admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:58:31 +00:00
parent dacd1d8003
commit 634079e104
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3336 additions and 3336 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2002/0xxx/CVE-2002-0046.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0046", "ID": "CVE-2002-0046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 remote memory reading through tcp/icmp", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/251418" "lang": "eng",
}, "value": "Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet."
{ }
"name" : "RHSA-2002:007", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2002-007.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "icmp-read-memory(7998)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7998" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5394", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5394" ]
} },
] "references": {
} "reference_data": [
{
"name": "icmp-read-memory(7998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7998"
},
{
"name": "5394",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5394"
},
{
"name": "RHSA-2002:007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-007.html"
},
{
"name": "20020120 remote memory reading through tcp/icmp",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251418"
}
]
}
} }

138
2002/0xxx/CVE-2002-0141.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0141", "ID": "CVE-2002-0141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 Maelstrom 1.4.3 abartity file overwrite", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/251419" "lang": "eng",
}, "value": "Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file."
{ }
"name" : "3911", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3911" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "maelstrom-tmp-symlink(7939)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7939.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "3911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3911"
},
{
"name": "20020120 Maelstrom 1.4.3 abartity file overwrite",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/251419"
},
{
"name": "maelstrom-tmp-symlink(7939)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7939.php"
}
]
}
} }

138
2002/0xxx/CVE-2002-0335.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0335", "ID": "CVE-2002-0335",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101484128203523&w=2" "lang": "eng",
}, "value": "Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long HTTP GET request."
{ }
"name" : "4186", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4186" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "worldgroup-http-get-bo(8298)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8298.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "4186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4186"
},
{
"name": "worldgroup-http-get-bo(8298)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8298.php"
},
{
"name": "20020227 LBYTE&SECURITY.NNOV: Buffer overflows in Worldgroup",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101484128203523&w=2"
}
]
}
} }

208
2002/0xxx/CVE-2002-0429.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0429", "ID": "CVE-2002-0429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020308 linux <=2.4.18 x86 traps.c problem", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101561298818888&w=2" "lang": "eng",
}, "value": "The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall)."
{ }
"name" : "http://www.openwall.com/linux/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.openwall.com/linux/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-311", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-311" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-312", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2003/dsa-312" ]
}, },
{ "references": {
"name" : "DSA-332", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-332" "name": "DSA-336",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-336"
"name" : "DSA-336", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-336" "name": "DSA-311",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-311"
"name" : "DSA-442", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-442" "name": "DSA-332",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-332"
"name" : "RHSA-2002:158", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-158.html" "name": "DSA-312",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-312"
"name" : "4259", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4259" "name": "DSA-442",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-442"
"name" : "linux-ibcs-lcall-process(8420)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8420.php" "name": "RHSA-2002:158",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-158.html"
} },
{
"name": "20020308 linux <=2.4.18 x86 traps.c problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101561298818888&w=2"
},
{
"name": "linux-ibcs-lcall-process(8420)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8420.php"
},
{
"name": "4259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4259"
},
{
"name": "http://www.openwall.com/linux/",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/linux/"
}
]
}
} }

168
2002/0xxx/CVE-2002-0814.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0814", "ID": "CVE-2002-0814",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020724 VMware GSX Server Remote Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102752511030425&w=2" "lang": "eng",
}, "value": "Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument."
{ }
"name" : "20020726 Re: VMware GSX Server Remote Buffer Overflow", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=102765223418716&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020805 VMware GSX Server 2.0.1 Release and Security Alert", "description": [
"refsource" : "NTBUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/download/gsx_security.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/download/gsx_security.html" ]
}, },
{ "references": {
"name" : "vmware-gsx-auth-bo(9663)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9663.php" "name": "http://www.vmware.com/download/gsx_security.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/download/gsx_security.html"
"name" : "5294", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5294" "name": "vmware-gsx-auth-bo(9663)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/9663.php"
} },
{
"name": "20020805 VMware GSX Server 2.0.1 Release and Security Alert",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html"
},
{
"name": "20020726 Re: VMware GSX Server Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102765223418716&w=2"
},
{
"name": "5294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5294"
},
{
"name": "20020724 VMware GSX Server Remote Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102752511030425&w=2"
}
]
}
} }

