admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:12:07 +00:00
parent 8a56636c22
commit 6fa0af7229
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4137 additions and 4137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/1xxx/CVE-2002-1035.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1035", "ID": "CVE-2002-1035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020701 BufferOverflow in OmniHTTPd 2.09", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/280132" "lang": "eng",
}, "value": "Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number."
{ }
"name" : "omnihttpd-http-version-bo(9457)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9457.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5136", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5136" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5000", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5000" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5000",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5000"
},
{
"name": "5136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5136"
},
{
"name": "omnihttpd-http-version-bo(9457)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9457.php"
},
{
"name": "20020701 BufferOverflow in OmniHTTPd 2.09",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/280132"
}
]
}
}

170
2003/0xxx/CVE-2003-0242.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0242", "ID": "CVE-2003-0242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=61798", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=61798" "lang": "eng",
}, "value": "IPSec in Mac OS X before 10.2.6 does not properly handle certain incoming security policies that match by port, which could allow traffic that is not explicitly allowed by the policies."
{ }
"name" : "VU#869548", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/869548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7628", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7628" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1006796", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1006796" ]
}, },
{ "references": {
"name" : "8798", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/8798" "name": "1006796",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1006796"
"name" : "macos-ipsec-acl-bypass(12027)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12027" "name": "VU#869548",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/869548"
} },
} {
"name": "8798",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8798"
},
{
"name": "macos-ipsec-acl-bypass(12027)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12027"
},
{
"name": "7628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7628"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
}
]
}
}

140
2003/0xxx/CVE-2003-0603.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0603", "ID": "CVE-2003-0603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/2.16.2/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/2.16.2/" "lang": "eng",
}, "value": "Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions."
{ }
"name" : "CLA-2003:653", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "7412", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7412" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:653",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653"
},
{
"name": "7412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7412"
},
{
"name": "http://www.bugzilla.org/security/2.16.2/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/2.16.2/"
}
]
}
}

140
2003/0xxx/CVE-2003-0849.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0849", "ID": "CVE-2003-0849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030925 Cfengine2 cfservd remote stack overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106451047819552&w=2" "lang": "eng",
}, "value": "Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function."
{ }
"name" : "20030928 cfengine2-2.0.3 remote exploit for redhat", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=106485375218280&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20031005 GLSA: cfengine (200310-02)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106546086216984&w=2" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20030925 Cfengine2 cfservd remote stack overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106451047819552&w=2"
},
{
"name": "20030928 cfengine2-2.0.3 remote exploit for redhat",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106485375218280&w=2"
},
{
"name": "20031005 GLSA: cfengine (200310-02)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106546086216984&w=2"
}
]
}
}

180
2003/1xxx/CVE-2003-1057.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1057", "ID": "CVE-2003-1057",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "57441", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57441-1" "lang": "eng",
}, "value": "Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code."
{ }
"name" : "ESB-2003.0844", ]
"refsource" : "AUSCERT", },
"url" : "http://www.auscert.org.au/render.html?it=3675" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "O-035", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-035.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10384", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/10384" ]
}, },
{ "references": {
"name" : "2924", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/2924" "name": "ESB-2003.0844",
}, "refsource": "AUSCERT",
{ "url": "http://www.auscert.org.au/render.html?it=3675"
"name" : "9170", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9170" "name": "10384",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/10384"
"name" : "cde-dtprintinfo-gain-privileges(13914)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13914" "name": "9170",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/9170"
} },
} {
"name": "O-035",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-035.shtml"
},
{
"name": "cde-dtprintinfo-gain-privileges(13914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13914"
},
{
"name": "2924",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2924"
},
{
"name": "57441",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57441-1"
}
]
}
}

180
2003/1xxx/CVE-2003-1287.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1287", "ID": "CVE-2003-1287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030925 Sambar Server Multiple Vulnerabilities", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true" "lang": "eng",
}, "value": "Sambar Server before 6.0 beta 3 allows attackers with physical access to execute arbitrary code via a request with an MS-DOS device name such as com1.pl, con.pl, or aux.pl, which causes Perl to read the code from the associated device."
{ }
"name" : "20040430 SECURITY.NNOV: Sambar security quest", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.sambar.com/security.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.sambar.com/security.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5781", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5781" ]
}, },
{ "references": {
"name" : "1007819", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1007819" "name": "http://www.sambar.com/security.htm",
}, "refsource": "CONFIRM",
{ "url": "http://www.sambar.com/security.htm"
"name" : "9578", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9578" "name": "9578",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/9578"
"name" : "sambar-post-code-execution(16059)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16059" "name": "5781",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/5781"
} },
} {
"name": "1007819",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007819"
},
{
"name": "20030925 Sambar Server Multiple Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=103&type=vulnerabilities&flashstatus=true"
},
{
"name": "20040430 SECURITY.NNOV: Sambar security quest",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-04/0353.html"
},
{
"name": "sambar-post-code-execution(16059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16059"
}
]
}
}

