admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:17:03 +00:00
parent 214259ffab
commit 5f0f8c341d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3789 additions and 3789 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0076.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0076", "ID": "CVE-2001-0076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001228 Remote vulnerability in Ikonboard upto version 2.1.7b", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html" "lang": "eng",
}, "value": "register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, which overwrites an internal program variable that references a program to be executed."
{ }
"name" : "2157", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2157" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http-cgi-ikonboard(5819)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5819" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2157"
},
{
"name": "20001228 Remote vulnerability in Ikonboard upto version 2.1.7b",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0483.html"
},
{
"name": "http-cgi-ikonboard(5819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5819"
}
]
}
}

150
2001/0xxx/CVE-2001-0437.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0437", "ID": "CVE-2001-0437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010416 qDefense Advisory: DCForum allows remote read/write/execute", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html" "lang": "eng",
}, "value": "upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload arbitrary files without authentication by setting the az parameter to upload_file."
{ }
"name" : "http://www.dcscripts.com/FAQ/sec_2001_03_31.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.dcscripts.com/FAQ/sec_2001_03_31.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2611", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2611" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "dcforum-az-file-upload(6393)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6393" ]
} },
] "references": {
} "reference_data": [
} {
"name": "dcforum-az-file-upload(6393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6393"
},
{
"name": "http://www.dcscripts.com/FAQ/sec_2001_03_31.html",
"refsource": "CONFIRM",
"url": "http://www.dcscripts.com/FAQ/sec_2001_03_31.html"
},
{
"name": "2611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2611"
},
{
"name": "20010416 qDefense Advisory: DCForum allows remote read/write/execute",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html"
}
]
}
}

140
2001/1xxx/CVE-2001-1575.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1575", "ID": "CVE-2001-1575",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010628 MacOS Personal Wed Sharing DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00409.html" "lang": "eng",
}, "value": "Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow."
{ }
"name" : "2945", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2945" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "macos-personal-web-sharing-dos(6759)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6759" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2945"
},
{
"name": "20010628 MacOS Personal Wed Sharing DoS",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00409.html"
},
{
"name": "macos-personal-web-sharing-dos(6759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6759"
}
]
}
}

180
2006/2xxx/CVE-2006-2497.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2497", "ID": "CVE-2006-2497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060518 AspBB Forum \"profile.asp & default.asp\" XSS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434370/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp."
{ }
"name" : "18025", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18025" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25650", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25650" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25651", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25651" ]
}, },
{ "references": {
"name" : "20175", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20175" "name": "25650",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/25650"
"name" : "926", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/926" "name": "926",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/926"
"name" : "aspbb-profile-default-xss(26530)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26530" "name": "18025",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18025"
} },
} {
"name": "20060518 AspBB Forum \"profile.asp & default.asp\" XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434370/100/0/threaded"
},
{
"name": "25651",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25651"
},
{
"name": "20175",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20175"
},
{
"name": "aspbb-profile-default-xss(26530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26530"
}
]
}
}

200
2006/2xxx/CVE-2006-2748.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2748", "ID": "CVE-2006-2748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435380/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php."
{ }
"name" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631", ]
"refsource" : "MISC", },
"url" : "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/forum/forum.php?forum_id=576483", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/forum/forum.php?forum_id=576483" ]
}, },
{ "references": {
"name" : "18169", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18169" "name": "http://sourceforge.net/forum/forum.php?forum_id=576483",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/forum/forum.php?forum_id=576483"
"name" : "1016178", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016178" "name": "osic-adminfunctions-editcatalogue-sql-inj(26968)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26968"
"name" : "20341", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20341" "name": "20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435380/100/0/threaded"
"name" : "1014", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1014" "name": "20341",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20341"
"name" : "osic-adminfunctions-editcatalogue-sql-inj(26968)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26968" "name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt",
} "refsource": "MISC",
] "url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt"
} },
} {
"name": "1016178",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016178"
},
{
"name": "1014",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1014"
},
{
"name": "18169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18169"
},
{
"name": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631",
"refsource": "MISC",
"url": "http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631"
}
]
}
}

