360"
},
{
"name" : "wget-ftp-filename-traversal(10820)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10820.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in wget before 1.8.2-4 allows a remote FTP server to create or overwrite files as the wget user via filenames containing (1) /absolute/path or (2) .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:552",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000552"
},
{
"name": "CSSA-2003-003.0",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-003.0.txt"
},
{
"name": "DSA-209",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2002/dsa-209"
},
{
"name": "20021219 TSLSA-2002-0089 - wget",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104033016703851&w=2"
},
{
"name": "N-022",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-022.shtml"
},
{
"name": "6360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6360"
},
{
"name": "RHSA-2002:256",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-256.html"
},
{
"name": "MDKSA-2002:086",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-086.php"
},
{
"name": "20021211 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103962838628940&w=2"
},
{
"name": "CLA-2002:552",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552"
},
{
"name": "RHSA-2002:229",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-229.html"
},
{
"name": "CSSA-2003.003.0",
"refsource": "CALDERA",
"url": "http://www.securityfocus.com/archive/1/307045/30/26300/threaded"
},
{
"name": "20021210 Directory Traversal Vulnerabilities in FTP Clients",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0102.html"
},
{
"name": "6352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6352"
},
{
"name": "VU#210148",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210148"
},
{
"name": "wget-ftp-filename-traversal(10820)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10820.php"
},
{
"name": "OpenPKG-SA-2003.007",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.007.html"
}
]
}
}

138
2002/1xxx/CVE-2002-1416.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020820 Advisory: DoS in WebEasyMail +more possible?",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/288222"
},
{
"name" : "webeasymail-pop3-bruteforce(9925)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9925.php"
},
{
"name" : "5519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5519"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020820 Advisory: DoS in WebEasyMail +more possible?",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/288222"
},
{
"name": "webeasymail-pop3-bruteforce(9925)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9925.php"
},
{
"name": "5519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5519"
}
]
}
}

148
2002/1xxx/CVE-2002-1837.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via \"..\" sequences in the album parameter, which generates different error messages depending on whether the directory exists or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020528 Information Disclosure Vulnerability in IDS 0.8x",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/274433"
},
{
"name" : "http://ids.sourceforge.net/ChangeLog.html",
"refsource" : "CONFIRM",
"url" : "http://ids.sourceforge.net/ChangeLog.html"
},
{
"name" : "4870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4870"
},
{
"name" : "ids-dir-existence(9201)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9201.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via \"..\" sequences in the album parameter, which generates different error messages depending on whether the directory exists or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ids-dir-existence(9201)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9201.php"
},
{
"name": "20020528 Information Disclosure Vulnerability in IDS 0.8x",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274433"
},
{
"name": "http://ids.sourceforge.net/ChangeLog.html",
"refsource": "CONFIRM",
"url": "http://ids.sourceforge.net/ChangeLog.html"
},
{
"name": "4870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4870"
}
]
}
}

32
2002/2xxx/CVE-2002-2147.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2147",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2002-2147",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2002-1828. Reason: This candidate is a duplicate of CVE-2002-1828. Notes: All CVE users should reference CVE-2002-1828 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

138
2002/2xxx/CVE-2002-2386.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021110 xoops Quizz Module IMG bug",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0131.html"
},
{
"name" : "http://www.blocus-zone.com/modules/news/article.php?storyid=180",
"refsource" : "MISC",
"url" : "http://www.blocus-zone.com/modules/news/article.php?storyid=180"
},
{
"name" : "xoops-quiz-module-xss(10594)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10594.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blocus-zone.com/modules/news/article.php?storyid=180",
"refsource": "MISC",
"url": "http://www.blocus-zone.com/modules/news/article.php?storyid=180"
},
{
"name": "20021110 xoops Quizz Module IMG bug",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0131.html"
},
{
"name": "xoops-quiz-module-xss(10594)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10594.php"
}
]
}
}

