admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:56:00 +00:00
parent 8d565268d4
commit 6e94c818ca
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
43 changed files with 2933 additions and 2933 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0958.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0958",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0958",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=91877",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=91877"
},
{
"name" : "phpreactor-browse-xss(9280)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9280.php"
},
{
"name" : "4952",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4952"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=91877",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=91877"
},
{
"name": "phpreactor-browse-xss(9280)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9280.php"
},
{
"name": "20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html"
},
{
"name": "4952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4952"
}
]
}
}

140
2002/0xxx/CVE-2002-0973.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-02:38",
"refsource" : "FREEBSD",
"url" : "http://marc.info/?l=bugtraq&m=102976839728706&w=2"
},
{
"name" : "5493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5493"
},
{
"name" : "freebsd-negative-system-call-bo(9903)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9903.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in several system calls for FreeBSD 4.6.1 RELEASE-p10 and earlier may allow attackers to access sensitive kernel memory via large negative values to the (1) accept, (2) getsockname, and (3) getpeername system calls, and the (4) vesa FBIO_GETPALETTE ioctl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5493"
},
{
"name": "FreeBSD-SA-02:38",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=102976839728706&w=2"
},
{
"name": "freebsd-negative-system-call-bo(9903)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9903.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1066.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1066",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html"
},
{
"name" : "jana-pop3-index-bo(9689)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9689.php"
},
{
"name" : "5327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5327"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large message index value in a (1) RETR or (2) DELE command to the POP3 server, which exceeds the array limits and allows a buffer overflow attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020726 SECURITY.NNOV: multiple vulnerabilities in JanaServer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html"
},
{
"name": "jana-pop3-index-bo(9689)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9689.php"
},
{
"name": "5327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5327"
}
]
}
}

140
2002/2xxx/CVE-2002-2292.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021213 Advisory Title: iASP Remote Console Applet Allows Remote",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0126.html"
},
{
"name" : "6394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6394"
},
{
"name" : "iasp-dotdot-directory-traversal(10860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Remote Console Applet in Halycon Software iASP 1.0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request to port 9095."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iasp-dotdot-directory-traversal(10860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10860"
},
{
"name": "20021213 Advisory Title: iASP Remote Console Applet Allows Remote",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0126.html"
},
{
"name": "6394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6394"
}
]
}
}

230
2005/0xxx/CVE-2005-0045.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the \"Server Message Block Vulnerability,\" and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110792638401852&w=2"
},
{
"name" : "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=110795643831169&w=2"
},
{
"name" : "20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111040962600205&w=2"
},
{
"name" : "MS05-011",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011"
},
{
"name" : "TA05-039A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name" : "VU#652537",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/652537"
},
{
"name" : "12484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12484"
},
{
"name" : "oval:org.mitre.oval:def:1606",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606"
},
{
"name" : "oval:org.mitre.oval:def:1847",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847"
},
{
"name" : "oval:org.mitre.oval:def:1889",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889"
},
{
"name" : "oval:org.mitre.oval:def:4043",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043"
},
{
"name" : "win-smb-code-execution(19089)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the \"Server Message Block Vulnerability,\" and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110792638401852&w=2"
},
{
"name": "oval:org.mitre.oval:def:4043",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4043"
},
{
"name": "win-smb-code-execution(19089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19089"
},
{
"name": "20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=110795643831169&w=2"
},
{
"name": "oval:org.mitre.oval:def:1606",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1606"
},
{
"name": "12484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12484"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:1889",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1889"
},
{
"name": "VU#652537",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/652537"
},
{
"name": "oval:org.mitre.oval:def:1847",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1847"
},
{
"name": "20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111040962600205&w=2"
},
{
"name": "MS05-011",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-011"
}
]
}
}