180
2004/0xxx/CVE-2004-0470.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0470", "ID": "CVE-2004-0470",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp" "lang": "eng",
}, "value": "BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application."
{ }
"name" : "VU#950070", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/950070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10328", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10328" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6076", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/6076" ]
}, },
{ "references": {
"name" : "1010128", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010128" "name": "11593",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11593"
"name" : "11593", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11593" "name": "weblogic-application-unauth-access(16123)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16123"
"name" : "weblogic-application-unauth-access(16123)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16123" "name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp",
} "refsource": "CONFIRM",
] "url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/BEA04_59.00.jsp"
} },
} {
"name": "1010128",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010128"
},
{
"name": "6076",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6076"
},
{
"name": "VU#950070",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/950070"
},
{
"name": "10328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10328"
}
]
}
}

200
2004/2xxx/CVE-2004-2022.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2022", "ID": "CVE-2004-2022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040517 Buffer Overflow in ActivePerl ?", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=108482796105922&w=2" "lang": "eng",
}, "value": "ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl."
{ }
"name" : "20040518 RE: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=108489894009025&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040517 RE: Buffer Overflow in ActivePerl ?", "description": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=108483058514596&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20040518 Re: Buffer Overflow in ActivePerl ?", ]
"refsource" : "FULLDISC", }
"url" : "http://marc.info/?l=full-disclosure&m=108489112131099&w=2" ]
}, },
{ "references": {
"name" : "20040518 Re[2]: [Full-Disclosure] Buffer Overflow in ActivePerl ?", "reference_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html" "name": "perl-system-bo(16169)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16169"
"name" : "http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt", },
"refsource" : "MISC", {
"url" : "http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt" "name": "http://www.perlmonks.org/index.pl?node_id=354145",
}, "refsource": "MISC",
{ "url": "http://www.perlmonks.org/index.pl?node_id=354145"
"name" : "http://www.perlmonks.org/index.pl?node_id=354145", },
"refsource" : "MISC", {
"url" : "http://www.perlmonks.org/index.pl?node_id=354145" "name": "20040518 Re: Buffer Overflow in ActivePerl ?",
}, "refsource": "FULLDISC",
{ "url": "http://marc.info/?l=full-disclosure&m=108489112131099&w=2"
"name" : "10375", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10375" "name": "20040518 RE: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ?",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108489894009025&w=2"
"name" : "perl-system-bo(16169)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16169" "name": "http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt",
} "refsource": "MISC",
] "url": "http://www.oliverkarow.de/research/ActivePerlSystemBOF.txt"
} },
} {
"name": "20040517 RE: Buffer Overflow in ActivePerl ?",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=108483058514596&w=2"
},
{
"name": "20040517 Buffer Overflow in ActivePerl ?",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=108482796105922&w=2"
},
{
"name": "10375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10375"
},
{
"name": "20040518 Re[2]: [Full-Disclosure] Buffer Overflow in ActivePerl ?",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.html"
}
]
}
}

140
2004/2xxx/CVE-2004-2056.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2056", "ID": "CVE-2004-2056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040725 NucleusCMS 3.01 SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109087144509299&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter."
{ }
"name" : "13136", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/13136" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "nucleus-sql-injection(18002)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18002" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20040725 NucleusCMS 3.01 SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109087144509299&w=2"
},
{
"name": "nucleus-sql-injection(18002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18002"
},
{
"name": "13136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13136"
}
]
}
}

180
2004/2xxx/CVE-2004-2293.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2293", "ID": "CVE-2004-2293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/365865" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023."
{ }
"name" : "10524", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10524" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6997", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6997" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6998", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/6998" ]
}, },
{ "references": {
"name" : "6999", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6999" "name": "phpnuke-faq-encyclopedia-xss(16406)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406"
"name" : "11852", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11852" "name": "6999",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/6999"
"name" : "phpnuke-faq-encyclopedia-xss(16406)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16406" "name": "6997",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/6997"
} },
} {
"name": "11852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11852"
},
{
"name": "20040611 [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/365865"
},
{
"name": "10524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10524"
},
{
"name": "6998",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6998"
}
]
}
}

190
2008/2xxx/CVE-2008-2025.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2025", "ID": "CVE-2008-2025",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=385273", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=385273" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to \"insufficient quoting of parameters.\""
{ }
"name" : "https://launchpad.net/bugs/cve/2008-2025", ]
"refsource" : "MISC", },
"url" : "https://launchpad.net/bugs/cve/2008-2025" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml", "description": [
"refsource" : "CONFIRM", {
"url" : "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.novell.com/security/cve/CVE-2008-2025.html", ]
"refsource" : "CONFIRM", }
"url" : "http://support.novell.com/security/cve/CVE-2008-2025.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2009:008", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html" "name": "34567",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34567"
"name" : "53380", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53380" "name": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml",
}, "refsource": "CONFIRM",
{ "url": "http://download.opensuse.org/update/10.3-test/repodata/patch-struts-5872.xml"
"name" : "34642", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34642" "name": "34642",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34642"
"name" : "34567", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34567" "name": "http://support.novell.com/security/cve/CVE-2008-2025.html",
} "refsource": "CONFIRM",
] "url": "http://support.novell.com/security/cve/CVE-2008-2025.html"
} },
} {
"name": "53380",
"refsource": "OSVDB",
"url": "http://osvdb.org/53380"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "https://launchpad.net/bugs/cve/2008-2025",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2008-2025"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=385273",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=385273"
}
]
}
}