180
2006/2xxx/CVE-2006-2919.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2919", "ID": "CVE-2006-2919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436285/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via crafted inputs that trigger memory corruption."
{ }
"name" : "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046636.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.hexview.com/docs/20060606-1.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.hexview.com/docs/20060606-1.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18311", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/18311" ]
}, },
{ "references": {
"name" : "1016238", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016238" "name": "netmeeting-memory-corruption-dos(26971)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26971"
"name" : "20477", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20477" "name": "http://www.hexview.com/docs/20060606-1.txt",
}, "refsource": "MISC",
{ "url": "http://www.hexview.com/docs/20060606-1.txt"
"name" : "netmeeting-memory-corruption-dos(26971)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26971" "name": "18311",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18311"
} },
} {
"name": "1016238",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016238"
},
{
"name": "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436285/100/0/threaded"
},
{
"name": "20477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20477"
},
{
"name": "20060607 [HV-LOW] Microsoft NetMeeting memory corruption (Brief)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046636.html"
}
]
}
}

180
2006/2xxx/CVE-2006-2971.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2971", "ID": "CVE-2006-2971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060609 0verkill 0.6, Remote integer overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436659/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the recv_packet function in 0verkill 0.16 allows remote attackers to cause a denial of service (daemon crash) via a UDP packet with fewer than 12 bytes, which results in a long length value to the crc32 function."
{ }
"name" : "18353", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18353" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2245", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2245" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26029", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26029" ]
}, },
{ "references": {
"name" : "20551", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20551" "name": "18353",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/18353"
"name" : "1090", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1090" "name": "26029",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/26029"
"name" : "overkill-recvpacket-integer-underflow(27028)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27028" "name": "1090",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/1090"
} },
} {
"name": "20060609 0verkill 0.6, Remote integer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436659/100/0/threaded"
},
{
"name": "ADV-2006-2245",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2245"
},
{
"name": "overkill-recvpacket-integer-underflow(27028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27028"
},
{
"name": "20551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20551"
}
]
}
}

160
2006/2xxx/CVE-2006-2976.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2976", "ID": "CVE-2006-2976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://coppermine-gallery.net/forum/index.php?topic=32333.0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://coppermine-gallery.net/forum/index.php?topic=32333.0" "lang": "eng",
}, "value": "Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors."
{ }
"name" : "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2185", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2185" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20465", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20465" ]
}, },
{ "references": {
"name" : "coppermine-usermgr-unspecified(26983)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983" "name": "ADV-2006-2185",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2185"
} },
} {
"name": "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=423104&group_id=89658"
},
{
"name": "20465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20465"
},
{
"name": "http://coppermine-gallery.net/forum/index.php?topic=32333.0",
"refsource": "CONFIRM",
"url": "http://coppermine-gallery.net/forum/index.php?topic=32333.0"
},
{
"name": "coppermine-usermgr-unspecified(26983)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26983"
}
]
}
}

140
2006/6xxx/CVE-2006-6586.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6586", "ID": "CVE-2006-6586",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2740", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2740" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php in admin/auth/."
{ }
"name" : "1017204", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1017204" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vblog-cfgprogdir-file-include(30094)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30094" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2740",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2740"
},
{
"name": "vblog-cfgprogdir-file-include(30094)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30094"
},
{
"name": "1017204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017204"
}
]
}
}

150
2008/5xxx/CVE-2008-5638.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5638", "ID": "CVE-2008-5638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7300", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7300" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Active Price Comparison 4 allow remote attackers to execute arbitrary SQL commands via the (1) ProductID parameter to reviews.aspx or the (2) linkid parameter to links.asp."
{ }
"name" : "32896", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/32896" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4768", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4768" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "activeprice-reviews-sql-injection(46908)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46908" ]
} },
] "references": {
} "reference_data": [
} {
"name": "32896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32896"
},
{
"name": "7300",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7300"
},
{
"name": "4768",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4768"
},
{
"name": "activeprice-reviews-sql-injection(46908)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46908"
}
]
}
}

130
2008/5xxx/CVE-2008-5908.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5908", "ID": "CVE-2008-5908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the root/boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653455."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://opensolaris.org/os/bug_reports/request_sponsor/", "description_data": [
"refsource" : "MISC", {
"url" : "http://opensolaris.org/os/bug_reports/request_sponsor/" "lang": "eng",
}, "value": "Unspecified vulnerability in the root/boot archive tool in Sun OpenSolaris has unknown impact and local attack vectors, related to a \"Temporary file vulnerability,\" aka Bug ID 6653455."
{ }
"name" : "opensolaris-root-boot-unspecified(48146)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48146" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://opensolaris.org/os/bug_reports/request_sponsor/",
"refsource": "MISC",
"url": "http://opensolaris.org/os/bug_reports/request_sponsor/"
},
{
"name": "opensolaris-root-boot-unspecified(48146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48146"
}
]
}
}