158
2002/1xxx/CVE-2002-1338.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1338", "ID": "CVE-2002-1338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101830175621193&w=2" "lang": "eng",
}, "value": "The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files."
{ }
"name" : "http://security.greymagic.com/adv/gm008-ie/", ]
"refsource" : "MISC", },
"url" : "http://security.greymagic.com/adv/gm008-ie/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#156123", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/156123" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4454", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4454" ]
}, },
{ "references": {
"name" : "owc-chart-load-exist(8784)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8784" "name": "http://security.greymagic.com/adv/gm008-ie/",
} "refsource": "MISC",
] "url": "http://security.greymagic.com/adv/gm008-ie/"
} },
{
"name": "owc-chart-load-exist(8784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8784"
},
{
"name": "VU#156123",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/156123"
},
{
"name": "20020408 Multiple local files detection issues with OWC in IE (GM#008-IE)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101830175621193&w=2"
},
{
"name": "4454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4454"
}
]
}
} }

208
2002/1xxx/CVE-2002-1371.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1371", "ID": "CVE-2002-1371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" "lang": "eng",
}, "value": "filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif."
{ }
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.idefense.com/advisory/12.19.02.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/12.19.02.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CLSA-2003:702", ]
"refsource" : "CONECTIVA", }
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702" ]
}, },
{ "references": {
"name" : "DSA-232", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-232" "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"
"name" : "MDKSA-2003:001", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001" "name": "CLSA-2003:702",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702"
"name" : "RHSA-2002:295", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" "name": "DSA-232",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-232"
"name" : "SuSE-SA:2003:002", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" "name": "SuSE-SA:2003:002",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"
"name" : "6439", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6439" "name": "http://www.idefense.com/advisory/12.19.02.txt",
}, "refsource": "MISC",
{ "url": "http://www.idefense.com/advisory/12.19.02.txt"
"name" : "cups-zero-width-images(10911)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10911" "name": "RHSA-2002:295",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"
} },
{
"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"
},
{
"name": "MDKSA-2003:001",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001"
},
{
"name": "cups-zero-width-images(10911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10911"
},
{
"name": "6439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6439"
}
]
}
} }

148
2002/1xxx/CVE-2002-1446.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1446", "ID": "CVE-2002-1446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html" "lang": "eng",
}, "value": "The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages."
{ }
"name" : "http://www.ncipher.com/support/advisories/advisory5_c_verify.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ncipher.com/support/advisories/advisory5_c_verify.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5498", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5498" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ncipher-cverify-improper-verification(9895)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9895.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "ncipher-cverify-improper-verification(9895)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9895.php"
},
{
"name": "5498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5498"
},
{
"name": "http://www.ncipher.com/support/advisories/advisory5_c_verify.html",
"refsource": "CONFIRM",
"url": "http://www.ncipher.com/support/advisories/advisory5_c_verify.html"
},
{
"name": "20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html"
}
]
}
} }

138
2002/1xxx/CVE-2002-1972.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1972", "ID": "CVE-2002-1972",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://freshmeat.net/releases/101529/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://freshmeat.net/releases/101529/" "lang": "eng",
}, "value": "Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports."
{ }
"name" : "1005534", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1005534" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pp-powerswitch-port-access(10552)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10552.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "pp-powerswitch-port-access(10552)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10552.php"
},
{
"name": "1005534",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005534"
},
{
"name": "http://freshmeat.net/releases/101529/",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/releases/101529/"
}
]
}
} }

158
2002/2xxx/CVE-2002-2390.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2390", "ID": "CVE-2002-2390",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020918 Trillian .74 and below, ident flaw.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html" "lang": "eng",
}, "value": "Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725, 0.73, 0.74 and 1.0 pro allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request."
{ }
"name" : "20020918 trillian DoS: trillian 1.0 pro also vulnerable", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020917 Trillian .74 and below, ident flaw.", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5733", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5733" ]
}, },
{ "references": {
"name" : "trillian-identd-bo(10118)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10118.php" "name": "20020918 trillian DoS: trillian 1.0 pro also vulnerable",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0224.html"
} },
{
"name": "5733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5733"
},
{
"name": "20020918 Trillian .74 and below, ident flaw.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0206.html"
},
{
"name": "20020917 Trillian .74 and below, ident flaw.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2002-September/001890.html"
},
{
"name": "trillian-identd-bo(10118)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10118.php"
}
]
}
} }