190
2008/2xxx/CVE-2008-2436.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-2436", "ID": "CVE-2008-2436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080903 Secunia Research: Novell iPrint Client nipplib.dll \"IppCreateServerRef()\" Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495940/100/0/threaded" "lang": "eng",
}, "value": "Multiple heap-based buffer overflows in the IppCreateServerRef function in nipplib.dll in Novell iPrint Client 4.x before 4.38 and 5.x before 5.08 allow remote attackers to execute arbitrary code via a long argument to the (1) GetPrinterURLList, (2) GetPrinterURLList2, or (3) GetFileList2 function in the Novell iPrint ActiveX control in ienipp.ocx."
{ }
"name" : "http://secunia.com/secunia_research/2008-33/advisory", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-33/advisory" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30986", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30986" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020806", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020806" ]
}, },
{ "references": {
"name" : "31370", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31370" "name": "4228",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4228"
"name" : "4228", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4228" "name": "1020806",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020806"
"name" : "ADV-2008-2481", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2481" "name": "http://secunia.com/secunia_research/2008-33/advisory",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2008-33/advisory"
"name" : "novell-iprint-ippcreateserverref-bo(44853)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44853" "name": "novell-iprint-ippcreateserverref-bo(44853)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44853"
} },
} {
"name": "20080903 Secunia Research: Novell iPrint Client nipplib.dll \"IppCreateServerRef()\" Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495940/100/0/threaded"
},
{
"name": "30986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30986"
},
{
"name": "ADV-2008-2481",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2481"
},
{
"name": "31370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31370"
}
]
}
}

34
2008/2xxx/CVE-2008-2440.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2440", "ID": "CVE-2008-2440",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2008/2xxx/CVE-2008-2775.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2775", "ID": "CVE-2008-2775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "29403", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29403" "lang": "eng",
}, "value": "SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows remote attackers to execute arbitrary SQL commands via the searchFor parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "30382", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/30382" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dtcentrepiece-search-sql-injection(42663)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42663" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "dtcentrepiece-search-sql-injection(42663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42663"
},
{
"name": "29403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29403"
},
{
"name": "30382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30382"
}
]
}
}

150
2008/2xxx/CVE-2008-2848.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2848", "ID": "CVE-2008-2848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.developer.mindtouch.com/view.php?id=4200", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.developer.mindtouch.com/view.php?id=4200" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "29830", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30758", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30758" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "dekiwiki-search-xss(43189)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43189" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30758"
},
{
"name": "29830",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29830"
},
{
"name": "http://bugs.developer.mindtouch.com/view.php?id=4200",
"refsource": "CONFIRM",
"url": "http://bugs.developer.mindtouch.com/view.php?id=4200"
},
{
"name": "dekiwiki-search-xss(43189)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43189"
}
]
}
}

180
2012/0xxx/CVE-2012-0165.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0165", "ID": "CVE-2012-0165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka \"GDI+ Record Type Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-034", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034" "lang": "eng",
}, "value": "GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka \"GDI+ Record Type Vulnerability.\""
{ }
"name" : "TA12-129A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53347", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53347" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15621", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621" ]
}, },
{ "references": {
"name" : "1027038", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027038" "name": "49121",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49121"
"name" : "49121", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49121" "name": "windows-gdi-emf-code-exec(75125)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75125"
"name" : "windows-gdi-emf-code-exec(75125)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75125" "name": "53347",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/53347"
} },
} {
"name": "oval:org.mitre.oval:def:15621",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15621"
},
{
"name": "MS12-034",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-034"
},
{
"name": "1027038",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027038"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
}
]
}
}

190
2012/0xxx/CVE-2012-0250.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-0250", "ID": "CVE-2012-0250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-2459", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2459" "lang": "eng",
}, "value": "Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before 0.99.20.1 allows remote attackers to cause a denial of service (daemon crash) via a Link State Update (aka LS Update) packet containing a network-LSA link-state advertisement for which the data-structure length is smaller than the value in the Length header field."
{ }
"name" : "FEDORA-2012-5352", ]
"refsource" : "FEDORA", },
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-5411", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-5436", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:1258", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1258.html" "name": "RHSA-2012:1259",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1259.html"
"name" : "RHSA-2012:1259", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1259.html" "name": "FEDORA-2012-5411",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078910.html"
"name" : "VU#551715", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/551715" "name": "DSA-2459",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2459"
"name" : "48949", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48949" "name": "VU#551715",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/551715"
} },
} {
"name": "48949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48949"
},
{
"name": "RHSA-2012:1258",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1258.html"
},
{
"name": "FEDORA-2012-5436",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078926.html"
},
{
"name": "FEDORA-2012-5352",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078794.html"
}
]
}
}