130
2011/2xxx/CVE-2011-2260.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-2260", "ID": "CVE-2011-2260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration."
{ }
"name" : "TA11-201A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-201A.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA11-201A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-201A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html"
}
]
}
}

34
2011/2xxx/CVE-2011-2708.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-2708", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-2708",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2710. Reason: This candidate is a duplicate of CVE-2011-2710. Notes: All CVE users should reference CVE-2011-2710 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2710. Reason: This candidate is a duplicate of CVE-2011-2710. Notes: All CVE users should reference CVE-2011-2710 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

190
2011/2xxx/CVE-2011-2979.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2979", "ID": "CVE-2011-2979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.4.11/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.4.11/" "lang": "eng",
}, "value": "Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of private group names via a custom search. NOTE: this vulnerability exists because of a CVE-2010-2756 regression."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674497", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=674497" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2322", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2011/dsa-2322" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49042", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/49042" ]
}, },
{ "references": {
"name" : "74298", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/74298" "name": "74298",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/74298"
"name" : "74299", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/74299" "name": "bugzilla-queries-info-disclosure(69166)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69166"
"name" : "45501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45501" "name": "45501",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45501"
"name" : "bugzilla-queries-info-disclosure(69166)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69166" "name": "http://www.bugzilla.org/security/3.4.11/",
} "refsource": "CONFIRM",
] "url": "http://www.bugzilla.org/security/3.4.11/"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=674497",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=674497"
},
{
"name": "74299",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/74299"
},
{
"name": "DSA-2322",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2322"
},
{
"name": "49042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49042"
}
]
}
}

270
2011/3xxx/CVE-2011-3184.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3184", "ID": "CVE-2011-3184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/4" "lang": "eng",
}, "value": "The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message."
{ }
"name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/10" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20110822 Re: CVE request: Pidgin crash", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2011/08/22/12" ]
}, },
{ "references": {
"name" : "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c" "name": "FEDORA-2011-11544",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html"
"name" : "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1", },
"refsource" : "CONFIRM", {
"url" : "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1" "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/22/10"
"name" : "http://pidgin.im/news/security/?id=54", },
"refsource" : "CONFIRM", {
"url" : "http://pidgin.im/news/security/?id=54" "name": "oval:org.mitre.oval:def:18284",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=732405", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=732405" "name": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c",
}, "refsource": "CONFIRM",
{ "url": "http://developer.pidgin.im/viewmtn/revision/diff/5c2dba4a7e2e76b76e7f472b88953a4316706d43/with/16af0661899a978b4fedc1c165965b85009013d1/libpurple/protocols/msn/httpconn.c"
"name" : "FEDORA-2011-11544", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-August/064943.html" "name": "pidgin-msn-protocol-dos(69341)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341"
"name" : "FEDORA-2011-11595", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html" "name": "http://pidgin.im/news/security/?id=54",
}, "refsource": "CONFIRM",
{ "url": "http://pidgin.im/news/security/?id=54"
"name" : "49268", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49268" "name": "45663",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45663"
"name" : "oval:org.mitre.oval:def:18284", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18284" "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/22/4"
"name" : "1025961", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1025961" "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2011/08/22/7"
"name" : "45663", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45663" "name": "FEDORA-2011-11595",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html"
"name" : "45916", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45916" "name": "45916",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45916"
"name" : "pidgin-msn-protocol-dos(69341)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69341" "name": "[oss-security] 20110822 Re: CVE request: Pidgin crash",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2011/08/22/12"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=732405",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=732405"
},
{
"name": "49268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49268"
},
{
"name": "1025961",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025961"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/16af0661899a978b4fedc1c165965b85009013d1"
}
]
}
}