148
2003/0xxx/CVE-2003-0050.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0050", "ID": "CVE-2003-0050",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104618904330226&w=2" "lang": "eng",
}, "value": "parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters."
{ }
"name" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6954", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6954" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "quicktime-darwin-command-execution(11401)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/11401.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt",
"refsource": "CONFIRM",
"url": "http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt"
},
{
"name": "quicktime-darwin-command-execution(11401)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11401.php"
},
{
"name": "6954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6954"
},
{
"name": "20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104618904330226&w=2"
}
]
}
} }

158
2009/1xxx/CVE-2009-1324.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1324", "ID": "CVE-2009-1324",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8407", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8407" "lang": "eng",
}, "value": "Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file."
{ }
"name" : "8412", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8412" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34494", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34494" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34681", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/34681" ]
}, },
{ "references": {
"name" : "asxmp3-m3u-bo(49840)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49840" "name": "34681",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/34681"
} },
{
"name": "asxmp3-m3u-bo(49840)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49840"
},
{
"name": "8412",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8412"
},
{
"name": "8407",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8407"
},
{
"name": "34494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34494"
}
]
}
} }

32
2009/1xxx/CVE-2009-1340.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1340", "ID": "CVE-2009-1340",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2012/0xxx/CVE-2012-0199.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-0199", "ID": "CVE-2012-0199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-12-040/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-12-040/" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allow remote attackers to execute arbitrary SQL commands via (1) a SOAP message to the Printer.getPrinterAgentKey function in the SoapServlet servlet, (2) the User.updateUserValue function in the register.do servlet, (3) the User.isExistingUser function in the logon.do servlet, (4) the Asset.getHWKey function in the CallHomeExec servlet, (5) the Asset.getMimeType function in the getAttachment (aka GetAttachmentServlet) servlet, (6) the addAsset.do servlet, or (7) a crafted EG2 file."
{ }
"name" : "tpme-multiple-sql-injection(73034)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73034" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-12-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-12-040/"
},
{
"name": "tpme-multiple-sql-injection(73034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73034"
}
]
}
} }

118
2012/0xxx/CVE-2012-0395.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2012-0395", "ID": "CVE-2012-0395",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/521374" "lang": "eng",
} "value": "Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before 7.6.3 SP1 Cumulative Release build 851 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120126 ESA-2012-005: EMC NetWorker buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/521374"
}
]
}
} }

438
2012/0xxx/CVE-2012-0456.json
View File

@ -1,222 +1,222 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0456", "ID": "CVE-2012-0456",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html" "lang": "eng",
}, "value": "The SVG Filters implementation in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 might allow remote attackers to obtain sensitive information from process memory via vectors that trigger an out-of-bounds read."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711653", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=711653" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2433", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2433" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2458", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2458" ]
}, },
{ "references": {
"name" : "MDVSA-2012:031", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" "name": "openSUSE-SU-2012:0417",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
"name" : "MDVSA-2012:032", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" "name": "48402",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48402"
"name" : "RHSA-2012:0387", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" "name": "MDVSA-2012:031",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
"name" : "RHSA-2012:0388", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" "name": "48624",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48624"
"name" : "openSUSE-SU-2012:0417", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" "name": "SUSE-SU-2012:0424",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
"name" : "SUSE-SU-2012:0424", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" "name": "USN-1400-5",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-5"
"name" : "SUSE-SU-2012:0425", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" "name": "48414",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48414"
"name" : "USN-1400-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-3" "name": "48359",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48359"
"name" : "USN-1400-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-4" "name": "48823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48823"
"name" : "USN-1400-5", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-5" "name": "USN-1401-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1401-1"
"name" : "USN-1400-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-2" "name": "USN-1400-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-4"
"name" : "USN-1401-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1401-1" "name": "48629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48629"
"name" : "USN-1400-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-1" "name": "USN-1400-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-3"
"name" : "oval:org.mitre.oval:def:15007", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007" "name": "RHSA-2012:0387",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
"name" : "1026804", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026804" "name": "48496",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48496"
"name" : "1026801", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026801" "name": "SUSE-SU-2012:0425",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
"name" : "1026803", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026803" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-14.html"
"name" : "48629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48629" "name": "USN-1400-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-2"
"name" : "48513", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48513" "name": "DSA-2458",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2458"
"name" : "48495", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48495" "name": "48920",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48920"
"name" : "48496", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48496" "name": "oval:org.mitre.oval:def:15007",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15007"
"name" : "48553", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48553" "name": "DSA-2433",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2433"
"name" : "48561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48561" "name": "MDVSA-2012:032",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
"name" : "48624", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48624" "name": "1026803",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026803"
"name" : "48823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48823" "name": "48495",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48495"
"name" : "48920", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48920" "name": "48553",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48553"
"name" : "48402", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48402" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=711653",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=711653"
"name" : "48359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48359" "name": "USN-1400-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-1"
"name" : "48414", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48414" "name": "48561",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48561"
} },
{
"name": "RHSA-2012:0388",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
},
{
"name": "1026801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026801"
},
{
"name": "1026804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026804"
},
{
"name": "48513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48513"
}
]
}
} }