240
2012/0xxx/CVE-2012-0551.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0551", "ID": "CVE-2012-0551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE 7 update 4 and earlier and 6 update 32 and earlier, and the GlassFish Enterprise Server component in Oracle Sun Products Suite GlassFish Enterprise Server 3.1.1, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Container or Deployment."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02805", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT100919", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2" ]
}, },
{ "references": {
"name" : "MDVSA-2013:150", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "name": "SUSE-SU-2012:1265",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "SUSE-SU-2012:1231",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "oval:org.mitre.oval:def:16707",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16707"
"name" : "RHSA-2012:0734", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html" "name": "RHSA-2012:0734",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
"name" : "SUSE-SU-2012:1231", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
"name" : "SUSE-SU-2012:1265", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html" "name": "1026941",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026941"
"name" : "53136", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53136" "name": "SSRT100919",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
"name" : "oval:org.mitre.oval:def:16707", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16707" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "1026941", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026941" "name": "RHSA-2013:1456",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "53136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53136"
},
{
"name": "HPSBUX02805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
}
]
}
}

220
2012/0xxx/CVE-2012-0611.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0611", "ID": "CVE-2012-0611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
{ }
"name" : "APPLE-SA-2012-03-07-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-03-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52365" ]
}, },
{ "references": {
"name" : "79933", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79933" "name": "oval:org.mitre.oval:def:17366",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17366"
"name" : "oval:org.mitre.oval:def:17366", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17366" "name": "52365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52365"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "apple-webkit-cve20120611-code-execution(73830)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73830"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "79933",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/79933"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "apple-webkit-cve20120611-code-execution(73830)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73830" "name": "APPLE-SA-2012-03-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
} },
} {
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

170
2012/1xxx/CVE-2012-1463.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1463", "ID": "CVE-2012-1463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522005" "lang": "eng",
}, "value": "The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an ELF file with a modified endianness field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different ELF parser implementations."
{ }
"name" : "http://www.ieee-security.org/TC/SP2012/program.html", ]
"refsource" : "MISC", },
"url" : "http://www.ieee-security.org/TC/SP2012/program.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52614", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52614" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80426", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80426" ]
}, },
{ "references": {
"name" : "80433", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80433" "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/522005"
"name" : "multiple-av-elf-file-evasion(74311)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311" "name": "80433",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80433"
} },
} {
"name": "52614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52614"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80426",
"refsource": "OSVDB",
"url": "http://osvdb.org/80426"
},
{
"name": "multiple-av-elf-file-evasion(74311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74311"
}
]
}
}

170
2012/1xxx/CVE-2012-1513.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1513", "ID": "CVE-2012-1513",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vmware.com/security/advisories/VMSA-2012-0005.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2012-0005.html" "lang": "eng",
}, "value": "The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 before Update 4, 4.1 before Update 2, and 4.2 before Update 1 places the vCenter Server password in an HTML document, which allows remote authenticated administrators to obtain sensitive information by reading this document."
{ }
"name" : "52525", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52525" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80120", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80120" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026816", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026816" ]
}, },
{ "references": {
"name" : "48408", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48408" "name": "52525",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52525"
"name" : "vcenter-config-tool-info-disc(74091)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091" "name": "48408",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48408"
} },
} {
"name": "80120",
"refsource": "OSVDB",
"url": "http://osvdb.org/80120"
},
{
"name": "1026816",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026816"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2012-0005.html"
},
{
"name": "vcenter-config-tool-info-disc(74091)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74091"
}
]
}
}

170
2012/1xxx/CVE-2012-1638.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1638", "ID": "CVE-2012-1638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" "lang": "eng",
}, "value": "SQL injection vulnerability in the Search Autocomplete module before 7.x-2.1 for Drupal allows remote authenticated users with the \"use search_autocomplete\" permission to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "http://drupal.org/node/1410674", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/1410674" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1416612", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1416612" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6" ]
}, },
{ "references": {
"name" : "51667", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51667" "name": "47731",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47731"
"name" : "47731", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47731" "name": "http://drupal.org/node/1410674",
} "refsource": "CONFIRM",
] "url": "http://drupal.org/node/1410674"
} },
} {
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51667"
},
{
"name": "http://drupal.org/node/1416612",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1416612"
},
{
"name": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/search_autocomplete.git/commit/589e8f6"
}
]
}
}

34
2012/5xxx/CVE-2012-5639.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5639", "ID": "CVE-2012-5639",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2012/5xxx/CVE-2012-5861.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2012-5861", "ID": "CVE-2012-5861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php."
{ }
"name" : "21273", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/21273/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", "description": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", ]
"refsource" : "CONFIRM", }
"url" : "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88" ]
}, },
{ "references": {
"name" : "sinapsi-sql-injection(80201)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80201" "name": "21273",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/21273/"
} },
} {
"name": "20120911 Multiple vulnerabilities in Ezylog photovoltaic management server",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
},
{
"name": "sinapsi-sql-injection(80201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80201"
},
{
"name": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88",
"refsource": "CONFIRM",
"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88"
}
]
}
}