310
2011/3xxx/CVE-2011-3348.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3348", "ID": "CVE-2011-3348",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://community.jboss.org/message/625307", "description_data": [
"refsource" : "MISC", {
"url" : "http://community.jboss.org/message/625307" "lang": "eng",
}, "value": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request."
{ }
"name" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21", ]
"refsource" : "CONFIRM", },
"url" : "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.apache.org/dist/httpd/Announcement2.2.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.apache.org/dist/httpd/Announcement2.2.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5130", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5130" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" "name": "HPSBUX02707",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
"name" : "APPLE-SA-2012-02-01-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html" "name": "apache-modproxyajp-dos(69804)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69804"
"name" : "HPSBUX02707", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" "name": "http://support.apple.com/kb/HT5130",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5130"
"name" : "SSRT100626", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=131731002122529&w=2" "name": "RHSA-2011:1391",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-1391.html"
"name" : "HPSBMU02704", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" "name": "oval:org.mitre.oval:def:14941",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941"
"name" : "SSRT100619", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=132033751509019&w=2" "name": "RHSA-2012:0543",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0543.html"
"name" : "MDVSA-2011:168", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:168" "name": "SSRT100619",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
"name" : "RHSA-2011:1391", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1391.html" "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"name" : "RHSA-2012:0542", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0542.html" "name": "MDVSA-2011:168",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:168"
"name" : "RHSA-2012:0543", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0543.html" "name": "APPLE-SA-2012-02-01-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html"
"name" : "49616", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49616" "name": "http://community.jboss.org/message/625307",
}, "refsource": "MISC",
{ "url": "http://community.jboss.org/message/625307"
"name" : "oval:org.mitre.oval:def:14941", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941" "name": "49616",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49616"
"name" : "oval:org.mitre.oval:def:18154", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154" "name": "RHSA-2012:0542",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0542.html"
"name" : "1026054", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026054" "name": "http://www.apache.org/dist/httpd/Announcement2.2.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.apache.org/dist/httpd/Announcement2.2.html"
"name" : "46013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46013" "name": "SSRT100626",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=131731002122529&w=2"
"name" : "apache-modproxyajp-dos(69804)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69804" "name": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21",
} "refsource": "CONFIRM",
] "url": "http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21"
} },
} {
"name": "1026054",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026054"
},
{
"name": "HPSBMU02704",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=132033751509019&w=2"
},
{
"name": "oval:org.mitre.oval:def:18154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154"
},
{
"name": "46013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46013"
}
]
}
}

190
2011/3xxx/CVE-2011-3664.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3664", "ID": "CVE-2011-3664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html" "lang": "eng",
}, "value": "Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey before 2.6 on Mac OS X do not properly handle certain DOM frame deletions by plugins, which allows remote attackers to cause a denial of service (incorrect pointer dereference and application crash) or possibly have unspecified other impact via a crafted web site."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=649079", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=649079" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14574", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026445", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026445" ]
}, },
{ "references": {
"name" : "1026446", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026446" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=649079",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=649079"
"name" : "1026447", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026447" "name": "47334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47334"
"name" : "47302", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47302" "name": "1026447",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026447"
"name" : "47334", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47334" "name": "1026446",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1026446"
} },
} {
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-57.html"
},
{
"name": "1026445",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026445"
},
{
"name": "oval:org.mitre.oval:def:14574",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14574"
},
{
"name": "47302",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47302"
}
]
}
}

140
2011/3xxx/CVE-2011-3728.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3728", "ID": "CVE-2011-3728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "Dolphin 7.0.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by xmlrpc/BxDolXMLRPCProfileView.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/Dolphin-7.0.4"
}
]
}
}

150
2013/0xxx/CVE-2013-0314.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0314", "ID": "CVE-2013-0314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=913327", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=913327" "lang": "eng",
}, "value": "The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets."
{ }
"name" : "RHSA-2013:0613", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0613.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "91120", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/91120" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52552", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/52552" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=913327",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=913327"
},
{
"name": "52552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52552"
},
{
"name": "91120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91120"
},
{
"name": "RHSA-2013:0613",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0613.html"
}
]
}
}

150
2013/0xxx/CVE-2013-0324.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0324", "ID": "CVE-2013-0324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the \"Administer menus and menu items\" permission to inject arbitrary web script or HTML via the menu link title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the \"Administer menus and menu items\" permission to inject arbitrary web script or HTML via the menu link title."
{ }
"name" : "http://drupal.org/node/1922446", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1922446" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1922434", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1922434" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://drupal.org/node/1922446",
"refsource": "MISC",
"url": "http://drupal.org/node/1922446"
},
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/menu_reference.git/commitdiff/7e7367d"
},
{
"name": "http://drupal.org/node/1922434",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1922434"
}
]
}
}