178
2005/0xxx/CVE-2005-0035.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hyperdose.com/advisories/H2005-06.txt",
"refsource" : "MISC",
"url" : "http://www.hyperdose.com/advisories/H2005-06.txt"
},
{
"name" : "http://www.adobe.com/support/techdocs/331465.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/techdocs/331465.html"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf"
},
{
"name" : "12989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12989"
},
{
"name" : "ADV-2005-0310",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0310"
},
{
"name" : "15242",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15242"
},
{
"name" : "14813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14813"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14813"
},
{
"name": "http://www.adobe.com/support/techdocs/331465.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/techdocs/331465.html"
},
{
"name": "12989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12989"
},
{
"name": "15242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15242"
},
{
"name": "http://www.hyperdose.com/advisories/H2005-06.txt",
"refsource": "MISC",
"url": "http://www.hyperdose.com/advisories/H2005-06.txt"
},
{
"name": "ADV-2005-0310",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0310"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf"
}
]
}
}

188
2005/1xxx/CVE-2005-1020.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050406 Vulnerabilities in Cisco IOS Secure Shell Server",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml"
},
{
"name" : "13043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13043"
},
{
"name" : "oval:org.mitre.oval:def:5455",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5455"
},
{
"name" : "1013655",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2005/Apr/1013655.html"
},
{
"name" : "14854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14854"
},
{
"name" : "cisco-ios-sshv2-tacacs-authentication-dos(19987)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19987"
},
{
"name" : "cisco-ios-authentication-send-dos(19989)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19989"
},
{
"name" : "cisco-ios-ssh-message-log-dos(19990)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19990"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013655",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Apr/1013655.html"
},
{
"name": "13043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13043"
},
{
"name": "cisco-ios-sshv2-tacacs-authentication-dos(19987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19987"
},
{
"name": "cisco-ios-authentication-send-dos(19989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19989"
},
{
"name": "14854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14854"
},
{
"name": "cisco-ios-ssh-message-log-dos(19990)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19990"
},
{
"name": "20050406 Vulnerabilities in Cisco IOS Secure Shell Server",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050406-ssh.shtml"
},
{
"name": "oval:org.mitre.oval:def:5455",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5455"
}
]
}
}

208
2005/1xxx/CVE-2005-1267.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208"
},
{
"name" : "DSA-854",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-854"
},
{
"name" : "FEDORA-2005-406",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html"
},
{
"name" : "FLSA:156139",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name" : "RHSA-2005:505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-505.html"
},
{
"name" : "2005-0028",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2005/0028/"
},
{
"name" : "13906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13906"
},
{
"name" : "oval:org.mitre.oval:def:11148",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148"
},
{
"name" : "15634",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15634/"
},
{
"name" : "17118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17118"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13906"
},
{
"name": "17118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17118"
},
{
"name": "2005-0028",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0028/"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159208"
},
{
"name": "15634",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15634/"
},
{
"name": "RHSA-2005:505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-505.html"
},
{
"name": "oval:org.mitre.oval:def:11148",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11148"
},
{
"name": "FEDORA-2005-406",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-June/msg00007.html"
},
{
"name": "FLSA:156139",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name": "DSA-854",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-854"
}
]
}
}