130
2012/5xxx/CVE-2012-5970.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-5970", "ID": "CVE-2012-5970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm" "lang": "eng",
}, "value": "The Huawei E585 device allows remote attackers to cause a denial of service (NULL pointer dereference and device outage) via crafted HTTP requests, as demonstrated by unspecified vulnerability-scanning software."
{ }
"name" : "VU#871148", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/871148" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#871148",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/871148"
},
{
"name": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm"
}
]
}
}

138
2017/1002xxx/CVE-2017-1002013.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2017-04-01", "DATE_ASSIGNED": "2017-04-01",
"ID" : "CVE-2017-1002013", "ID": "CVE-2017-1002013",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z" "UPDATED": "2017-08-10T14:41Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "image-gallery-with-slideshow", "product_name": "image-gallery-with-slideshow",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "1.5.2" "version_value": "1.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Anblik" "vendor_name": "Anblik"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=189", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=189" "lang": "eng",
}, "value": "Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php."
{ }
"name" : "https://wordpress.org/plugins/image-gallery-with-slideshow/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/image-gallery-with-slideshow/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/image-gallery-with-slideshow/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/image-gallery-with-slideshow/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=189",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=189"
}
]
}
}

130
2017/11xxx/CVE-2017-11344.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11344", "ID": "CVE-2017-11344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2017/07/14/3", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2017/07/14/3" "lang": "eng",
}, "value": "Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response."
{ }
"name" : "https://asuswrt.lostrealm.ca/changelog", ]
"refsource" : "CONFIRM", },
"url" : "https://asuswrt.lostrealm.ca/changelog" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://asuswrt.lostrealm.ca/changelog",
"refsource": "CONFIRM",
"url": "https://asuswrt.lostrealm.ca/changelog"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/07/14/3",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/07/14/3"
}
]
}
}

130
2017/11xxx/CVE-2017-11528.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11528", "ID": "CVE-2017-11528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867811", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867811" "lang": "eng",
}, "value": "The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory leak) via a crafted file."
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/issues/522", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ImageMagick/ImageMagick/issues/522" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867811",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867811"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/522",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/522"
}
]
}
}

34
2017/3xxx/CVE-2017-3205.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3205", "ID": "CVE-2017-3205",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

176
2017/3xxx/CVE-2017-3284.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3284", "ID": "CVE-2017-3284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Service Fulfillment Manager", "product_name": "Service Fulfillment Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Service Fulfillment Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Service Fulfillment Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Fulfillment Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Service Fulfillment Manager accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95613", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95613" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037639", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037639" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "95613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95613"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

160
2017/3xxx/CVE-2017-3649.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3649", "ID": "CVE-2017-3649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.6.36 and earlier and 5.7.18 and earlier. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "RHSA-2017:2886", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:2886" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:2787", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2787" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99799", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99799" ]
}, },
{ "references": {
"name" : "1038928", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038928" "name": "RHSA-2017:2787",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2787"
} },
} {
"name": "1038928",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038928"
},
{
"name": "99799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99799"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

34
2017/3xxx/CVE-2017-3773.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3773", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3773",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

200
2017/7xxx/CVE-2017-7040.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7040", "ID": "CVE-2017-7040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42367", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42367/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207921", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207921" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207923", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207923" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207924", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207924" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207927", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207927" "name": "99885",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99885"
"name" : "https://support.apple.com/HT207928", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207928" "name": "https://support.apple.com/HT207927",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207927"
"name" : "GLSA-201710-14", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-14" "name": "https://support.apple.com/HT207924",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207924"
"name" : "99885", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99885" "name": "https://support.apple.com/HT207928",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207928"
"name" : "1038950", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038950" "name": "https://support.apple.com/HT207921",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207921"
} },
} {
"name": "https://support.apple.com/HT207923",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207923"
},
{
"name": "42367",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42367/"
},
{
"name": "GLSA-201710-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-14"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
}
]
}
}

130
2017/7xxx/CVE-2017-7146.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7146", "ID": "CVE-2017-7146",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Security\" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208112", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208112" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"Security\" component. It allows attackers to track users across installs via a crafted app that leverages Keychain data mishandling."
{ }
"name" : "101000", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101000" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101000"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
}
]
}
}

130
2017/7xxx/CVE-2017-7258.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7258", "ID": "CVE-2017-7258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html" "lang": "eng",
}, "value": "HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi allows an Attacker to View Restricted Information or (even more seriously) execute powerful commands on the web server which can lead to a full compromise of the system via Directory Path Traversal, as demonstrated by reading core-emli/Storage. The affected versions are eMLi School Management 1.0, eMLi College Campus Management 1.0, and eMLi University Management 1.0."
{ }
"name" : "97255", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97255" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html",
"refsource": "MISC",
"url": "https://sudoat.blogspot.in/2017/03/path-traversal-vulnerability-in-emli.html"
},
{
"name": "97255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97255"
}
]
}
}