400
2013/0xxx/CVE-2013-0433.json
View File

@ -1,202 +1,202 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0433", "ID": "CVE-2013-0433",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect integrity via unknown vectors related to Networking. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to avoid triggering an exception during the deserialization of invalid InetSocketAddress data."
{ }
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", ]
"refsource" : "CONFIRM", },
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8", "description": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=907456", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=907456" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "oval:org.mitre.oval:def:16537",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16537"
"name" : "HPSBUX02864", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "oval:org.mitre.oval:def:19459",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19459"
"name" : "SSRT101156", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8",
}, "refsource": "CONFIRM",
{ "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ab011765c4e8"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "RHSA-2013:0245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "RHSA-2013:0246", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" "name": "RHSA-2013:0247",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html"
"name" : "RHSA-2013:0247", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "oval:org.mitre.oval:def:19405",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19405"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "openSUSE-SU-2013:0312", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" "name": "openSUSE-SU-2013:0312",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html"
"name" : "openSUSE-SU-2013:0377", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" "name": "openSUSE-SU-2013:0377",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "57719",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57719"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "RHSA-2013:0246",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html"
"name" : "57719", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57719" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:16537", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16537" "name": "HPSBUX02864",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "oval:org.mitre.oval:def:19405", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19405" "name": "RHSA-2013:0245",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html"
"name" : "oval:org.mitre.oval:def:19459", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19459" "name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
"name" : "oval:org.mitre.oval:def:19468", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19468" "name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
} "refsource": "CONFIRM",
] "url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
} },
} {
"name": "oval:org.mitre.oval:def:19468",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19468"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=907456",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=907456"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056"
}
]
}
}

140
2013/0xxx/CVE-2013-0876.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0876", "ID": "CVE-2013-0876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1" "lang": "eng",
}, "value": "Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access."
{ }
"name" : "http://www.ffmpeg.org/security.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ffmpeg.org/security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201603-06", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-06" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5260edee7e5bd975837696c8c8c1a80eb2fbd7c1"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}
}

120
2013/0xxx/CVE-2013-0967.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-0967", "ID": "CVE-2013-0967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2013-03-14-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html" "lang": "eng",
} "value": "CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java Web Start applications, via a crafted web site."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-03-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html"
}
]
}
}

120
2013/1xxx/CVE-2013-1346.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-1346", "ID": "CVE-2013-1346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://technet.microsoft.com/security/advisory/2846338", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://technet.microsoft.com/security/advisory/2846338" "lang": "eng",
} "value": "mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 on x64 platforms allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://technet.microsoft.com/security/advisory/2846338",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/security/advisory/2846338"
}
]
}
}

140
2013/1xxx/CVE-2013-1704.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-1704", "ID": "CVE-2013-1704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via vectors involving a DOM modification at the time of a SetBody mutation event."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883313", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883313" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18945", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=883313",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=883313"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-64.html"
},
{
"name": "oval:org.mitre.oval:def:18945",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18945"
}
]
}
}

200
2013/1xxx/CVE-2013-1881.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1881", "ID": "CVE-2013-1881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://en.securitylab.ru/lab/PT-2013-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://en.securitylab.ru/lab/PT-2013-01" "lang": "eng",
}, "value": "GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
{ }
"name" : "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=691708", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=691708" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0127", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0127.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1786", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html" "name": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes",
}, "refsource": "CONFIRM",
{ "url": "http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.39/librsvg-2.39.0.changes"
"name" : "SUSE-SU-2015:1785", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html" "name": "https://bugzilla.gnome.org/show_bug.cgi?id=691708",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.gnome.org/show_bug.cgi?id=691708"
"name" : "USN-2149-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2149-1" "name": "55088",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55088"
"name" : "USN-2149-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2149-2" "name": "USN-2149-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2149-1"
"name" : "55088", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55088" "name": "RHSA-2014:0127",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2014-0127.html"
} },
} {
"name": "http://en.securitylab.ru/lab/PT-2013-01",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2013-01"
},
{
"name": "openSUSE-SU-2013:1786",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"
},
{
"name": "SUSE-SU-2015:1785",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00020.html"
},
{
"name": "USN-2149-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2149-2"
}
]
}
}

140
2013/1xxx/CVE-2013-1903.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1903", "ID": "CVE-2013-1903",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to \"graphical installers for Linux and Mac OS X,\" which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.postgresql.org/about/news/1456/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.postgresql.org/about/news/1456/" "lang": "eng",
}, "value": "PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to \"graphical installers for Linux and Mac OS X,\" which has unspecified impact and attack vectors."
{ }
"name" : "http://www.postgresql.org/support/security/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.postgresql.org/support/security/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/about/news/1456/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1456/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.postgresql.org/support/security/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security/"
}
]
}
}

34
2013/1xxx/CVE-2013-1934.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1934", "ID": "CVE-2013-1934",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4970.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4970", "ID": "CVE-2013-4970",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/5xxx/CVE-2013-5420.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5420", "ID": "CVE-2013-5420",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660211", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660211" "lang": "eng",
}, "value": "The IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to read log files by leveraging helpdesk privileges for a direct request."
{ }
"name" : "ibm-sam-cve20135420-info-disc(87482)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87482" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-sam-cve20135420-info-disc(87482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87482"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660211",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660211"
}
]
}
}