538
2009/0xxx/CVE-2009-0783.json
View File

@ -1,272 +1,272 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504090/100/0/threaded"
},
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://svn.apache.org/viewvc?rev=652592&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=652592&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=681156&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=681156&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=739522&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=739522&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=781542&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=781542&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=781708&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=781708&view=rev"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"
},
{
"name" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "DSA-2207",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2207"
},
{
"name" : "FEDORA-2009-11352",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
},
{
"name" : "FEDORA-2009-11356",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
},
{
"name" : "FEDORA-2009-11374",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
},
{
"name" : "HPSBUX02579",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name" : "SSRT100203",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name" : "HPSBUX02860",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "SSRT101146",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "HPSBMA02535",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "SSRT100029",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "MDVSA-2009:136",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
},
{
"name" : "MDVSA-2009:138",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
},
{
"name" : "MDVSA-2010:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name" : "263529",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "35416",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35416"
},
{
"name" : "oval:org.mitre.oval:def:10716",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"
},
{
"name" : "oval:org.mitre.oval:def:6450",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"
},
{
"name" : "oval:org.mitre.oval:def:18913",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"
},
{
"name" : "1022336",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022336"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "35788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35788"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "42368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42368"
},
{
"name" : "ADV-2009-1856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1856"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "ADV-2010-3056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name" : "tomcat-xml-information-disclosure(51195)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "HPSBMA02535",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "http://svn.apache.org/viewvc?rev=652592&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=652592&view=rev"
},
{
"name": "MDVSA-2009:138",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
},
{
"name": "FEDORA-2009-11356",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
},
{
"name": "DSA-2207",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"name": "HPSBUX02860",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "http://svn.apache.org/viewvc?rev=781542&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=781542&view=rev"
},
{
"name": "oval:org.mitre.oval:def:18913",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18913"
},
{
"name": "ADV-2010-3056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "20090604 [SECURITY] CVE-2009-0783 Apache Tomcat Information disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504090/100/0/threaded"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "35788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35788"
},
{
"name": "SSRT100029",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "http://svn.apache.org/viewvc?rev=781708&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=781708&view=rev"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://svn.apache.org/viewvc?rev=739522&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=739522&view=rev"
},
{
"name": "ADV-2009-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1856"
},
{
"name": "MDVSA-2010:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "http://svn.apache.org/viewvc?rev=681156&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=681156&view=rev"
},
{
"name": "42368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42368"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=45933"
},
{
"name": "FEDORA-2009-11374",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
},
{
"name": "oval:org.mitre.oval:def:6450",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6450"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "1022336",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022336"
},
{
"name": "tomcat-xml-information-disclosure(51195)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51195"
},
{
"name": "FEDORA-2009-11352",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "HPSBUX02579",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name": "SSRT101146",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "MDVSA-2009:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
},
{
"name": "263529",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"name": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=29936"
},
{
"name": "SSRT100203",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name": "35416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35416"
},
{
"name": "oval:org.mitre.oval:def:10716",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10716"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

208
2009/1xxx/CVE-2009-1586.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090503 Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503184/100/0/threaded"
},
{
"name" : "8612",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8612"
},
{
"name" : "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html",
"refsource" : "MISC",
"url" : "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html"
},
{
"name" : "http://www.shemes.com/index.php?p=whatsnew",
"refsource" : "CONFIRM",
"url" : "http://www.shemes.com/index.php?p=whatsnew"
},
{
"name" : "34807",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34807"
},
{
"name" : "54205",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54205"
},
{
"name" : "1022161",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022161"
},
{
"name" : "34893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34893"
},
{
"name" : "ADV-2009-1243",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1243"
},
{
"name" : "grabit-nzb-bo(50310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50310"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shemes.com/index.php?p=whatsnew",
"refsource": "CONFIRM",
"url": "http://www.shemes.com/index.php?p=whatsnew"
},
{
"name": "grabit-nzb-bo(50310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50310"
},
{
"name": "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html",
"refsource": "MISC",
"url": "http://blog.teusink.net/2009/05/grabit-172-beta-3-nzb-file-parsing.html"
},
{
"name": "20090503 Grabit <= 1.7.2 beta 3 NZB file parsing stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503184/100/0/threaded"
},
{
"name": "1022161",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022161"
},
{
"name": "8612",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8612"
},
{
"name": "34807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34807"
},
{
"name": "34893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34893"
},
{
"name": "54205",
"refsource": "OSVDB",
"url": "http://osvdb.org/54205"
},
{
"name": "ADV-2009-1243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1243"
}
]
}
}

248
2009/1xxx/CVE-2009-1689.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35332"
},
{
"name" : "54988",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54988"
},
{
"name" : "1022344",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022344"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022344",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022344"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "54988",
"refsource": "OSVDB",
"url": "http://osvdb.org/54988"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "35332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35332"
}
]
}
}