180
2017/7xxx/CVE-2017-7495.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7495", "ID": "CVE-2017-7495",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel before 4.6.2", "product_name": "Linux kernel before 4.6.2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux kernel before 4.6.2" "version_value": "Linux kernel before 4.6.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "filesystem mishandling"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824" "lang": "eng",
}, "value": "fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 data=ordered mode is used, mishandles a needs-flushing-before-commit list, which allows local users to obtain sensitive information from other users' files in opportunistic circumstances by waiting for a hardware reset, creating a new file, making write system calls, and reading this file."
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.openwall.com/lists/oss-security/2017/05/15/2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.openwall.com/lists/oss-security/2017/05/15/2" "lang": "eng",
}, "value": "filesystem mishandling"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1450261", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1450261" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824" "name": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/06bd3c36a733ac27962fea7d6f47168841376824"
"name" : "https://source.android.com/security/bulletin/2017-09-01", },
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-09-01" "name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.6.2"
"name" : "98491", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98491" "name": "https://source.android.com/security/bulletin/2017-09-01",
} "refsource": "CONFIRM",
] "url": "https://source.android.com/security/bulletin/2017-09-01"
} },
} {
"name": "98491",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98491"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1450261"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/05/15/2",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/05/15/2"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=06bd3c36a733ac27962fea7d6f47168841376824"
}
]
}
}

182
2017/7xxx/CVE-2017-7549.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2017-08-14T00:00:00", "DATE_PUBLIC": "2017-08-14T00:00:00",
"ID" : "CVE-2017-7549", "ID": "CVE-2017-7549",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "instack-undercloud", "product_name": "instack-undercloud",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0" "version_value": "Pike, 12: v7.2.0, Ocata, 11: v6.1.0, Newton, 10: v5.3.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-377"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477403", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1477403" "lang": "eng",
}, "value": "A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat OpenStack Platform Pike, 6.1.0 as packaged in Red Hat OpenStack Platform Oacta, 5.3.0 as packaged in Red Hat OpenStack Newton, where pre-install and security policy scripts used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files."
{ }
"name" : "RHSA-2017:2726", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2017:2726" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:2649", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2649" "lang": "eng",
}, "value": "CWE-377"
{ }
"name" : "RHSA-2017:2687", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:2687" ]
}, },
{ "references": {
"name" : "RHSA-2017:2693", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2693" "name": "RHSA-2017:2726",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2726"
"name" : "RHSA-2017:2557", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2557" "name": "100407",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/100407"
"name" : "100407", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100407" "name": "RHSA-2017:2649",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2649"
} },
} {
"name": "RHSA-2017:2687",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2687"
},
{
"name": "RHSA-2017:2557",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2557"
},
{
"name": "RHSA-2017:2693",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2693"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1477403"
}
]
}
}

132
2017/7xxx/CVE-2017-7974.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2017-06-28T00:00:00", "DATE_PUBLIC": "2017-06-28T00:00:00",
"ID" : "CVE-2017-7974", "ID": "CVE-2017-7974",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "U.Motion", "product_name": "U.Motion",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "U.motion Builder Versions 1.2.1 and prior." "version_value": "U.motion Builder Versions 1.2.1 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/" "lang": "eng",
}, "value": "A path traversal information disclosure vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can execute arbitrary code and exfiltrate files."
{ }
"name" : "99344", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99344" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/",
"refsource": "CONFIRM",
"url": "http://www.schneider-electric.com/en/download/document/SEVD-2017-178-01/"
},
{
"name": "99344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99344"
}
]
}
}

120
2017/8xxx/CVE-2017-8282.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8282", "ID": "CVE-2017-8282",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in \"Browser\" mode, because of a \"User Mode Write AV near NULL\" in XnView.exe."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-8282"
}
]
}
}

140
2017/8xxx/CVE-2017-8438.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@elastic.co", "ASSIGNER": "security@elastic.co",
"ID" : "CVE-2017-8438", "ID": "CVE-2017-8438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "X-Pack Security", "product_name": "X-Pack Security",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.0 to 5.4.0" "version_value": "5.0.0 to 5.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Elastic" "vendor_name": "Elastic"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284: Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952" "lang": "eng",
}, "value": "Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the run_as functionality. This bug prevents transitioning into the specified user specified in a run_as request. If a role has been created using a template that contains the _user properties, the behavior of run_as will be incorrect. Additionally if the run_as user specified does not exist, the transition will not happen."
{ }
"name" : "https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released", ]
"refsource" : "CONFIRM", },
"url" : "https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.elastic.co/community/security", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.elastic.co/community/security" "lang": "eng",
} "value": "CWE-284: Improper Access Control"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-5-4-1-and-5-3-3-security-updates/87952"
},
{
"name": "https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/elasticsearch-5-4-1-and-5-3-3-released"
},
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
}
]
}
}