34
2013/5xxx/CVE-2013-5727.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5727", "ID": "CVE-2013-5727",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2014/2xxx/CVE-2014-2205.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2205", "ID": "CVE-2014-2205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/531255/100/0/threaded" "lang": "eng",
}, "value": "The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) before 4.6.7 Hotfix 940148 allows remote authenticated users with permissions to add dashboards to read arbitrary files by importing a crafted XML file, related to an XML External Entity (XXE) issue."
{ }
"name" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt", ]
"refsource" : "MISC", },
"url" : "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10065", "description": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10065" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "65771", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/65771" ]
}, },
{ "references": {
"name" : "57114", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57114" "name": "57114",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/57114"
} },
} {
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10065",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10065"
},
{
"name": "20140225 [RT-SA-2014-001] McAfee ePolicy Orchestrator: XML External Entity Expansion in Dashboard",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531255/100/0/threaded"
},
{
"name": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt",
"refsource": "MISC",
"url": "https://www.redteam-pentesting.de/advisories/rt-sa-2014-001.txt"
},
{
"name": "65771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65771"
}
]
}
}

160
2014/2xxx/CVE-2014-2818.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2014-2818", "ID": "CVE-2014-2818",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS14-051", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051" "lang": "eng",
}, "value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "69115", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/69115" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1030715", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1030715" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60670", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/60670" ]
}, },
{ "references": {
"name" : "ms-ie-cve20142818-code-exec(94975)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/94975" "name": "1030715",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1030715"
} },
} {
"name": "ms-ie-cve20142818-code-exec(94975)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/94975"
},
{
"name": "MS14-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-051"
},
{
"name": "69115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/69115"
},
{
"name": "60670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60670"
}
]
}
}

150
2017/0xxx/CVE-2017-0092.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0092", "ID": "CVE-2017-0092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Uniscribe", "product_name": "Windows Uniscribe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1" "version_value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41655", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41655/" "lang": "eng",
}, "value": "Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka \"Uniscribe Information Disclosure Vulnerability.\" CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96676", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96676" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "1037992", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1037992" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1037992",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037992"
},
{
"name": "96676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96676"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0092"
},
{
"name": "41655",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41655/"
}
]
}
}

120
2017/0xxx/CVE-2017-0314.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"ID" : "CVE-2017-0314", "ID": "CVE-2017-0314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows GPU Display Driver", "product_name": "Windows GPU Display Driver",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service, Escalation of Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" "lang": "eng",
} "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
}
]
}
}

162
2017/0xxx/CVE-2017-0834.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00", "DATE_PUBLIC": "2017-11-06T00:00:00",
"ID" : "CVE-2017-0834", "ID": "CVE-2017-0834",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-11-01" "lang": "eng",
}, "value": "A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953."
{ }
"name" : "101717", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101717" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
},
{
"name": "101717",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101717"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000240.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.469414", "DATE_ASSIGNED": "2017-08-22T17:29:33.469414",
"ID" : "CVE-2017-1000240", "ID": "CVE-2017-1000240",
"REQUESTER" : "yann.chalencon@gmail.com", "REQUESTER": "yann.chalencon@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "OpenEMR", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.0 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "OpenEMR" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001" "lang": "eng",
} "value": "The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001",
"refsource": "MISC",
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-001"
}
]
}
}

154
2017/1000xxx/CVE-2017-1000249.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-09-01", "DATE_ASSIGNED": "2017-09-01",
"ID" : "CVE-2017-1000249", "ID": "CVE-2017-1000249",
"REQUESTER" : "thomas.jarosch@intra2net.com", "REQUESTER": "thomas.jarosch@intra2net.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "file", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "file() after commit 9611f31313a93aa036389c5f3b15eea53510d4d1, first affected version is file 5.29, released on 2016-10-25." "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "file" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793" "lang": "eng",
}, "value": "An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017)."
{ }
"name" : "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-3965", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3965" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201710-02", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201710-02" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793"
},
{
"name": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d",
"refsource": "CONFIRM",
"url": "https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d"
},
{
"name": "DSA-3965",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3965"
},
{
"name": "GLSA-201710-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-02"
}
]
}
}