300
2005/0xxx/CVE-2005-0448.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CLSA-2006:1056",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"
},
{
"name" : "DSA-696",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-696"
},
{
"name" : "FLSA-2006:152845",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name" : "GLSA-200501-38",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name" : "HPSBUX01208",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/8704"
},
{
"name" : "SSRT5938",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/8704"
},
{
"name" : "MDKSA-2005:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"name" : "RHSA-2005:881",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name" : "RHSA-2005:674",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"name" : "20060101-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name" : "USN-94-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/94-1/"
},
{
"name" : "oval:org.mitre.oval:def:728",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"name" : "oval:org.mitre.oval:def:10475",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"name" : "18075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18075"
},
{
"name" : "12767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12767"
},
{
"name" : "14531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14531"
},
{
"name" : "18517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18517"
},
{
"name" : "17079",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17079"
},
{
"name" : "55314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-696",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-696"
},
{
"name": "HPSBUX01208",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/8704"
},
{
"name": "RHSA-2005:881",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "MDKSA-2005:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:079"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "18075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18075"
},
{
"name": "12767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12767"
},
{
"name": "CLSA-2006:1056",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"
},
{
"name": "oval:org.mitre.oval:def:10475",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10475"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "FLSA-2006:152845",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "oval:org.mitre.oval:def:728",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A728"
},
{
"name": "GLSA-200501-38",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "RHSA-2005:674",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-674.html"
},
{
"name": "17079",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17079"
},
{
"name": "14531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14531"
},
{
"name": "USN-94-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/94-1/"
},
{
"name": "SSRT5938",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/8704"
}
]
}
}

180
2005/0xxx/CVE-2005-0644.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050317 McAfee AntiVirus Library Stack Overflow",
"refsource" : "ISS",
"url" : "http://xforce.iss.net/xforce/alerts/id/190"
},
{
"name" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf",
"refsource" : "CONFIRM",
"url" : "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf"
},
{
"name" : "VU#361180",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/361180"
},
{
"name" : "10243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10243"
},
{
"name" : "12832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12832"
},
{
"name" : "1013463",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013463"
},
{
"name" : "14628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#361180",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361180"
},
{
"name": "10243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10243"
},
{
"name": "12832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12832"
},
{
"name": "20050317 McAfee AntiVirus Library Stack Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/190"
},
{
"name": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf",
"refsource": "CONFIRM",
"url": "http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf"
},
{
"name": "14628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14628"
},
{
"name": "1013463",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013463"
}
]
}
}

150
2005/0xxx/CVE-2005-0658.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050303 TYPO3 SQL Injection vunerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110987892618892&w=2"
},
{
"name" : "20050304 RE: TYPO3 SQL Injection vunerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110995289619649&w=2"
},
{
"name" : "20050304 Re: TYPO3 SQL Injection vunerabilitie",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110996536620069&w=2"
},
{
"name" : "14465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050304 RE: TYPO3 SQL Injection vunerabilitie",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110995289619649&w=2"
},
{
"name": "20050303 TYPO3 SQL Injection vunerabilitie",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110987892618892&w=2"
},
{
"name": "14465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14465"
},
{
"name": "20050304 Re: TYPO3 SQL Injection vunerabilitie",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110996536620069&w=2"
}
]
}
}

150
2005/0xxx/CVE-2005-0820.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "867443",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/867443"
},
{
"name" : "12824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12824"
},
{
"name" : "14882",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14882"
},
{
"name" : "1013454",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013454",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013454"
},
{
"name": "14882",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14882"
},
{
"name": "12824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12824"
},
{
"name": "867443",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/867443"
}
]
}
}

130
2005/1xxx/CVE-2005-1401.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050501 Clients format string and server crash in Mtp-Target 1.2.2",
"refsource" : "BUGTRAQ",
"url" : "http://www.security-focus.com/archive/1/397304"
},
{
"name" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/mtpbugs-adv.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050501 Clients format string and server crash in Mtp-Target 1.2.2",
"refsource": "BUGTRAQ",
"url": "http://www.security-focus.com/archive/1/397304"
},
{
"name": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/mtpbugs-adv.txt"
}
]
}
}

150
2005/1xxx/CVE-2005-1631.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1631",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=326826",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=326826"
},
{
"name" : "13623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13623"
},
{
"name" : "15305",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15305"
},
{
"name" : "booby-bookmarks-information-disclosure(20605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20605"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15305",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15305"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=326826",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=326826"
},
{
"name": "13623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13623"
},
{
"name": "booby-bookmarks-information-disclosure(20605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20605"
}
]
}
}