178
2012/3xxx/CVE-2012-3508.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3508", "ID": "CVE-2012-3508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using \"javascript:\" in an href attribute in the body of an HTML-formatted email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120820 CVE-request: Roundcube XSS issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/20/2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using \"javascript:\" in an href attribute in the body of an HTML-formatted email."
{ }
"name" : "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/08/20/9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.securelist.com/en/advisories/50279", "description": [
"refsource" : "MISC", {
"url" : "http://www.securelist.com/en/advisories/50279" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://sourceforge.net/news/?group_id=139281&id=309011", ]
"refsource" : "CONFIRM", }
"url" : "http://sourceforge.net/news/?group_id=139281&id=309011" ]
}, },
{ "references": {
"name" : "http://trac.roundcube.net/ticket/1488613", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://trac.roundcube.net/ticket/1488613" "name": "http://trac.roundcube.net/ticket/1488613",
}, "refsource": "CONFIRM",
{ "url": "http://trac.roundcube.net/ticket/1488613"
"name" : "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee" "name": "50279",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50279"
"name" : "50279", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50279" "name": "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee",
} "refsource": "CONFIRM",
] "url": "https://github.com/roundcube/roundcubemail/commit/5ef8e4ad9d3ee8689d2b83750aa65395b7cd59ee"
} },
{
"name": "[oss-security] 20120820 Re: CVE-request: Roundcube XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/9"
},
{
"name": "[oss-security] 20120820 CVE-request: Roundcube XSS issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/20/2"
},
{
"name": "http://www.securelist.com/en/advisories/50279",
"refsource": "MISC",
"url": "http://www.securelist.com/en/advisories/50279"
},
{
"name": "http://sourceforge.net/news/?group_id=139281&id=309011",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/news/?group_id=139281&id=309011"
}
]
}
} }

32
2012/3xxx/CVE-2012-3779.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3779", "ID": "CVE-2012-3779",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/3xxx/CVE-2012-3880.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3880", "ID": "CVE-2012-3880",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/3xxx/CVE-2012-3897.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3897", "ID": "CVE-2012-3897",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/3xxx/CVE-2012-3917.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3917", "ID": "CVE-2012-3917",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2012/4xxx/CVE-2012-4116.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-4116", "ID": "CVE-2012-4116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131017 Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116" "lang": "eng",
} "value": "The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete the authentication process for a server connection, by sniffing the network, aka Bug ID CSCtr72970."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131017 Cisco Unified Computing System Fabric Interconnect Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4116"
}
]
}
} }

158
2012/4xxx/CVE-2012-4417.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4417", "ID": "CVE-2012-4417",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=856341", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=856341" "lang": "eng",
}, "value": "GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names."
{ }
"name" : "RHSA-2012:1456", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1456.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56522", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56522" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027756", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027756" ]
}, },
{ "references": {
"name" : "redhat-storage-glusterfs-symlink(80074)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074" "name": "RHSA-2012:1456",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-1456.html"
} },
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=856341",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=856341"
},
{
"name": "1027756",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027756"
},
{
"name": "redhat-storage-glusterfs-symlink(80074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80074"
},
{
"name": "56522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56522"
}
]
}
} }

158
2012/4xxx/CVE-2012-4577.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4577", "ID": "CVE-2012-4577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of \"password\" for the root account, which allows remote attackers to obtain administrative access via an SSH session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity" "lang": "eng",
}, "value": "The Linux firmware image on (1) Korenix Jetport 5600 series serial-device servers and (2) ORing Industrial DIN-Rail serial-device servers has a hardcoded password of \"password\" for the root account, which allows remote attackers to obtain administrative access via an SSH session."
{ }
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02", ]
"refsource" : "MISC", },
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02", "description": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "55196", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/55196" ]
}, },
{ "references": {
"name" : "jetport-default-password(77992)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77992" "name": "jetport-default-password(77992)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77992"
} },
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-263-02"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-297-02"
},
{
"name": "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity",
"refsource": "MISC",
"url": "http://www.digitalbond.com/2012/06/13/korenix-and-oring-insecurity"
},
{
"name": "55196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55196"
}
]
}
} }