230
2017/1000xxx/CVE-2017-1000380.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000380", "ID": "CVE-2017-1000380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux Kernel 4.11-stable and earlier, 3.x including 3.18, 2.6.0 and later", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux Kernel 4.11-stable and earlier, 3.x including 3.18, 2.6.0 and later" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "race condition"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728", "description_data": [
"refsource" : "MISC", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728" "lang": "eng",
}, "value": "sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time."
{ }
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378", ]
"refsource" : "MISC", },
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5", "description": [
"refsource" : "MISC", {
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.openwall.com/lists/oss-security/2017/06/12/2", ]
"refsource" : "MISC", }
"url" : "http://www.openwall.com/lists/oss-security/2017/06/12/2" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728" "name": "RHSA-2017:3315",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3315"
"name" : "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378", },
"refsource" : "MISC", {
"url" : "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378" "name": "RHSA-2017:3322",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3322"
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" "name": "RHSA-2017:3295",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3295"
"name" : "DSA-3981", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3981" "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5",
}, "refsource": "MISC",
{ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5"
"name" : "RHSA-2017:3295", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3295" "name": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728",
}, "refsource": "MISC",
{ "url": "https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728"
"name" : "RHSA-2017:3315", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3315" "name": "http://www.openwall.com/lists/oss-security/2017/06/12/2",
}, "refsource": "MISC",
{ "url": "http://www.openwall.com/lists/oss-security/2017/06/12/2"
"name" : "RHSA-2017:3322", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3322" "name": "DSA-3981",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3981"
"name" : "99121", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99121" "name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728",
} "refsource": "MISC",
] "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728"
} },
} {
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
},
{
"name": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378"
},
{
"name": "99121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99121"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378"
}
]
}
}

142
2017/12xxx/CVE-2017-12099.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00", "DATE_PUBLIC": "2018-01-11T00:00:00",
"ID" : "CVE-2017-12099", "ID": "CVE-2017-12099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Blender", "product_name": "Blender",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v2.78c" "version_value": "v2.78c"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Blender" "vendor_name": "Blender"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" "lang": "eng",
}, "value": "An exploitable integer overflow exists in the upgrade of the legacy Mesh attribute 'tface' of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability."
{ }
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451", ]
"refsource" : "MISC", },
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4248", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4248" "lang": "eng",
} "value": "buffer overflow"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name": "DSA-4248",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4248"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451"
}
]
}
}

130
2017/12xxx/CVE-2017-12292.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12292", "ID": "CVE-2017-12292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Registered Envelope Service", "product_name": "Cisco Registered Envelope Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Registered Envelope Service" "version_value": "Cisco Registered Envelope Service"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res" "lang": "eng",
}, "value": "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
{ }
"name" : "101863", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101863" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res"
},
{
"name": "101863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101863"
}
]
}
}

142
2017/12xxx/CVE-2017-12525.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00", "DATE_PUBLIC": "2017-08-11T00:00:00",
"ID" : "CVE-2017-12525", "ID": "CVE-2017-12525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "PLAT 7.3 (E0504)" "version_value": "PLAT 7.3 (E0504)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us" "lang": "eng",
}, "value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
{ }
"name" : "100367", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100367" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039152", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039152" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

132
2017/16xxx/CVE-2017-16144.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16144", "ID": "CVE-2017-16144",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "myserver.alexcthomas18 node module", "product_name": "myserver.alexcthomas18 node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18" "lang": "eng",
}, "value": "myserver.alexcthomas18 is a file server. myserver.alexcthomas18 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/469", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/469" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/469",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/469"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/myserver.alexcthomas18"
}
]
}
}

132
2017/16xxx/CVE-2017-16151.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16151", "ID": "CVE-2017-16151",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "electron node module", "product_name": "electron node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "< 1.6.14 || >= 1.7.0 < 1.7.8" "version_value": "< 1.6.14 || >= 1.7.0 < 1.7.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code Injection (CWE-94)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix", "description_data": [
"refsource" : "MISC", {
"url" : "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix" "lang": "eng",
}, "value": "Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the [sandbox option](https://electron.atom.io/docs/api/sandbox-option) is enabled."
{ }
"name" : "https://nodesecurity.io/advisories/539", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/539" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix",
"refsource": "MISC",
"url": "https://electron.atom.io/blog/2017/09/27/chromium-rce-vulnerability-fix"
},
{
"name": "https://nodesecurity.io/advisories/539",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/539"
}
]
}
}