118
2009/5xxx/CVE-2009-5130.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1",
"refsource" : "CONFIRM",
"url" : "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Rules Service in Websense Email Security before 7.1 allows remote attackers to cause a denial of service (service crash) via an attachment with a crafted size."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1",
"refsource": "CONFIRM",
"url": "http://www.websense.com/support/article/t-kbarticle/Release-Notes-for-Websense-Email-Security-v7-1"
}
]
}
}

218
2012/0xxx/CVE-2012-0594.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "79916",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79916"
},
{
"name" : "oval:org.mitre.oval:def:16941",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16941"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20120594-code-execution(73813)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73813"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16941"
},
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "apple-webkit-cve20120594-code-execution(73813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73813"
},
{
"name": "79916",
"refsource": "OSVDB",
"url": "http://osvdb.org/79916"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

218
2012/0xxx/CVE-2012-0612.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "79934",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79934"
},
{
"name" : "oval:org.mitre.oval:def:17156",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17156"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20120612-code-execution(73831)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73831"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-webkit-cve20120612-code-execution(73831)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73831"
},
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "79934",
"refsource": "OSVDB",
"url": "http://osvdb.org/79934"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "oval:org.mitre.oval:def:17156",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17156"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

178
2012/2xxx/CVE-2012-2251.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121127 Re: rssh security announcement",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
},
{
"name" : "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name" : "DSA-2578",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2578"
},
{
"name" : "56708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56708"
},
{
"name" : "51307",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51307"
},
{
"name" : "rssh-eoption-command-execution(80334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) \"-e\" or (2) \"--\" command line option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51307"
},
{
"name": "[oss-security] 20121128 rssh: incorrect filtering of command line options",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/27/15"
},
{
"name": "DSA-2578",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2578"
},
{
"name": "56708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56708"
},
{
"name": "rssh-eoption-command-execution(80334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80334"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=877279",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=877279"
},
{
"name": "20121127 Re: rssh security announcement",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0101.html"
}
]
}
}

32
2012/2xxx/CVE-2012-2518.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2518",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2518",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

32
2012/3xxx/CVE-2012-3340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

168
2012/3xxx/CVE-2012-3577.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html"
},
{
"name" : "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/",
"refsource" : "MISC",
"url" : "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/"
},
{
"name" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html",
"refsource" : "MISC",
"url" : "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html"
},
{
"name" : "53790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53790"
},
{
"name" : "49375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49375"
},
{
"name" : "wp-nmedia-doupload-file-upload(76076)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76076"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in doupload.php in the Nmedia Member Conversation plugin before 1.4 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/user_uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/",
"refsource": "MISC",
"url": "http://wordpress.org/extend/plugins/wordpress-member-private-conversation/changelog/"
},
{
"name": "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/113287/WordPress-Nmedia-WP-Member-Conversation-1.35.0-Shell-Upload.html"
},
{
"name": "53790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53790"
},
{
"name": "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html",
"refsource": "MISC",
"url": "http://www.opensyscom.fr/Actualites/wordpress-plugins-nmedia-wordpress-member-conversation-shell-upload-vulnerability.html"
},
{
"name": "49375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49375"
},
{
"name": "wp-nmedia-doupload-file-upload(76076)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76076"
}
]
}
}

32
2012/3xxx/CVE-2012-3584.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3584",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3584",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2012/3xxx/CVE-2012-3805.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23097",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23097"
},
{
"name" : "http://www.kajona.de/changelog_34x.de.html",
"refsource" : "CONFIRM",
"url" : "http://www.kajona.de/changelog_34x.de.html"
},
{
"name" : "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html",
"refsource" : "CONFIRM",
"url" : "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
},
{
"name" : "49849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49849"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49849"
},
{
"name": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html",
"refsource": "CONFIRM",
"url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
},
{
"name": "http://www.kajona.de/changelog_34x.de.html",
"refsource": "CONFIRM",
"url": "http://www.kajona.de/changelog_34x.de.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23097",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23097"
},
{
"name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
}
]
}
}