32
2012/6xxx/CVE-2012-6306.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6306", "ID": "CVE-2012-6306",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

164
2017/2xxx/CVE-2017-2609.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2609", "ID": "CVE-2017-2609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "jenkins", "product_name": "jenkins",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "jenkins 2.44" "version_value": "jenkins 2.44"
}, },
{ {
"version_value" : "jenkins 2.32.2" "version_value": "jenkins 2.32.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609" "lang": "eng",
}, "value": "jenkins before versions 2.44, 2.32.2 is vulnerable to an information disclosure vulnerability in search suggestions (SECURITY-385). The autocomplete feature on the search box discloses the names of the views in its suggestions, including the ones for which the current user does not have access to."
{ }
"name" : "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319" "impact": {
}, "cvss": [
{ [
"name" : "95964", {
"refsource" : "BID", "vectorString": "4.3/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"url" : "http://www.securityfocus.com/bid/95964" "version": "3.0"
} }
] ]
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95964"
},
{
"name": "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319",
"refsource": "CONFIRM",
"url": "https://github.com/jenkinsci/jenkins/commit/13905d8224899ba7332fe9af4e330ea96a2ae319"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2609"
}
]
}
} }

140
2017/2xxx/CVE-2017-2923.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-09-11T00:00:00", "DATE_PUBLIC": "2017-09-11T00:00:00",
"ID" : "CVE-2017-2923", "ID": "CVE-2017-2923",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FreeXL", "product_name": "FreeXL",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.3" "version_value": "1.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Alessandro Furieri" "vendor_name": "Alessandro Furieri"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430" "lang": "eng",
}, "value": "An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability."
{ }
"name" : "DSA-3976", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2017/dsa-3976" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100807", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100807" "lang": "eng",
} "value": "remote code execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3976",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3976"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430"
},
{
"name": "100807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100807"
}
]
}
} }

128
2017/2xxx/CVE-2017-2968.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2968", "ID": "CVE-2017-2968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Campaign 16.4 Build 8724 and earlier.", "product_name": "Adobe Campaign 16.4 Build 8724 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Campaign 16.4 Build 8724 and earlier." "version_value": "Adobe Campaign 16.4 Build 8724 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/campaign/apsb17-03.html" "lang": "eng",
}, "value": "Adobe Campaign versions 16.4 Build 8724 and earlier have a code injection vulnerability."
{ }
"name" : "96197", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96197" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96197"
},
{
"name": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/campaign/apsb17-03.html"
}
]
}
} }

138
2017/2xxx/CVE-2017-2980.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2980", "ID": "CVE-2017-2980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Digital Editions 4.5.3 and earlier.", "product_name": "Adobe Digital Editions 4.5.3 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Digital Editions 4.5.3 and earlier." "version_value": "Adobe Digital Editions 4.5.3 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html" "lang": "eng",
}, "value": "Adobe Digital Editions versions 4.5.3 and earlier have an exploitable buffer over-read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "96195", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96195" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037816", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037816" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1037816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037816"
},
{
"name": "96195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96195"
},
{
"name": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/Digital-Editions/apsb17-05.html"
}
]
}
} }

158
2017/6xxx/CVE-2017-6132.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-12-20T00:00:00", "DATE_PUBLIC": "2017-12-20T00:00:00",
"ID" : "CVE-2017-6132", "ID": "CVE-2017-6132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe", "product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, Websafe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "13.0.0" "version_value": "13.0.0"
}, },
{ {
"version_value" : "12.0.0 - 12.1.2" "version_value": "12.0.0 - 12.1.2"
}, },
{ {
"version_value" : "11.6.0 - 11.6.1" "version_value": "11.6.0 - 11.6.1"
}, },
{ {
"version_value" : "11.5.0 - 11.5.4" "version_value": "11.5.0 - 11.5.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K12044607", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K12044607" "lang": "eng",
}, "value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2, 11.6.0 to 11.6.1 and 11.5.0 - 11.5.4, an undisclosed sequence of packets sent to BIG-IP High Availability state mirror listeners (primary and/or secondary IP) may cause TMM to restart."
{ }
"name" : "102333", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102333" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040049", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040049" "lang": "eng",
} "value": "Denial of Service"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "102333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102333"
},
{
"name": "https://support.f5.com/csp/article/K12044607",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K12044607"
},
{
"name": "1040049",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040049"
}
]
}
} }