34
2017/16xxx/CVE-2017-16692.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16692", "ID": "CVE-2017-16692",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/16xxx/CVE-2017-16729.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16729", "ID": "CVE-2017-16729",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/16xxx/CVE-2017-16854.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16854", "ID": "CVE-2017-16854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html" "lang": "eng",
}, "value": "In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, 5 through 5.0.24, and 6 through 6.0.1, an attacker who is logged in as a customer can use the ticket search form to disclose internal article information of their customer tickets."
{ }
"name" : "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4066", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4066" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171219 [SECURITY] [DLA 1212-1] otrs2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00015.html"
},
{
"name": "DSA-4066",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4066"
},
{
"name": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/",
"refsource": "CONFIRM",
"url": "https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/"
}
]
}
}

34
2017/4xxx/CVE-2017-4176.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4176", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4176",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4549.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4549", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4549",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4611.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4611", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4611",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

162
2018/5xxx/CVE-2018-5175.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-5175", "ID": "CVE-2018-5175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60" "version_value": "60"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"'strict-dynamic'\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Universal CSP bypass on sites using strict-dynamic in their policies"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358" "lang": "eng",
}, "value": "A mechanism to bypass Content Security Policy (CSP) protections on sites that have a \"script-src\" policy of \"'strict-dynamic'\". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the \"require.js\" library that is part of Firefox's Developer Tools, and then use a known technique using that library to bypass the CSP restrictions on executing injected scripts. This vulnerability affects Firefox < 60."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3645-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3645-1/" "lang": "eng",
}, "value": "Universal CSP bypass on sites using strict-dynamic in their policies"
{ }
"name" : "104139", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/104139" ]
}, },
{ "references": {
"name" : "1040896", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040896" "name": "https://www.mozilla.org/security/advisories/mfsa2018-11/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/"
} },
} {
"name": "1040896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040896"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1432358"
},
{
"name": "USN-3645-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3645-1/"
},
{
"name": "104139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104139"
}
]
}
}

206
2018/5xxx/CVE-2018-5410.json
View File

@ -1,105 +1,105 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cert@cert.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2018-5410", "ID": "CVE-2018-5410",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Dokan file system driver contains a stack-based buffer overflow" "TITLE": "Dokan file system driver contains a stack-based buffer overflow"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Open Source File System", "product_name": "Open Source File System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : ">=", "affected": ">=",
"version_name" : "1.0.0.5000", "version_name": "1.0.0.5000",
"version_value" : "1.0.0.5000" "version_value": "1.0.0.5000"
}, },
{ {
"affected" : "<=", "affected": "<=",
"version_name" : "1.2.0.1000", "version_name": "1.2.0.1000",
"version_value" : "1.2.0.1000" "version_value": "1.2.0.1000"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dokan" "vendor_name": "Dokan"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Thanks to Parvez Anwar for reporting this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Thanks to Parvez Anwar for reporting this vulnerability."
"name" : "46155", }
"refsource" : "EXPLOIT-DB", ],
"url" : "https://www.exploit-db.com/exploits/46155/" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://cwe.mitre.org/data/definitions/121.html", "description": {
"refsource" : "MISC", "description_data": [
"url" : "https://cwe.mitre.org/data/definitions/121.html" {
}, "lang": "eng",
{ "value": "Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update."
"name" : "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000", }
"refsource" : "CONFIRM", ]
"url" : "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "VU#741315", {
"refsource" : "CERT-VN", "description": [
"url" : "https://kb.cert.org/vuls/id/741315/" {
}, "lang": "eng",
{ "value": "CWE-121: Stack-based Buffer Overflow"
"name" : "106274", }
"refsource" : "BID", ]
"url" : "http://www.securityfocus.com/bid/106274" }
} ]
] },
}, "references": {
"solution" : [ "reference_data": [
{ {
"lang" : "eng", "name": "VU#741315",
"value" : "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input." "refsource": "CERT-VN",
} "url": "https://kb.cert.org/vuls/id/741315/"
], },
"source" : { {
"discovery" : "UNKNOWN" "name": "46155",
} "refsource": "EXPLOIT-DB",
} "url": "https://www.exploit-db.com/exploits/46155/"
},
{
"name": "https://cwe.mitre.org/data/definitions/121.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/121.html"
},
{
"name": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000",
"refsource": "CONFIRM",
"url": "https://github.com/dokan-dev/dokany/releases/tag/v1.2.1.1000"
},
{
"name": "106274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106274"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Dokan developers have released a new version, 1.2.1, that fixes this vulnerability by validating the user input."
}
],
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/5xxx/CVE-2018-5615.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5615", "ID": "CVE-2018-5615",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/5xxx/CVE-2018-5825.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2018-5825", "ID": "CVE-2018-5825",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the kernel IPA driver, a Use After Free condition can occur."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}