32
2012/4xxx/CVE-2012-4524.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4524",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4524",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2012/4xxx/CVE-2012-4606.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4606",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4606",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2012/4xxx/CVE-2012-4609.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121130 ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-12/0002.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows remote attackers to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121130 ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-12/0002.html"
}
]
}
}

128
2012/4xxx/CVE-2012-4754.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php"
},
{
"name" : "47797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47797"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in MindManager 2012 10.0.493 allow local users to gain privileges via a Trojan horse (1) ssgp.dll or (2) dwmapi.dll file in the current working directory, as demonstrated by a directory that contains a .mmap file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5068.php"
},
{
"name": "47797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47797"
}
]
}
}

128
2012/4xxx/CVE-2012-4907.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137532",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137532"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137532",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137532"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html"
}
]
}
}

32
2017/2xxx/CVE-2017-2029.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2029",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2029",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

120
2017/2xxx/CVE-2017-2745.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "hp-security-alert@hp.com",
"DATE_PUBLIC" : "2017-01-17T00:00:00",
"ID" : "CVE-2017-2745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HP JetAdvantage Security Manager",
"version" : {
"version_data" : [
{
"version_value" : "before 3.0.1"
}
]
}
}
]
},
"vendor_name" : "HP Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"DATE_PUBLIC": "2017-01-17T00:00:00",
"ID": "CVE-2017-2745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP JetAdvantage Security Manager",
"version": {
"version_data": [
{
"version_value": "before 3.0.1"
}
]
}
}
]
},
"vendor_name": "HP Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI03562",
"refsource" : "HP",
"url" : "https://support.hp.com/us-en/document/c05639510"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI03562",
"refsource": "HP",
"url": "https://support.hp.com/us-en/document/c05639510"
}
]
}
}

128
2017/2xxx/CVE-2017-2788.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2017-2788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PopUp Printer Client",
"version" : {
"version_data" : [
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "Pharos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PopUp Printer Client",
"version": {
"version_data": [
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Pharos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2017-0283/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2017-0283/"
},
{
"name" : "96742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96742"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening, has root privileges, and requires no user interaction to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2017-0283/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2017-0283/"
},
{
"name": "96742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96742"
}
]
}
}

136
2017/6xxx/CVE-2017-6167.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-12-20T00:00:00",
"ID" : "CVE-2017-6167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0"
},
{
"version_value" : "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.1.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K24465120",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K24465120"
},
{
"name" : "1040053",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040053"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM and WebSafe software version 13.0.0 and 12.1.0 - 12.1.2, race conditions in iControl REST may lead to commands being executed with different privilege levels than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K24465120",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K24465120"
},
{
"name": "1040053",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040053"
}
]
}
}

148
2017/6xxx/CVE-2017-6661.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Email Security and Content Security Management Appliance",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Email Security and Content Security Management Appliance"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Email Security and Content Security Management Appliance",
"version": {
"version_data": [
{
"version_value": "Cisco Email Security and Content Security Management Appliance"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa"
},
{
"name" : "98950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98950"
},
{
"name" : "1038637",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038637"
},
{
"name" : "1038638",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038638"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka Message Tracking XSS. More Information: CSCvd30805 CSCvd34861. Known Affected Releases: 10.0.0-203 10.1.0-049."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038638",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038638"
},
{
"name": "98950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98950"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esa"
},
{
"name": "1038637",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038637"
}
]
}
}

138
2017/6xxx/CVE-2017-6759.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Prime Collaboration Provisioning Tool",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Prime Collaboration Provisioning Tool"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Prime Collaboration Provisioning Tool",
"version": {
"version_data": [
{
"version_value": "Cisco Prime Collaboration Provisioning Tool"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304",
"refsource" : "CONFIRM",
"url" : "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304"
},
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt"
},
{
"name" : "1039062",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039062"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the UpgradeManager of the Cisco Prime Collaboration Provisioning Tool 12.1 could allow an authenticated, remote attacker to write arbitrary files as root on the system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by triggering the upgrade package installation functionality. Cisco Bug IDs: CSCvc90304."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-pcpt"
},
{
"name": "1039062",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039062"
},
{
"name": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304",
"refsource": "CONFIRM",
"url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvc90304"
}
]
}
}