120
2017/6xxx/CVE-2017-6227.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@brocade.com", "ASSIGNER": "sirt@brocade.com",
"DATE_PUBLIC" : "2018-01-31T00:00:00", "DATE_PUBLIC": "2018-01-31T00:00:00",
"ID" : "CVE-2017-6227", "ID": "CVE-2017-6227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Brocade FABRIC OS", "product_name": "Brocade FABRIC OS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "all versions before 7.4.2b, 8.1.2 and 8.2.0" "version_value": "all versions before 7.4.2b, 8.1.2 and 8.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Brocade Communications Systems, Inc." "vendor_name": "Brocade Communications Systems, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526" "lang": "eng",
} "value": "A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow an attacker to cause a denial of service (CPU consumption and device hang) condition by sending crafted Router Advertisement (RA) messages to a targeted system."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526",
"refsource": "CONFIRM",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2018-526"
}
]
}
} }

130
2017/6xxx/CVE-2017-6264.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC" : "2017-11-06T00:00:00", "DATE_PUBLIC": "2017-11-06T00:00:00",
"ID" : "CVE-2017-6264", "ID": "CVE-2017-6264",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "N/A" "version_value": "N/A"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-11-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists in the NVIDIA GPU driver (gm20b_clk_throt_set_cdev_state), where an out of bound memory read is used as a function pointer could lead to code execution in the kernel.This issue is rated as high because it could allow a local malicious application to execute arbitrary code within the context of a privileged process. Product: Android. Version: N/A. Android ID: A-34705430. References: N-CVE-2017-6264."
{ }
"name" : "101744", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101744" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101744"
},
{
"name": "https://source.android.com/security/bulletin/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-11-01"
}
]
}
} }

138
2017/6xxx/CVE-2017-6608.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6608", "ID": "CVE-2017-6608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco ASA Software", "product_name": "Cisco ASA Software",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco ASA Software" "version_value": "Cisco ASA Software"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls" "lang": "eng",
}, "value": "A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of crafted SSL or TLS packets. An attacker could exploit this vulnerability by sending a crafted packet to the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic. A valid SSL or TLS session is needed to exploit this vulnerability. This vulnerability affects Cisco ASA Software running on the following products: Cisco ASA 1000V Cloud Firewall, Cisco ASA 5500 Series Adaptive Security Appliances, Cisco ASA 5500-X Series Next-Generation Firewalls, Cisco ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Cisco Adaptive Security Virtual Appliance (ASAv), Cisco Firepower 9300 ASA Security Module, Cisco ISA 3000 Industrial Security Appliance. Fixed versions: 8.4(7.31) 9.0(4.39) 9.1(7) 9.2(4.6) 9.3(3.8) 9.4(2) 9.5(2). Cisco Bug IDs: CSCuv48243."
{ }
"name" : "97937", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97937" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038315", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038315" "lang": "eng",
} "value": "CWE-399"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "97937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97937"
},
{
"name": "1038315",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038315"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-asa-tls"
}
]
}
} }

32
2017/6xxx/CVE-2017-6857.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6857", "ID": "CVE-2017-6857",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/7xxx/CVE-2017-7623.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7623", "ID": "CVE-2017-7623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/jsummers/imageworsener/issues/12", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/jsummers/imageworsener/issues/12" "lang": "eng",
}, "value": "The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file."
{ }
"name" : "97577", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97577" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jsummers/imageworsener/issues/12",
"refsource": "CONFIRM",
"url": "https://github.com/jsummers/imageworsener/issues/12"
},
{
"name": "97577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97577"
}
]
}
} }

118
2017/7xxx/CVE-2017-7720.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7720", "ID": "CVE-2017-7720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41916", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41916/" "lang": "eng",
} "value": "Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41916",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41916/"
}
]
}
} }