150
2009/0xxx/CVE-2009-0058.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-0058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"
},
{
"name" : "33608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33608"
},
{
"name" : "1021679",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021679"
},
{
"name" : "33749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.x before 4.2.176.0 and 5.x before 5.2 allow remote attackers to cause a denial of service (web authentication outage or device reload) via unspecified network traffic, as demonstrated by a vulnerability scanner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090204 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a6c1dd.shtml"
},
{
"name": "33608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33608"
},
{
"name": "33749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33749"
},
{
"name": "1021679",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021679"
}
]
}
}

170
2009/0xxx/CVE-2009-0206.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02408",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123394068325944&w=2"
},
{
"name" : "SSRT080182",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123394068325944&w=2"
},
{
"name" : "33653",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33653"
},
{
"name" : "ADV-2009-0350",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0350"
},
{
"name" : "33860",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33860"
},
{
"name" : "hpux-nfs-dos(48556)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48556"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier for HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX02408",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123394068325944&w=2"
},
{
"name": "33653",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33653"
},
{
"name": "hpux-nfs-dos(48556)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48556"
},
{
"name": "SSRT080182",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123394068325944&w=2"
},
{
"name": "33860",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33860"
},
{
"name": "ADV-2009-0350",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0350"
}
]
}
}

160
2009/0xxx/CVE-2009-0612.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090209 Trend micro - IWSVA/IWSS - Authorization module password leak",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500760/100/0/threaded"
},
{
"name" : "33687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33687"
},
{
"name" : "1021716",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021716"
},
{
"name" : "33891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33891"
},
{
"name" : "interscan-proxyauthorization-info-disc(48681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and InterScan Web Security Suite (IWSS) 3.x, when basic authorization is enabled on the standalone proxy, forwards the Proxy-Authorization header from Windows Media Player, which allows remote web servers to obtain credentials by offering a media stream and then capturing this header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "interscan-proxyauthorization-info-disc(48681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48681"
},
{
"name": "33891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33891"
},
{
"name": "33687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33687"
},
{
"name": "1021716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021716"
},
{
"name": "20090209 Trend micro - IWSVA/IWSS - Authorization module password leak",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500760/100/0/threaded"
}
]
}
}

320
2009/1xxx/CVE-2009-1375.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.pidgin.im/news/security/?id=31",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/?id=31"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=500491",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"name" : "DSA-1805",
"refsource" : "DEBIAN",
"url" : "http://debian.org/security/2009/dsa-1805"
},
{
"name" : "FEDORA-2009-5552",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name" : "FEDORA-2009-5583",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name" : "FEDORA-2009-5597",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name" : "GLSA-200905-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name" : "MDVSA-2009:173",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
},
{
"name" : "RHSA-2009:1060",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name" : "USN-781-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name" : "35067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35067"
},
{
"name" : "54649",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54649"
},
{
"name" : "oval:org.mitre.oval:def:10829",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"name" : "35194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35194"
},
{
"name" : "35202",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35202"
},
{
"name" : "35188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35188"
},
{
"name" : "35215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35215"
},
{
"name" : "35294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35294"
},
{
"name" : "35329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35329"
},
{
"name" : "ADV-2009-1396",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name" : "pidgin-purplecircbuffer-dos(50683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before 2.5.6 does not properly maintain a certain buffer, which allows remote attackers to cause a denial of service (memory corruption and application crash) via vectors involving the (1) XMPP or (2) Sametime protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-5597",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00075.html"
},
{
"name": "RHSA-2009:1060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1060.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=500491",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=500491"
},
{
"name": "GLSA-200905-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200905-07.xml"
},
{
"name": "35067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35067"
},
{
"name": "FEDORA-2009-5583",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00051.html"
},
{
"name": "35329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35329"
},
{
"name": "USN-781-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-781-1"
},
{
"name": "54649",
"refsource": "OSVDB",
"url": "http://osvdb.org/54649"
},
{
"name": "DSA-1805",
"refsource": "DEBIAN",
"url": "http://debian.org/security/2009/dsa-1805"
},
{
"name": "35294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35294"
},
{
"name": "35188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35188"
},
{
"name": "oval:org.mitre.oval:def:10829",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10829"
},
{
"name": "35194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35194"
},
{
"name": "FEDORA-2009-5552",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00033.html"
},
{
"name": "35202",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35202"
},
{
"name": "35215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35215"
},
{
"name": "ADV-2009-1396",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1396"
},
{
"name": "http://www.pidgin.im/news/security/?id=31",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/?id=31"
},
{
"name": "pidgin-purplecircbuffer-dos(50683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50683"
},
{
"name": "MDVSA-2009:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:173"
}
]
}
}