32
2018/11xxx/CVE-2018-11103.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11103",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11103",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/11xxx/CVE-2018-11979.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11979",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11979",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/14xxx/CVE-2018-14153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14153",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14153",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/14xxx/CVE-2018-14553.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14553",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14553",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

208
2018/14xxx/CVE-2018-14599.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6"
},
{
"name" : "[xorg-announce] 20180821 libX11 1.6.6",
"refsource" : "MLIST",
"url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
},
{
"name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102062",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
},
{
"name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
},
{
"name" : "GLSA-201811-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-01"
},
{
"name" : "USN-3758-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3758-2/"
},
{
"name" : "USN-3758-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3758-1/"
},
{
"name" : "105177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105177"
},
{
"name" : "1041543",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041543"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3758-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-2/"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1102062",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1102062"
},
{
"name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=b469da1430cdcee06e31c6251b83aede072a1ff0"
},
{
"name": "GLSA-201811-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-01"
},
{
"name": "105177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105177"
},
{
"name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
},
{
"name": "1041543",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041543"
},
{
"name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
},
{
"name": "[xorg-announce] 20180821 libX11 1.6.6",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
},
{
"name": "USN-3758-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-1/"
}
]
}
}

32
2018/14xxx/CVE-2018-14875.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14875",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14875",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15082.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15082",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15082",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/15xxx/CVE-2018-15543.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd",
"refsource" : "MISC",
"url" : "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in the org.telegram.messenger application 4.8.11 for Android. The FingerprintManager class for Biometric validation allows authentication bypass through the callback method from onAuthenticationFailed to onAuthenticationSucceeded with null, because the fingerprint API in conjunction with the Android keyGenerator class is not implemented. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd",
"refsource": "MISC",
"url": "https://gist.github.com/tanprathan/d286c0d5b02e344606287774304a1ccd"
}
]
}
}

118
2018/15xxx/CVE-2018-15569.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "my little forum 2.4.12 allows CSRF for deletion of users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owendarlene.com/csrf-my-little-forum/",
"refsource" : "MISC",
"url" : "http://owendarlene.com/csrf-my-little-forum/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "my little forum 2.4.12 allows CSRF for deletion of users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owendarlene.com/csrf-my-little-forum/",
"refsource": "MISC",
"url": "http://owendarlene.com/csrf-my-little-forum/"
}
]
}
}

118
2018/20xxx/CVE-2018-20201.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/espruino/Espruino/issues/1587",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/issues/1587"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a stack-based buffer over-read in the jsfNameFromString function of jsflash.c in Espruino 2V00, leading to a denial of service or possibly unspecified other impact via a crafted js file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/espruino/Espruino/issues/1587",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/issues/1587"
}
]
}
}

148
2018/20xxx/CVE-2018-20650.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/704",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"name" : "USN-3865-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3865-1/"
},
{
"name" : "106459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106459"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reachable Object::dictLookup assertion in Poppler 0.72.0 allows attackers to cause a denial of service due to the lack of a check for the dict data type, as demonstrated by use of the FileSpec class (in FileSpec.cc) in pdfdetach."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/704",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/704"
},
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/commit/de0c0b8324e776f0b851485e0fc9622fc35695b7"
},
{
"name": "106459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106459"
},
{
"name": "USN-3865-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3865-1/"
}
]
}
}

128
2018/9xxx/CVE-2018-9121.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/",
"refsource" : "MISC",
"url" : "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/"
},
{
"name" : "https://www.youtube.com/watch?v=bCf0hO9upto",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=bCf0hO9upto"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=bCf0hO9upto",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=bCf0hO9upto"
},
{
"name": "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/",
"refsource": "MISC",
"url": "https://www.seekurity.com/blog/general/multiple-cross-site-scripting-vulnerabilities-in-crea8social-social-network-script/"
}
]
}
}