32
2017/7xxx/CVE-2017-7740.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7740", "ID": "CVE-2017-7740",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2017/7xxx/CVE-2017-7897.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7897", "ID": "CVE-2017-7897",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mantisbt.org/bugs/view.php?id=22742", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mantisbt.org/bugs/view.php?id=22742" "lang": "eng",
}, "value": "A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x before 2.3.2) Timeline include page, used in My View (my_view_page.php) and User Information (view_user_page.php) pages, allows remote attackers to inject arbitrary code (if CSP settings permit it) through crafted PATH_INFO in a URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs."
{ }
"name" : "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/mantisbt/mantisbt/pull/1094", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/mantisbt/mantisbt/pull/1094" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1038278", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038278" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.mantisbt.org/bugs/view.php?id=22742",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=22742"
},
{
"name": "1038278",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038278"
},
{
"name": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/a1c719313d61b07bbe8700005807b8195fdc32f1"
},
{
"name": "https://github.com/mantisbt/mantisbt/pull/1094",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/pull/1094"
}
]
}
} }

158
2018/11xxx/CVE-2018-11054.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2018-11054", "ID": "CVE-2018-11054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BSAFE Micro Edition Suite", "product_name": "BSAFE Micro Edition Suite",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "=", "affected": "=",
"version_value" : "4.1.6" "version_value": "4.1.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "RSA" "vendor_name": "RSA"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "integer overflow vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Aug/46" "lang": "eng",
} "value": "RSA BSAFE Micro Edition Suite, version 4.1.6, contains an integer overflow vulnerability. A remote attacker could use maliciously constructed ASN.1 data to potentially cause a Denial Of Service."
] }
}, ]
"source" : { },
"discovery" : "UNKNOWN" "impact": {
} "cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "integer overflow vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180828 DSA-2018-128: RSA BSAFE Micro Edition Suite and Crypto-C Micro Edition Multiple Security Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/46"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
} }

128
2018/11xxx/CVE-2018-11331.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11331", "ID": "CVE-2018-11331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e" "lang": "eng",
}, "value": "An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess."
{ }
"name" : "https://github.com/pluck-cms/pluck/issues/58", ]
"refsource" : "MISC", },
"url" : "https://github.com/pluck-cms/pluck/issues/58" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pluck-cms/pluck/issues/58",
"refsource": "MISC",
"url": "https://github.com/pluck-cms/pluck/issues/58"
},
{
"name": "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e",
"refsource": "MISC",
"url": "https://github.com/pluck-cms/pluck/commit/8f6541e60c9435e82e9c531a20cb3c218d36976e"
}
]
}
} }

118
2018/14xxx/CVE-2018-14527.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14527", "ID": "CVE-2018-14527",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc" "lang": "eng",
} "value": "Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements)."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc",
"refsource": "MISC",
"url": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/2018/Xiao5uCompany_1.7_xss.doc"
}
]
}
} }

128
2018/14xxx/CVE-2018-14768.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14768", "ID": "CVE-2018-14768",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" "lang": "eng",
}, "value": "Various VIVOTEK FD8*, FD9*, FE9*, IB8*, IB9*, IP9*, IZ9*, MS9*, SD9*, and other devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code."
{ }
"name" : "https://www.vivotek.com/website/support/cybersecurity/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.vivotek.com/website/support/cybersecurity/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
},
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "CONFIRM",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
}
]
}
} }

138
2018/14xxx/CVE-2018-14780.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14780", "ID": "CVE-2018-14780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/08/14/2" "lang": "eng",
}, "value": "An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. The file lib/ykpiv.c contains the following code in the function `_ykpiv_fetch_object()`: {% highlight c %} if(sw == SW_SUCCESS) { size_t outlen; int offs = _ykpiv_get_length(data + 1, &outlen); if(offs == 0) { return YKPIV_SIZE_ERROR; } memmove(data, data + 1 + offs, outlen); *len = outlen; return YKPIV_OK; } else { return YKPIV_GENERIC_ERROR; } {% endhighlight %} -- in the end, a `memmove()` occurs with a length retrieved from APDU data. This length is not checked for whether it is outside of the APDU data retrieved. Therefore the `memmove()` could copy bytes behind the allocated data buffer into this buffer."
{ }
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/", ]
"refsource" : "MISC", },
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.yubico.com/support/security-advisories/ysa-2018-03/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.yubico.com/support/security-advisories/ysa-2018-03/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2018-03/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2018-03/"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-001-Yubico-Piv/"
},
{
"name": "[oss-security] 20180814 X41 D-Sec GmbH Security Advisory X41-2018-001: Multiple Vulnerabilities in Yubico Piv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/08/14/2"
}
]
}
} }

32
2018/15xxx/CVE-2018-15033.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15033", "ID": "CVE-2018-15033",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15218.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15218", "ID": "CVE-2018-15218",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