140
2009/1xxx/CVE-2009-1410.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1410",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1410",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8505",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8505"
},
{
"name" : "34647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34647"
},
{
"name" : "quickcmslite-index-sql-injection(49989)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49989"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quickcmslite-index-sql-injection(49989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49989"
},
{
"name": "34647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34647"
},
{
"name": "8505",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8505"
}
]
}
}

130
2009/1xxx/CVE-2009-1414.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=9860",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=9860"
},
{
"name" : "googlechrome-globalobject-xss(50446)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50446"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome 2.0.x lets modifications to the global object persist across a page transition, which makes it easier for attackers to conduct Universal XSS attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "googlechrome-globalobject-xss(50446)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50446"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=9860",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=9860"
}
]
}
}

150
2009/5xxx/CVE-2009-5136.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=540545",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001",
"refsource" : "CONFIRM",
"url" : "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"name" : "RHSA-2010:0773",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001",
"refsource": "CONFIRM",
"url": "https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=1001"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540545",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540545"
},
{
"name": "RHSA-2010:0773",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0773.html"
},
{
"name": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/htcondor/manual/v7.6/8_5Stable_Release.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2257.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2257",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2257",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

140
2012/2xxx/CVE-2012-2848.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=127525",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=127525"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name" : "oval:org.mitre.oval:def:15658",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The drag-and-drop implementation in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, allows user-assisted remote attackers to bypass intended file access restrictions via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=127525",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=127525"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name": "oval:org.mitre.oval:def:15658",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15658"
}
]
}
}

130
2012/3xxx/CVE-2012-3063.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
},
{
"name" : "1027188",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027188"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Application Control Engine (ACE) before A4(2.3) and A5 before A5(1.1), when multicontext mode is enabled, does not properly share a management IP address among multiple contexts, which allows remote authenticated administrators to bypass intended access restrictions in opportunistic circumstances, and read or modify configuration settings, via a login attempt to a context, aka Bug ID CSCts30631, a different vulnerability than CVE-2012-3058."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027188"
},
{
"name": "20120620 Cisco Application Control Engine Administrator IP Address Overlap Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ace"
}
]
}
}

360
2012/3xxx/CVE-2012-3494.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Xen-announce] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability",
"refsource" : "MLIST",
"url" : "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html"
},
{
"name" : "[oss-security] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/05/5"
},
{
"name" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability",
"refsource" : "MISC",
"url" : "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=851139",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851139"
},
{
"name" : "http://support.citrix.com/article/CTX134708",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX134708"
},
{
"name" : "DSA-2544",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2544"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "openSUSE-SU-2012:1172",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:1174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name" : "SUSE-SU-2012:1129",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
},
{
"name" : "SUSE-SU-2012:1132",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
},
{
"name" : "SUSE-SU-2012:1133",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
},
{
"name" : "SUSE-SU-2012:1135",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name" : "SUSE-SU-2012:1162",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
},
{
"name" : "openSUSE-SU-2012:1572",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:1573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name" : "55400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55400"
},
{
"name" : "85197",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85197"
},
{
"name" : "1027479",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027479"
},
{
"name" : "50472",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50472"
},
{
"name" : "50530",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50530"
},
{
"name" : "51413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51413"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
},
{
"name" : "xen-setdebugreg-dos(78265)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, 4.1, and 4.2, and Citrix XenServer 6.0.2 and earlier, when running on x86-64 systems, allows local OS guest users to cause a denial of service (host crash) by writing to the reserved bits of the DR7 debug control register."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "50530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50530"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "SUSE-SU-2012:1135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name": "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability",
"refsource": "MISC",
"url": "http://wiki.xen.org/wiki/Security_Announcements#XSA-12_hypercall_set_debugreg_vulnerability"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=851139",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=851139"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "50472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50472"
},
{
"name": "55400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55400"
},
{
"name": "[oss-security] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/05/5"
},
{
"name": "SUSE-SU-2012:1162",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html"
},
{
"name": "openSUSE-SU-2012:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "xen-setdebugreg-dos(78265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78265"
},
{
"name": "SUSE-SU-2012:1132",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html"
},
{
"name": "http://support.citrix.com/article/CTX134708",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX134708"
},
{
"name": "[Xen-announce] 20120905 Xen Security Advisory 12 (CVE-2012-3494) - hypercall set_debugreg vulnerability",
"refsource": "MLIST",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-09/msg00000.html"
},
{
"name": "SUSE-SU-2012:1129",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html"
},
{
"name": "SUSE-SU-2012:1133",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html"
},
{
"name": "85197",
"refsource": "OSVDB",
"url": "http://osvdb.org/85197"
},
{
"name": "1027479",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027479"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "openSUSE-SU-2012:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name": "DSA-2544",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2544"
}
]
}
}

130
2012/3xxx/CVE-2012-3581.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
},
{
"name" : "55142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
},
{
"name": "55142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55142"
}
]
}
}

170
2012/4xxx/CVE-2012-4872.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html",
"refsource" : "MISC",
"url" : "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"name" : "http://wiki.kayako.com/display/DOCS/4.40.985",
"refsource" : "MISC",
"url" : "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"name" : "http://wiki.kayako.com/display/DOCS/4.40.986",
"refsource" : "MISC",
"url" : "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name" : "52625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52625"
},
{
"name" : "48462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48462"
},
{
"name" : "kayakofusion-submitticket-xss(74143)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52625"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.985",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"name": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.986",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
]
}
}

150
2012/4xxx/CVE-2012-4933.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks",
"refsource" : "MISC",
"url" : "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks"
},
{
"name" : "VU#332412",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/332412"
},
{
"name" : "1027682",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027682"
},
{
"name" : "novell-zam-info-disclosure(79252)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027682",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027682"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2012/10/15/cve-2012-4933-novell-zenworks"
},
{
"name": "novell-zam-info-disclosure(79252)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79252"
},
{
"name": "VU#332412",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/332412"
}
]
}
}

34
2012/6xxx/CVE-2012-6222.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6222",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6222",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

140
2012/6xxx/CVE-2012-6624.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html"
},
{
"name" : "53537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53537"
},
{
"name" : "49188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49188"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html"
},
{
"name": "53537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53537"
},
{
"name": "49188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49188"
}
]
}
}

130
2017/2xxx/CVE-2017-2213.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SemiDynaEXE (SemiDynaEXE2008.EXE)",
"version" : {
"version_data" : [
{
"version_value" : "ver. 1.0.2"
}
]
}
}
]
},
"vendor_name" : "Geospatial Information Authority of Japan (GSI)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SemiDynaEXE (SemiDynaEXE2008.EXE)",
"version": {
"version_data": [
{
"version_value": "ver. 1.0.2"
}
]
}
}
]
},
"vendor_name": "Geospatial Information Authority of Japan (GSI)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html",
"refsource" : "CONFIRM",
"url" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html"
},
{
"name" : "JVN#52691241",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52691241/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in SemiDynaEXE (SemiDynaEXE2008.EXE) ver. 1.0.2 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52691241",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52691241/index.html"
},
{
"name": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html",
"refsource": "CONFIRM",
"url": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html"
}
]
}
}

170
2017/2xxx/CVE-2017-2487.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207602",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207602"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97137"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"FontParser\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97137"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

122
2017/2xxx/CVE-2017-2739.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Vmall",
"version" : {
"version_data" : [
{
"version_value" : "Earlier than HwVmall 1.5.3.0 versions"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "MITM"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Vmall",
"version": {
"version_data": [
{
"version_value": "Earlier than HwVmall 1.5.3.0 versions"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 versions is transferred through HTTP. A man in the middle (MITM) can tamper with the upgrade package of Huawei Vmall APP, and to implant the malicious applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "MITM"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170208-01-vmall-en"
}
]
}
}

34
2017/6xxx/CVE-2017-6595.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6595",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6595",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/6xxx/CVE-2017-6843.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h/"
}
]
}
}

34
2018/11xxx/CVE-2018-11016.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11016",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11016",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/11xxx/CVE-2018-11300.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=1f111832dc93bc639538dc173397b30af329b130"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
}
]
}
}

148
2018/11xxx/CVE-2018-11797.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-10-05T00:00:00",
"ID" : "CVE-2018-11797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache PDFBox",
"version" : {
"version_data" : [
{
"version_value" : "1.8.0 to 1.8.15"
},
{
"version_value" : "2.0.0RC1 to 2.0.11"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-05T00:00:00",
"ID": "CVE-2018-11797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache PDFBox",
"version": {
"version_data": [
{
"version_value": "1.8.0 to 1.8.15"
},
{
"version_value": "2.0.0RC1 to 2.0.11"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20181005 [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E"
},
{
"name" : "[announce] 20181006 [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb@%3Cannounce.apache.org%3E"
},
{
"name" : "[debian-lts-announce] 20181016 [SECURITY] [DLA 1547-1] libpdfbox-java security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce] 20181006 [UPDATE][CVE-2018-11797] DoS vulnerability in Apache PDFBox parser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/645574bc50b886d39c20b4065d51ccb1cd5d3a6b4750a22edbb565eb@%3Cannounce.apache.org%3E"
},
{
"name": "[announce] 20181005 [CVE-2018-11797] DoS vulnerability in Apache PDFBox parser",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a9760973a873522f4d4c0a99916ceb74f361d91006b663a0a418d34a@%3Cannounce.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181016 [SECURITY] [DLA 1547-1] libpdfbox-java security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00008.html"
}
]
}
}

34
2018/11xxx/CVE-2018-11924.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11924",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11924",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14158.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14158",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14158",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14275.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-735",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-735"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the spawnPageFromTemplate method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6038."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-735",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-735"
}
]
}
}

34
2018/14xxx/CVE-2018-14374.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14374",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-14374",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

150
2018/15xxx/CVE-2018-15148.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15148",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15148",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://insecurity.sh/reports/openemr.pdf",
"refsource" : "MISC",
"url" : "https://insecurity.sh/reports/openemr.pdf"
},
{
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource" : "MISC",
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name" : "https://github.com/openemr/openemr/pull/1757/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/openemr/openemr/pull/1757/files"
},
{
"name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource" : "CONFIRM",
"url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in interface/patient_file/encounter/search_code.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary SQL commands via the 'text' parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://insecurity.sh/reports/openemr.pdf",
"refsource": "MISC",
"url": "https://insecurity.sh/reports/openemr.pdf"
},
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource": "CONFIRM",
"url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
},
{
"name": "https://github.com/openemr/openemr/pull/1757/files",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1757/files"
}
]
}
}

34
2018/15xxx/CVE-2018-15642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/20xxx/CVE-2018-20377.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/",
"refsource" : "MISC",
"url" : "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
},
{
"name" : "https://github.com/zadewg/LIVEBOX-0DAY",
"refsource" : "MISC",
"url" : "https://github.com/zadewg/LIVEBOX-0DAY"
},
{
"name" : "https://news.ycombinator.com/item?id=18745533",
"refsource" : "MISC",
"url" : "https://news.ycombinator.com/item?id=18745533"
},
{
"name" : "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/",
"refsource" : "MISC",
"url" : "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Orange Livebox 00.96.320S devices allow remote attackers to discover Wi-Fi credentials via /get_getnetworkconf.cgi on port 8080, leading to full control if the admin password equals the Wi-Fi password or has the default admin value. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/",
"refsource": "MISC",
"url": "https://web.archive.org/web/20181223120225/https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
},
{
"name": "https://news.ycombinator.com/item?id=18745533",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=18745533"
},
{
"name": "https://github.com/zadewg/LIVEBOX-0DAY",
"refsource": "MISC",
"url": "https://github.com/zadewg/LIVEBOX-0DAY"
},
{
"name": "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/",
"refsource": "MISC",
"url": "https://badpackets.net/over-19000-orange-livebox-adsl-modems-are-leaking-their-wifi-credentials/"
}
]
}
}

34
2018/8xxx/CVE-2018-8723.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8723",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8723",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}