142
2017/8xxx/CVE-2017-8718.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00", "DATE_PUBLIC": "2017-10-10T00:00:00",
"ID" : "CVE-2017-8718", "ID": "CVE-2017-8718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft JET Database Engine", "product_name": "Microsoft JET Database Engine",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" "version_value": "Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8717."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718" "lang": "eng",
}, "value": "The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to take control of an affected system, due to how it handles objects in memory, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-8717."
{ }
"name" : "101162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101162" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039527", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039527" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8718"
},
{
"name": "101162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101162"
},
{
"name": "1039527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039527"
}
]
}
}

190
2017/8xxx/CVE-2017-8817.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-8817", "ID": "CVE-2017-8817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "curl and libcurl before 7.57.0", "product_name": "curl and libcurl before 7.57.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "curl and libcurl before 7.57.0" "version_value": "curl and libcurl before 7.57.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20171130 [SECURITY] [DLA 1195-1] curl security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html" "lang": "eng",
}, "value": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character."
{ }
"name" : "https://curl.haxx.se/docs/adv_2017-ae72.html", ]
"refsource" : "CONFIRM", },
"url" : "https://curl.haxx.se/docs/adv_2017-ae72.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://security.cucumberlinux.com/security/details.php?id=162", "description": [
"refsource" : "CONFIRM", {
"url" : "http://security.cucumberlinux.com/security/details.php?id=162" "lang": "eng",
}, "value": "out-of-bounds read"
{ }
"name" : "DSA-4051", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2017/dsa-4051" ]
}, },
{ "references": {
"name" : "GLSA-201712-04", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201712-04" "name": "GLSA-201712-04",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201712-04"
"name" : "RHSA-2018:3558", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3558" "name": "RHSA-2018:3558",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3558"
"name" : "102057", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102057" "name": "102057",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/102057"
"name" : "1039897", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039897" "name": "[debian-lts-announce] 20171130 [SECURITY] [DLA 1195-1] curl security update",
} "refsource": "MLIST",
] "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00040.html"
} },
} {
"name": "http://security.cucumberlinux.com/security/details.php?id=162",
"refsource": "CONFIRM",
"url": "http://security.cucumberlinux.com/security/details.php?id=162"
},
{
"name": "https://curl.haxx.se/docs/adv_2017-ae72.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_2017-ae72.html"
},
{
"name": "1039897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039897"
},
{
"name": "DSA-4051",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4051"
}
]
}
}

130
2018/10xxx/CVE-2018-10366.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10366", "ID": "CVE-2018-10366",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44546", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44546/" "lang": "eng",
}, "value": "An issue was discovered in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field."
{ }
"name" : "https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44546",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44546/"
},
{
"name": "https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20",
"refsource": "CONFIRM",
"url": "https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20"
}
]
}
}

132
2018/10xxx/CVE-2018-10589.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-15T00:00:00", "DATE_PUBLIC": "2018-05-15T00:00:00",
"ID" : "CVE-2018-10589", "ID": "CVE-2018-10589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebAccess", "product_name": "WebAccess",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior." "version_value": "WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, WebAccess/NMS 2.0.3 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Advantech" "vendor_name": "Advantech"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "PATH TRAVERSAL CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01" "lang": "eng",
}, "value": "In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, a path transversal vulnerability has been identified, which may allow an attacker to execute arbitrary code."
{ }
"name" : "104190", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104190" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "PATH TRAVERSAL CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104190"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-135-01"
}
]
}
}

34
2018/10xxx/CVE-2018-10786.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10786", "ID": "CVE-2018-10786",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2018/12xxx/CVE-2018-12175.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2018-09-11T00:00:00", "DATE_PUBLIC": "2018-09-11T00:00:00",
"ID" : "CVE-2018-12175", "ID": "CVE-2018-12175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel(R) Distribution for Python 2018", "product_name": "Intel(R) Distribution for Python 2018",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Intel(R) Distribution for Python 2018 downloaded before Aug 6, 2018." "version_value": "Intel(R) Distribution for Python 2018 downloaded before Aug 6, 2018."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html" "lang": "eng",
} "value": "Default install directory permissions in Intel Distribution for Python (IDP) version 2018 may allow an unprivileged user to escalate privileges via local access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
}
]
}
}

34
2018/12xxx/CVE-2018-12894.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12894", "ID": "CVE-2018-12894",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/13xxx/CVE-2018-13056.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13056", "ID": "CVE-2018-13056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/actionyz/ZZCMS/blob/master/del.php.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/actionyz/ZZCMS/blob/master/del.php.md" "lang": "eng",
} "value": "An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/actionyz/ZZCMS/blob/master/del.php.md",
"refsource": "MISC",
"url": "https://github.com/actionyz/ZZCMS/blob/master/del.php.md"
}
]
}
}

140
2018/13xxx/CVE-2018-13302.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13302", "ID": "CVE-2018-13302",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50" "lang": "eng",
}, "value": "In FFmpeg 4.0.1, improper handling of frame types (other than EAC3_FRAME_TYPE_INDEPENDENT) that have multiple independent substreams in the handle_eac3 function in libavformat/movenc.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to a denial of service or possibly unspecified other impact."
{ }
"name" : "DSA-4249", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4249" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104675", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104675" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/ed22dc22216f74c75ee7901f82649e1ff725ba50"
},
{
"name": "DSA-4249",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4249"
},
{
"name": "104675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104675"
}
]
}
}

130
2018/13xxx/CVE-2018-13750.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13750", "ID": "CVE-2018-13750",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for RichiumToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RichiumToken", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RichiumToken" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RichiumToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RichiumToken"
}
]
}
}

130
2018/13xxx/CVE-2018-13775.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13775", "ID": "CVE-2018-13775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for RCKT_Coin, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RCKT_Coin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RCKT_Coin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RCKT_Coin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/RCKT_Coin"
}
]
}
}

130
2018/13xxx/CVE-2018-13782.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13782", "ID": "CVE-2018-13782",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for ENTER (ENTR) (Contract Name: EnterCoin), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/EnterCoin"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
}

160
2018/17xxx/CVE-2018-17205.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17205", "ID": "CVE-2018-17205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6" "lang": "eng",
}, "value": "An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting ofproto_rule_insert__ in ofproto/ofproto.c. During bundle commit, flows that are added in a bundle are applied to ofproto in order. If a flow cannot be added (e.g., the flow action is a go-to for a group id that does not exist), OvS tries to revert back all previous flows that were successfully applied from the same bundle. This is possible since OvS maintains list of old flows that were replaced by flows from the bundle. While reinserting old flows, OvS has an assertion failure due to a check on rule state != RULE_INITIALIZED. This would work for new flows, but for an old flow the rule state is RULE_REMOVED. The assertion failure causes an OvS crash."
{ }
"name" : "RHSA-2018:3500", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3500" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2019:0053", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0053" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2019:0081", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2019:0081" ]
}, },
{ "references": {
"name" : "USN-3873-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3873-1/" "name": "RHSA-2019:0053",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2019:0053"
} },
} {
"name": "USN-3873-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3873-1/"
},
{
"name": "RHSA-2018:3500",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3500"
},
{
"name": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6",
"refsource": "MISC",
"url": "https://github.com/openvswitch/ovs/commit/0befd1f3745055c32940f5faf9559be6a14395e6"
},
{
"name": "RHSA-2019:0081",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0081"
}
]
}
}

34
2018/17xxx/CVE-2018-17220.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17220", "ID": "CVE-2018-17220",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17583.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17583", "ID": "CVE-2018-17583",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/17xxx/CVE-2018-17671.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17671", "ID": "CVE-2018-17671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Reader", "product_name": "Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125: Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1150/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1150/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the Lower method of a XFA object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6617."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125: Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1150/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1150/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

132
2018/17xxx/CVE-2018-17896.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-28T00:00:00", "DATE_PUBLIC": "2018-09-28T00:00:00",
"ID" : "CVE-2018-17896", "ID": "CVE-2018-17896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500", "product_name": "STARDOM Controllers FCJ,FCN-100,FCN-RTU, FCN-500",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to version X.X" "version_value": "All versions prior to version X.X"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Yokogawa" "vendor_name": "Yokogawa"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "USE OF HARD-CODED CREDENTIALS CWE-798"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03" "lang": "eng",
}, "value": "Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify information. This attack can be executed only during maintenance work."
{ }
"name" : "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "USE OF HARD-CODED CREDENTIALS CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf",
"refsource": "CONFIRM",
"url": "https://web-material3.yokogawa.com/YSAR-18-0007-E.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-03"
}
]
}
}

152
2018/9xxx/CVE-2018-9452.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00", "DATE_PUBLIC": "2018-10-02T00:00:00",
"ID" : "CVE-2018-9452", "ID": "CVE-2018-9452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0" "version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634", "description_data": [
"refsource" : "MISC", {
"url" : "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634" "lang": "eng",
}, "value": "In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361"
{ }
"name" : "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d,", ]
"refsource" : "MISC", },
"url" : "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d," "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2018-10-01,", "description": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-10-01," "lang": "eng",
}, "value": "Denial of service"
{ }
"name" : "105484", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/105484" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/frameworks/base/+/3b6f84b77c30ec0bab5147b0cffc192c86ba2634"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "105484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105484"
},
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d,",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/frameworks/base/+/54f661b16b308cf38d1b9703214591c0f83df64d,"
}
]
}
}

34
2018/9xxx/CVE-2018-9601.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9601", "ID": "CVE-2018-9601",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/9xxx/CVE-2018-9856.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9856", "ID": "CVE-2018-9856",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Kotti/Kotti/issues/551", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Kotti/Kotti/issues/551" "lang": "eng",
} "value": "Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles implementation, as demonstrated by triggering a permission change via a /admin-document/@@share request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Kotti/Kotti/issues/551",
"refsource": "MISC",
"url": "https://github.com/Kotti/Kotti/issues/551"
}
]
}
}