176
2018/15xxx/CVE-2018-15451.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600", "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-15451", "ID": "CVE-2018-15451",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability" "TITLE": "Cisco Prime Service Catalog Cross-Site Scripting Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Service Catalog ", "product_name": "Cisco Prime Service Catalog ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "5.4",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss" "lang": "eng",
}, "value": "A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information."
{ }
"name" : "105857", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105857" "exploit": [
} {
] "lang": "eng",
}, "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"source" : { }
"advisory" : "cisco-sa-20181107-psc-xss", ],
"defect" : [ "impact": {
[ "cvss": {
"CSCvm48196" "baseScore": "5.4",
] "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N ",
], "version": "3.0"
"discovery" : "INTERNAL" }
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105857"
},
{
"name": "20181107 Cisco Prime Service Catalog Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-psc-xss"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-psc-xss",
"defect": [
[
"CSCvm48196"
]
],
"discovery": "INTERNAL"
}
} }

192
2018/15xxx/CVE-2018-15617.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "securityalerts@avaya.com", "ASSIGNER": "securityalerts@avaya.com",
"ID" : "CVE-2018-15617", "ID": "CVE-2018-15617",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Communication Manager Denial of Service" "TITLE": "Communication Manager Denial of Service"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Communication Manager", "product_name": "Communication Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_name" : "7.1.x", "version_name": "7.1.x",
"version_value" : "7.1.3.2" "version_value": "7.1.3.2"
}, },
{ {
"affected" : "<=", "affected": "<=",
"version_name" : "8.x", "version_name": "8.x",
"version_value" : "8.0.1" "version_value": "8.0.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_name" : "6.3.x", "version_name": "6.3.x",
"version_value" : "6.3.x" "version_value": "6.3.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Avaya" "vendor_name": "Avaya"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the \"capro\" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399: Resource Management Errors"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downloads.avaya.com/css/P8/documents/101055396", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://downloads.avaya.com/css/P8/documents/101055396" "lang": "eng",
}, "value": "A vulnerability in the \"capro\" (Call Processor) process component of Avaya Aura Communication Manager could allow a remote, unauthenticated user to cause denial of service. Affected versions include 6.3.x, all 7.x versions prior to 7.1.3.2, and all 8.x versions prior to 8.0.1."
{ }
"name" : "106826", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106826" "impact": {
} "cvss": {
] "attackComplexity": "LOW",
}, "attackVector": "NETWORK",
"source" : { "availabilityImpact": "HIGH",
"advisory" : "ASA-2018-328" "baseScore": 6.5,
} "baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399: Resource Management Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106826",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106826"
},
{
"name": "https://downloads.avaya.com/css/P8/documents/101055396",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101055396"
}
]
},
"source": {
"advisory": "ASA-2018-328"
}
} }

120
2018/15xxx/CVE-2018-15706.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnreport@tenable.com", "ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-15706", "ID": "CVE-2018-15706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Advantech WebAccess", "product_name": "Advantech WebAccess",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.1 and 8.3.2" "version_value": "8.3.1 and 8.3.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Advantech" "vendor_name": "Advantech"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2018-35", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2018-35" "lang": "eng",
} "value": "WADashboard API in Advantech WebAccess 8.3.1 and 8.3.2 allows remote authenticated attackers to read any file on the filesystem due to a directory traversal vulnerability in the readFile API."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-35",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-35"
}
]
}
} }

32
2018/20xxx/CVE-2018-20085.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20085", "ID": "CVE-2018-20085",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20313.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20313", "ID": "CVE-2018-20313",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/20xxx/CVE-2018-20798.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20798", "ID": "CVE-2018-20798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://redmine.pfsense.org/issues/9223", "description_data": [
"refsource" : "MISC", {
"url" : "https://redmine.pfsense.org/issues/9223" "lang": "eng",
} "value": "The expiretable configuration in pfSense 2.4.4_1 establishes block durations that are incompatible with the block durations implemented by sshguard, which might make it easier for attackers to bypass intended access restrictions."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://redmine.pfsense.org/issues/9223",
"refsource": "MISC",
"url": "https://redmine.pfsense.org/issues/9223"
}
]
}
} }

32
2018/9xxx/CVE-2018-9433.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9433", "ID": "CVE-2018-9433",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/9xxx/CVE-2018-9577.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9577", "ID": "CVE-2018-9577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-9" "version_value": "Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
} "value": "In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715937."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
} }

32
2018/9xxx/CVE-2018-9780.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9780", "ID": "CVE-2018-9780",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }