admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:58:40 +00:00
parent 80cd163da3
commit 78ddfd2bf2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3775 additions and 3775 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2002/0xxx/CVE-2002-0049.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0049", "ID": "CVE-2002-0049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Exchange Server 2000 System Attendant gives \"Everyone\" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS02-003", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003" "lang": "eng",
}, "value": "Microsoft Exchange Server 2000 System Attendant gives \"Everyone\" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys."
{ }
"name" : "4053", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4053" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2042", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/2042" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:1022", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022" ]
}, },
{ "references": {
"name" : "exchange-attendant-incorrect-permissions(8092)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8092" "name": "exchange-attendant-incorrect-permissions(8092)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8092"
} },
{
"name": "4053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4053"
},
{
"name": "2042",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2042"
},
{
"name": "oval:org.mitre.oval:def:1022",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022"
},
{
"name": "MS02-003",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003"
}
]
}
} }

148
2002/0xxx/CVE-2002-0110.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0110", "ID": "CVE-2002-0110",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020109 MiraMail 1.04 can give POP account access and details", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101063476715154&w=2" "lang": "eng",
}, "value": "Nevrona Designs MiraMail 1.04 and earlier stores authentication information such as POP usernames and passwords in plaintext in a .ini file, which allows an attacker to gain privileges by reading the passwords from the file."
{ }
"name" : "VU#245707", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/245707" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3843", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3843" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "miramail-plaintext-auth-info(7855)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7855.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "VU#245707",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/245707"
},
{
"name": "miramail-plaintext-auth-info(7855)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7855.php"
},
{
"name": "3843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3843"
},
{
"name": "20020109 MiraMail 1.04 can give POP account access and details",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101063476715154&w=2"
}
]
}
} }

138
2002/0xxx/CVE-2002-0584.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0584", "ID": "CVE-2002-0584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020419 Xpede many vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html" "lang": "eng",
}, "value": "WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets by modifying the TSN ID parameter to the ts_app_process.asp script, which is easily guessable because it is incremented by 1 for each new timesheet."
{ }
"name" : "4556", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "xpede-timesheet-disclosure(8907)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8907.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "4556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4556"
},
{
"name": "20020419 Xpede many vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0273.html"
},
{
"name": "xpede-timesheet-disclosure(8907)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8907.php"
}
]
}
} }

268
2002/1xxx/CVE-2002-1221.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1221", "ID": "CVE-2002-1221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", "description_data": [
"refsource" : "ISS", {
"url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" "lang": "eng",
}, "value": "BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference."
{ }
"name" : "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=103713117612842&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.isc.org/products/BIND/bind-security.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/products/BIND/bind-security.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2002-31", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2002-31.html" ]
}, },
{ "references": {
"name" : "VU#581682", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/581682" "name": "CA-2002-31",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-31.html"
"name" : "2002-11-21", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" "name": "http://www.isc.org/products/BIND/bind-security.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/products/BIND/bind-security.html"
"name" : "MDKSA-2002:077", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" "name": "2002-11-21",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
"name" : "DSA-196", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-196" "name": "6159",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6159"
"name" : "CLA-2002:546", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546" "name": "DSA-196",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-196"
"name" : "N-013", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-013.shtml" "name": "bind-null-dereference-dos(10333)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10333"
"name" : "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", },
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/300019" "name": "SSRT2408",
}, "refsource": "COMPAQ",
{ "url": "http://online.securityfocus.com/advisories/4999"
"name" : "SSRT2408", },
"refsource" : "COMPAQ", {
"url" : "http://online.securityfocus.com/advisories/4999" "name": "20021118 TSLSA-2002-0076 - bind",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103763574715133&w=2"
"name" : "20021118 TSLSA-2002-0076 - bind", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103763574715133&w=2" "name": "CLA-2002:546",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546"
"name" : "6159", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6159" "name": "oval:org.mitre.oval:def:2094",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094"
"name" : "oval:org.mitre.oval:def:2094", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094" "name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)",
}, "refsource": "BUGTRAQ",
{ "url": "http://online.securityfocus.com/archive/1/300019"
"name" : "bind-null-dereference-dos(10333)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10333" "name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=103713117612842&w=2"
} },
{
"name": "N-013",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
},
{
"name": "VU#581682",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/581682"
},
{
"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"name": "MDKSA-2002:077",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"
}
]
}
} }

148
2002/1xxx/CVE-2002-1250.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1250", "ID": "CVE-2002-1250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.idefense.com/advisory/11.01.02.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/11.01.02.txt" "lang": "eng",
}, "value": "Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument."
{ }
"name" : "20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "abuse-net-command-bo(10519)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10519.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6094", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6094" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.idefense.com/advisory/11.01.02.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/11.01.02.txt"
},
{
"name": "6094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6094"
},
{
"name": "abuse-net-command-bo(10519)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10519.php"
},
{
"name": "20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html"
}
]
}
} }

148
2002/1xxx/CVE-2002-1596.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1596", "ID": "CVE-2002-1596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml" "lang": "eng",
}, "value": "Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers."
{ }
"name" : "VU#968187", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/968187" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3834", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3834" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cisco-sn-http-dos(7829)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7829" ]
} },
] "references": {
} "reference_data": [
{
"name": "cisco-sn-http-dos(7829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7829"
},
{
"name": "3834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3834"
},
{
"name": "20020109 Multiple Vulnerabilities in Cisco SN 5420 Storage Routers",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/SN-multiple-pub.shtml"
},
{
"name": "VU#968187",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/968187"
}
]
}
} }

148
2002/1xxx/CVE-2002-1649.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1649", "ID": "CVE-2002-1649",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020124 Vulnerabilities in squirrelmail", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag."
{ }
"name" : "VU#153043", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/153043" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3956", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3956" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "squirrelmail-html-execute-script(7989)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989" ]
} },
] "references": {
} "reference_data": [
{
"name": "squirrelmail-html-execute-script(7989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7989"
},
{
"name": "VU#153043",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/153043"
},
{
"name": "3956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3956"
},
{
"name": "20020124 Vulnerabilities in squirrelmail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html"
}
]
}
} }

138
2002/1xxx/CVE-2002-1668.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1668", "ID": "CVE-2002-1668",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a \"file system weakness\" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0201-178", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/advisories/3770" "lang": "eng",
}, "value": "HP-UX 11.11 and earlier allows local users to cause a denial of service (kernel deadlock), due to a \"file system weakness\" that is possibly via an mmap() system call and performing an I/O operation using data from the mapped buffer on the file descriptor for the mapped file."
{ }
"name" : "hp-mmap-dos(7844)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7844" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3817", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3817" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX0201-178",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/3770"
},
{
"name": "3817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3817"
},
{
"name": "hp-mmap-dos(7844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7844"
}
]
}
} }

148
2003/0xxx/CVE-2003-0328.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0328", "ID": "CVE-2003-0328",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1" "lang": "eng",
}, "value": "EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large nickname, which causes an incorrect length calculation."
{ }
"name" : "DSA-306", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2003/dsa-306" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-399", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-399" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2003:342", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2003-342.html" ]
} },
] "references": {
} "reference_data": [
{
"name": "DSA-399",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-399"
},
{
"name": "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1",
"refsource": "CONFIRM",
"url": "ftp://ftp.prbh.org/pub/epic/patches/alloca_underrun-patch-1"
},
{
"name": "DSA-306",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-306"
},
{
"name": "RHSA-2003:342",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-342.html"
}
]
}
} }

128
2003/0xxx/CVE-2003-0393.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0393", "ID": "CVE-2003-0393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privacyware Privatefirewall 3.0 does not block certain incoming packets when in \"Filter Internet Traffic\" or Deny Internet Traffic\" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030524 Some problems in Privatefirewall 3.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105380229532320&w=2" "lang": "eng",
}, "value": "Privacyware Privatefirewall 3.0 does not block certain incoming packets when in \"Filter Internet Traffic\" or Deny Internet Traffic\" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans."
{ }
"name" : "7700", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/7700" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7700"
},
{
"name": "20030524 Some problems in Privatefirewall 3.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105380229532320&w=2"
}
]
}
} }

248
2003/0xxx/CVE-2003-0789.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0789", "ID": "CVE-2003-0789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://apache.secsup.org/dist/httpd/Announcement2.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://apache.secsup.org/dist/httpd/Announcement2.html" "lang": "eng",
}, "value": "mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client."
{ }
"name" : "APPLE-SA-2004-01-26", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2003:775", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "200310-04", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200310-04.xml" ]
}, },
{ "references": {
"name" : "HPSBUX0311-301", "reference_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/advisories/6079" "name": "apache-modcgi-info-disclosure(13552)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13552"
"name" : "MDKSA-2003:103", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103" "name": "MDKSA-2003:103",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:103"
"name" : "20031031 GLSA: apache (200310-04)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106761802305141&w=2" "name": "CLA-2003:775",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000775"
"name" : "RHSA-2003:320", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-320.html" "name": "http://lists.apple.com/mhonarc/security-announce/msg00045.html",
}, "refsource": "CONFIRM",
{ "url": "http://lists.apple.com/mhonarc/security-announce/msg00045.html"
"name" : "http://docs.info.apple.com/article.html?artnum=61798", },
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=61798" "name": "APPLE-SA-2004-01-26",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html"
"name" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html", },
"refsource" : "CONFIRM", {
"url" : "http://lists.apple.com/mhonarc/security-announce/msg00045.html" "name": "200310-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200310-04.xml"
"name" : "O-015", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-015.shtml" "name": "9504",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9504"
"name" : "8926", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8926" "name": "HPSBUX0311-301",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/advisories/6079"
"name" : "9504", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9504" "name": "8926",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/8926"
"name" : "apache-modcgi-info-disclosure(13552)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13552" "name": "RHSA-2003:320",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2003-320.html"
} },
{
"name": "O-015",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/o-015.shtml"
},
{
"name": "20031031 GLSA: apache (200310-04)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106761802305141&w=2"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=61798",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=61798"
},
{
"name": "http://apache.secsup.org/dist/httpd/Announcement2.html",
"refsource": "CONFIRM",
"url": "http://apache.secsup.org/dist/httpd/Announcement2.html"
}
]
}
} }

128
2003/1xxx/CVE-2003-1276.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1276", "ID": "CVE-2003-1276",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\\Software\\MediaRing.com\\SDK\\NetTelephone\\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030103 Multiple Issues in Nettelephone Dialer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.html" "lang": "eng",
}, "value": "Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's and stores user account numbers in plaintext in the HKEY_CURRENT_USER\\Software\\MediaRing.com\\SDK\\NetTelephone\\settings registry key, which could allow local users to gain unauthorized access to NetTelephone accounts."
{ }
"name" : "nettelephone-insecure-account-information(11007)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/11007.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nettelephone-insecure-account-information(11007)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11007.php"
},
{
"name": "20030103 Multiple Issues in Nettelephone Dialer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-01/0046.html"
}
]
}
} }

188
2004/2xxx/CVE-2004-2607.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2607", "ID": "CVE-2004-2607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20040416 Re: [CHECKER] Probable security holes in 2.6.5", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html" "lang": "eng",
}, "value": "A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer."
{ }
"name" : "[linux-kernel] 20040416 Re: [CHECKER] Probable security holes in 2.6.5", ]
"refsource" : "MLIST", },
"url" : "http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0743.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1018", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1018" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2006:044", ]
"refsource" : "MANDRIVA", }
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044" ]
}, },
{ "references": {
"name" : "MDKSA-2006:072", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072" "name": "18977",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18977"
"name" : "16759", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16759" "name": "19369",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19369"
"name" : "18977", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18977" "name": "DSA-1018",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1018"
"name" : "19369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19369" "name": "MDKSA-2006:044",
} "refsource": "MANDRIVA",
] "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:044"
} },
{
"name": "16759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16759"
},
{
"name": "[linux-kernel] 20040416 Re: [CHECKER] Probable security holes in 2.6.5",
"refsource": "MLIST",
"url": "http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0313.html"
},
{
"name": "MDKSA-2006:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name": "[linux-kernel] 20040416 Re: [CHECKER] Probable security holes in 2.6.5",
"refsource": "MLIST",
"url": "http://www.uwsg.iu.edu/hypermail/linux/kernel/0404.2/0743.html"
}
]
}
} }

178
2012/0xxx/CVE-2012-0008.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0008", "ID": "CVE-2012-0008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-021", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka \"Visual Studio Add-In Vulnerability.\""
{ }
"name" : "TA12-073A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-073A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52329", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52329" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15081", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081" ]
}, },
{ "references": {
"name" : "1026792", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026792" "name": "48396",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48396"
"name" : "48396", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48396" "name": "MS12-021",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-021"
"name" : "ms-visual-studio-priv-esc(73537)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537" "name": "ms-visual-studio-priv-esc(73537)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73537"
} },
{
"name": "52329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52329"
},
{
"name": "TA12-073A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-073A.html"
},
{
"name": "oval:org.mitre.oval:def:15081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15081"
},
{
"name": "1026792",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026792"
}
]
}
} }

138
2012/0xxx/CVE-2012-0091.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0091", "ID": "CVE-2012-0091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance."
{ }
"name" : "78402", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/78402" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "peoplesoft-eptools-cve20120091(72486)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72486" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "peoplesoft-eptools-cve20120091(72486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72486"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "78402",
"refsource": "OSVDB",
"url": "http://osvdb.org/78402"
}
]
}
} }

158
2012/0xxx/CVE-2012-0231.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-0231", "ID": "CVE-2012-0231",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766", "description_data": [
"refsource" : "MISC", {
"url" : "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766" "lang": "eng",
}, "value": "PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401."
{ }
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52434", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52434" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48415", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48415" ]
}, },
{ "references": {
"name" : "proficy-prlicensemgr-code-exec(73957)", "reference_data": [
"refsource" : "XF", {
"url" : "http://xforce.iss.net/xforce/xfdb/73957" "name": "52434",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/52434"
} },
{
"name": "48415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48415"
},
{
"name": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766",
"refsource": "MISC",
"url": "http://support.ge-ip.com/support/index?page=kbchannel&id=S:KB14766"
},
{
"name": "proficy-prlicensemgr-code-exec(73957)",
"refsource": "XF",
"url": "http://xforce.iss.net/xforce/xfdb/73957"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-032-02.pdf"
}
]
}
} }

118
2012/0xxx/CVE-2012-0928.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0928", "ID": "CVE-2012-0928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://service.real.com/realplayer/security/02062012_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/02062012_player/en/" "lang": "eng",
} "value": "The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/02062012_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/02062012_player/en/"
}
]
}
} }

138
2012/0xxx/CVE-2012-0943.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2012-0943", "ID": "CVE-2012-0943",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff", "description_data": [
"refsource" : "MISC", {
"url" : "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff" "lang": "eng",
}, "value": "debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue."
{ }
"name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-1399-2", "description": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1399-2" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/953044"
},
{
"name": "USN-1399-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1399-2"
},
{
"name": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff",
"refsource": "MISC",
"url": "https://launchpadlibrarian.net/96471251/lightdm.secure-cleanup.debdiff"
}
]
}
} }

158
2012/1xxx/CVE-2012-1207.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1207", "ID": "CVE-2012-1207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php."
{ }
"name" : "http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released", ]
"refsource" : "CONFIRM", },
"url" : "http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51972", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/51972" ]
}, },
{ "references": {
"name" : "forkcms-js-file-include(73169)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73169" "name": "51972",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51972"
} },
{
"name": "forkcms-js-file-include(73169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73169"
},
{
"name": "http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released",
"refsource": "CONFIRM",
"url": "http://www.fork-cms.com/blog/detail/fork-cms-3-2-5-released"
},
{
"name": "https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29",
"refsource": "CONFIRM",
"url": "https://github.com/forkcms/forkcms/commit/a9986b86c53de0582248b39605660fbba0c21a29"
},
{
"name": "http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/109709/Fork-CMS-3.2.4-Cross-Site-Scripting-Local-File-Inclusion.html"
}
]
}
} }

148
2012/1xxx/CVE-2012-1218.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1218", "ID": "CVE-2012-1218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vulnerability-lab.com/get_content.php?id=402", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vulnerability-lab.com/get_content.php?id=402" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components."
{ }
"name" : "51946", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51946" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47766", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47766" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "freelancerkit-multiple-sql-injection(73105)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73105" ]
} },
] "references": {
} "reference_data": [
{
"name": "freelancerkit-multiple-sql-injection(73105)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73105"
},
{
"name": "51946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51946"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=402",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=402"
},
{
"name": "47766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47766"
}
]
}
} }

158
2012/1xxx/CVE-2012-1485.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1485", "ID": "CVE-2012-1485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors."
{ }
"name" : "52480", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52480" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80172", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80172" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48557", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48557" ]
}, },
{ "references": {
"name" : "netfront-android-unspecified(74048)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74048" "name": "80172",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80172"
} },
{
"name": "48557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48557"
},
{
"name": "netfront-android-unspecified(74048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74048"
},
{
"name": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html",
"refsource": "MISC",
"url": "http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2012-1485-vulnerability-in-NetFrontLifeBrowser.html"
},
{
"name": "52480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52480"
}
]
}
} }

168
2012/1xxx/CVE-2012-1754.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1754", "ID": "CVE-2012-1754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1732."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1732."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54542", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54542" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "83920", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/83920" ]
}, },
{ "references": {
"name" : "1027267", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027267" "name": "1027267",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027267"
"name" : "siebelcrm-uiframe-info-disc(77039)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77039" "name": "83920",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/83920"
} },
{
"name": "54542",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54542"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "siebelcrm-uiframe-info-disc(77039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77039"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

158
2012/1xxx/CVE-2012-1785.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1785", "ID": "CVE-2012-1785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924" "lang": "eng",
}, "value": "kg_callffmpeg.php in the Video Embed & Thumbnail Generator plugin before 2.0 for WordPress allows remote attackers to execute arbitrary commands via unspecified vectors."
{ }
"name" : "http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "52180", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48087", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48087" ]
}, },
{ "references": {
"name" : "videoembed-kgcallffmpeg-code-execution(73508)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73508" "name": "videoembed-kgcallffmpeg-code-execution(73508)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73508"
} },
{
"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fvideo-embed-thumbnail-generator&old=507924&new_path=%2Fvideo-embed-thumbnail-generator&new=507924"
},
{
"name": "52180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52180"
},
{
"name": "48087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48087"
},
{
"name": "http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/video-embed-thumbnail-generator/changelog/"
}
]
}
} }

368
2012/4xxx/CVE-2012-4244.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4244", "ID": "CVE-2012-4244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.isc.org/article/AA-00778", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.isc.org/article/AA-00778" "lang": "eng",
}, "value": "ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and named daemon exit) via a query for a long resource record."
{ }
"name" : "http://support.apple.com/kb/HT5880", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5880" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488", "description": [
"refsource" : "CONFIRM", {
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-09-12-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html" ]
}, },
{ "references": {
"name" : "DSA-2547", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2547" "name": "DSA-2547",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2547"
"name" : "FEDORA-2012-13922", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html" "name": "USN-1566-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1566-1"
"name" : "FEDORA-2012-14030", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html" "name": "HPSBOV03226",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
"name" : "FEDORA-2012-14106", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html" "name": "SSRT101004",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=141879471518471&w=2"
"name" : "HPSBOV03226", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" "name": "51096",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51096"
"name" : "SSRT101004", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=141879471518471&w=2" "name": "50582",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50582"
"name" : "MDVSA-2012:152", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:152" "name": "RHSA-2012:1365",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1365.html"
"name" : "RHSA-2012:1365", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1365.html" "name": "RHSA-2012:1266",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1266.html"
"name" : "RHSA-2012:1267", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1267.html" "name": "openSUSE-SU-2012:1192",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html"
"name" : "RHSA-2012:1268", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1268.html" "name": "RHSA-2012:1267",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1267.html"
"name" : "RHSA-2012:1266", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1266.html" "name": "55522",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55522"
"name" : "openSUSE-SU-2012:1192", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00021.html" "name": "FEDORA-2012-13922",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087703.html"
"name" : "SUSE-SU-2012:1333", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00007.html" "name": "MDVSA-2012:152",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:152"
"name" : "SUSE-SU-2012:1199", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html" "name": "FEDORA-2012-14106",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087697.html"
"name" : "USN-1566-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1566-1" "name": "SUSE-SU-2012:1199",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00022.html"
"name" : "55522", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55522" "name": "APPLE-SA-2013-09-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
"name" : "50579", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50579" "name": "50579",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50579"
"name" : "50582", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50582" "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488",
}, "refsource": "CONFIRM",
{ "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952488"
"name" : "50673", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50673" "name": "50645",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50645"
"name" : "50560", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50560" "name": "SUSE-SU-2012:1333",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00007.html"
"name" : "50645", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50645" "name": "https://kb.isc.org/article/AA-00778",
}, "refsource": "CONFIRM",
{ "url": "https://kb.isc.org/article/AA-00778"
"name" : "51096", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51096" "name": "http://support.apple.com/kb/HT5880",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT5880"
} },
{
"name": "RHSA-2012:1268",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1268.html"
},
{
"name": "50560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50560"
},
{
"name": "FEDORA-2012-14030",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088381.html"
},
{
"name": "50673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50673"
}
]
}
} }

138
2012/4xxx/CVE-2012-4857.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4857", "ID": "CVE-2012-4857",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=swg21618994", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=swg21618994" "lang": "eng",
}, "value": "Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement."
{ }
"name" : "1027849", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1027849" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "informix-sql-bo(79737)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=swg21618994",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
},
{
"name": "1027849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027849"
},
{
"name": "informix-sql-bo(79737)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
}
]
}
} }

138
2012/4xxx/CVE-2012-4859.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4859", "ID": "CVE-2012-4859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615292", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615292" "lang": "eng",
}, "value": "Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors."
{ }
"name" : "IC87006", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87006" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "tsm-user-privilege-escalation(79843)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79843" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "tsm-user-privilege-escalation(79843)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79843"
},
{
"name": "IC87006",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC87006"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615292",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615292"
}
]
}
} }

118
2012/5xxx/CVE-2012-5308.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5308", "ID": "CVE-2012-5308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim Fix 1 allows remote attackers to hijack the authentication of arbitrary users for requests that create problem reports via a getReportProblem upload action."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html"
}
]
}
} }

118
2012/5xxx/CVE-2012-5336.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5336", "ID": "CVE-2012-5336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://owncloud.org/about/security/advisories/CVE-2012-5336/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/CVE-2012-5336/" "lang": "eng",
} "value": "lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/about/security/advisories/CVE-2012-5336/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/CVE-2012-5336/"
}
]
}
} }

378
2012/5xxx/CVE-2012-5840.json
View File

@ -1,192 +1,192 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5840", "ID": "CVE-2012-5840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4214."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805287", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=805287" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.palemoon.org/releasenotes-ng.shtml", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.palemoon.org/releasenotes-ng.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2012:173", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" ]
}, },
{ "references": {
"name" : "RHSA-2012:1482", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" "name": "USN-1638-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-3"
"name" : "RHSA-2012:1483", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1483.html" "name": "oval:org.mitre.oval:def:16904",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16904"
"name" : "openSUSE-SU-2012:1583", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" "name": "51370",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51370"
"name" : "openSUSE-SU-2012:1585", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" "name": "87606",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/87606"
"name" : "openSUSE-SU-2012:1586", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" "name": "USN-1638-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-2"
"name" : "SUSE-SU-2012:1592", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" "name": "openSUSE-SU-2012:1586",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
"name" : "openSUSE-SU-2013:0175", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" "name": "USN-1636-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1636-1"
"name" : "USN-1638-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-1" "name": "openSUSE-SU-2013:0175",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
"name" : "USN-1638-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-3" "name": "RHSA-2012:1483",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1483.html"
"name" : "USN-1638-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-2" "name": "mozilla-prepareeditor-code-exec(80190)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80190"
"name" : "USN-1636-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1636-1" "name": "http://www.palemoon.org/releasenotes-ng.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.palemoon.org/releasenotes-ng.shtml"
"name" : "56635", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56635" "name": "RHSA-2012:1482",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
"name" : "87606", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87606" "name": "51434",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51434"
"name" : "oval:org.mitre.oval:def:16904", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16904" "name": "openSUSE-SU-2012:1583",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
"name" : "51359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51359" "name": "51439",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51439"
"name" : "51360", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51360" "name": "51440",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51440"
"name" : "51369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51369" "name": "USN-1638-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-1"
"name" : "51381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51381" "name": "SUSE-SU-2012:1592",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
"name" : "51434", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51434" "name": "51359",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51359"
"name" : "51439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51439" "name": "MDVSA-2012:173",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
"name" : "51440", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51440" "name": "openSUSE-SU-2012:1585",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
"name" : "51370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51370" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=805287",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=805287"
"name" : "mozilla-prepareeditor-code-exec(80190)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80190" "name": "51381",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51381"
} },
{
"name": "56635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56635"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name": "51360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51360"
}
]
}
} }

32
2017/2xxx/CVE-2017-2859.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2859", "ID": "CVE-2017-2859",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

258
2017/3xxx/CVE-2017-3141.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-officer@isc.org", "ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC" : "2017-06-14T00:00:00.000Z", "DATE_PUBLIC": "2017-06-14T00:00:00.000Z",
"ID" : "CVE-2017-3141", "ID": "CVE-2017-3141",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Windows service and uninstall paths are not quoted when BIND is installed" "TITLE": "Windows service and uninstall paths are not quoted when BIND is installed"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIND 9", "product_name": "BIND 9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1" "version_value": "9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ISC" "vendor_name": "ISC"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "ISC would like to thank John Page aka hyp3rlinx for reporting this issue."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "No known active exploits but this generic weakness is already a well-known attack vector if user file access permissions do not adequately prevent the installation of malicious executables. "
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "HIGH",
"baseScore" : 7.2,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "This vulnerability exists in the installer delivered with BIND for Windows and not within BIND itself. Non-Windows builds and installations are unaffected. A manual installation of BIND where the service path is quoted when added would not be at risk."
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "ISC would like to thank John Page aka hyp3rlinx for reporting this issue."
"name" : "42121", }
"refsource" : "EXPLOIT-DB", ],
"url" : "https://www.exploit-db.com/exploits/42121/" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://kb.isc.org/docs/aa-01496", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://kb.isc.org/docs/aa-01496" {
}, "lang": "eng",
{ "value": "The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1."
"name" : "https://security.netapp.com/advisory/ntap-20180926-0001/", }
"refsource" : "CONFIRM", ]
"url" : "https://security.netapp.com/advisory/ntap-20180926-0001/" },
}, "exploit": [
{ {
"name" : "GLSA-201708-01", "lang": "eng",
"refsource" : "GENTOO", "value": "No known active exploits but this generic weakness is already a well-known attack vector if user file access permissions do not adequately prevent the installation of malicious executables. "
"url" : "https://security.gentoo.org/glsa/201708-01" }
}, ],
{ "impact": {
"name" : "99089", "cvss": {
"refsource" : "BID", "attackComplexity": "HIGH",
"url" : "http://www.securityfocus.com/bid/99089" "attackVector": "LOCAL",
}, "availabilityImpact": "HIGH",
{ "baseScore": 7.2,
"name" : "1038693", "baseSeverity": "HIGH",
"refsource" : "SECTRACK", "confidentialityImpact": "HIGH",
"url" : "http://www.securitytracker.com/id/1038693" "integrityImpact": "HIGH",
} "privilegesRequired": "HIGH",
] "scope": "CHANGED",
}, "userInteraction": "REQUIRED",
"solution" : [ "vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
{ "version": "3.0"
"lang" : "eng", }
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2" },
} "problemtype": {
], "problemtype_data": [
"source" : { {
"discovery" : "UNKNOWN" "description": [
}, {
"work_around" : [ "lang": "eng",
{ "value": "This vulnerability exists in the installer delivered with BIND for Windows and not within BIND itself. Non-Windows builds and installations are unaffected. A manual installation of BIND where the service path is quoted when added would not be at risk."
"lang" : "eng", }
"value" : "BIND installations on Windows are not at risk if the host file permissions prevent creation of a binary in a location where the service executor would run it instead of named.exe." ]
} }
] ]
},
"references": {
"reference_data": [
{
"name": "GLSA-201708-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"name": "https://kb.isc.org/docs/aa-01496",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01496"
},
{
"name": "1038693",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038693"
},
{
"name": "42121",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42121/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0001/"
},
{
"name": "99089",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99089"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.10-P1\n BIND 9 version 9.10.5-P1\n BIND 9 version 9.11.1-P1\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.10-S2\n BIND 9 version 9.10.5-S2"
}
],
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "BIND installations on Windows are not at risk if the host file permissions prevent creation of a binary in a location where the service executor would run it instead of named.exe."
}
]
} }

32
2017/3xxx/CVE-2017-3448.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3448", "ID": "CVE-2017-3448",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/6xxx/CVE-2017-6579.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6579", "ID": "CVE-2017-6579",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/6xxx/CVE-2017-6716.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6716", "ID": "CVE-2017-6716",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Firepower Management Center", "product_name": "Cisco Firepower Management Center",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Firepower Management Center" "version_value": "Cisco Firepower Management Center"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored Cross-Site Scripting Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2" "lang": "eng",
}, "value": "A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products: Cisco Firepower Management Center Software Releases prior to 6.0.0.0. More Information: CSCuy88785. Known Affected Releases: 5.4.1.6."
{ }
"name" : "99220", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99220" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Stored Cross-Site Scripting Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-fmc2"
},
{
"name": "99220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99220"
}
]
}
} }

128
2017/6xxx/CVE-2017-6745.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6745", "ID": "CVE-2017-6745",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Videoscape Distribution Suite Cache Server", "product_name": "Cisco Videoscape Distribution Suite Cache Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Videoscape Distribution Suite Cache Server" "version_value": "Cisco Videoscape Distribution Suite Cache Server"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds" "lang": "eng",
}, "value": "A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260."
{ }
"name" : "100106", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100106" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100106"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170802-vds"
}
]
}
} }

138
2017/6xxx/CVE-2017-6908.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6908", "ID": "CVE-2017-6908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the \"concrete5-legacy-master/web/concrete/tools/files/selector_data.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/concrete5/concrete5-legacy/commit/62046f511fc02ad783ad170404c80db3c69f0408", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/concrete5/concrete5-legacy/commit/62046f511fc02ad783ad170404c80db3c69f0408" "lang": "eng",
}, "value": "An issue was discovered in concrete5 <= 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data (fID) passed to the \"concrete5-legacy-master/web/concrete/tools/files/selector_data.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "https://github.com/concrete5/concrete5-legacy/issues/1948", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/concrete5/concrete5-legacy/issues/1948" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96891", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96891" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/concrete5/concrete5-legacy/commit/62046f511fc02ad783ad170404c80db3c69f0408",
"refsource": "CONFIRM",
"url": "https://github.com/concrete5/concrete5-legacy/commit/62046f511fc02ad783ad170404c80db3c69f0408"
},
{
"name": "96891",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96891"
},
{
"name": "https://github.com/concrete5/concrete5-legacy/issues/1948",
"refsource": "CONFIRM",
"url": "https://github.com/concrete5/concrete5-legacy/issues/1948"
}
]
}
} }

128
2017/7xxx/CVE-2017-7299.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7299", "ID": "CVE-2017-7299",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20908", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20908" "lang": "eng",
}, "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has an invalid read (of size 8) because the code to emit relocs (bfd_elf_final_link function in bfd/elflink.c) does not check the format of the input file before trying to read the ELF reloc section header. The vulnerability leads to a GNU linker (ld) program crash."
{ }
"name" : "97217", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97217" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20908",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20908"
},
{
"name": "97217",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97217"
}
]
}
} }

128
2017/7xxx/CVE-2017-7304.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7304", "ID": "CVE-2017-7304",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20931", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20931" "lang": "eng",
}, "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to an invalid read (of size 8) because of missing a check (in the copy_special_section_fields function) for an invalid sh_link field before attempting to follow it. This vulnerability causes Binutils utilities like strip to crash."
{ }
"name" : "97215", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97215" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97215"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20931",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20931"
}
]
}
} }

118
2017/7xxx/CVE-2017-7316.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7316", "ID": "CVE-2017-7316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Jun/45", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Jun/45" "lang": "eng",
} "value": "An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is XSS on the 404 page."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jun/45",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jun/45"
}
]
}
} }

118
2017/7xxx/CVE-2017-7337.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@fortinet.com", "ASSIGNER": "psirt@fortinet.com",
"ID" : "CVE-2017-7337", "ID": "CVE-2017-7337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Fortinet FortiPortal", "product_name": "Fortinet FortiPortal",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "FortiPortal versions 4.0.0 and below" "version_value": "FortiPortal versions 4.0.0 and below"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Fortinet, Inc." "vendor_name": "Fortinet, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://fortiguard.com/psirt/FG-IR-17-114", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://fortiguard.com/psirt/FG-IR-17-114" "lang": "eng",
} "value": "An improper Access Control vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to interact with unauthorized VDOMs or enumerate other ADOMs via another user's stolen session and CSRF tokens or the adomName parameter in the /fpc/sec/customer/policy/getAdomVersion request."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
} }

168
2017/8xxx/CVE-2017-8112.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8112", "ID": "CVE-2017-8112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/04/26/5" "lang": "eng",
}, "value": "hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (infinite loop and CPU consumption) via the message ring page count."
{ }
"name" : "[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation", ]
"refsource" : "MLIST", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1445621", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1445621" ]
}, },
{ "references": {
"name" : "GLSA-201706-03", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-03" "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"name" : "98015", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98015" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445621"
} },
{
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "[oss-security] 20170426 CVE-2017-8112 Qemu: scsi: vmw_pvscsi: infinite loop in pvscsi_log2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/26/5"
},
{
"name": "98015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98015"
},
{
"name": "[qemu-devel] 20170425 Re: [PATCH] vmw_pvscsi: check message ring page count at initialisation",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html"
}
]
}
} }

118
2018/10xxx/CVE-2018-10329.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10329", "ID": "CVE-2018-10329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/phpipam/phpipam/issues/1903", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpipam/phpipam/issues/1903" "lang": "eng",
} "value": "app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on /tools/mac-lookup/ via the mac parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/issues/1903",
"refsource": "CONFIRM",
"url": "https://github.com/phpipam/phpipam/issues/1903"
}
]
}
} }

32
2018/10xxx/CVE-2018-10332.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10332", "ID": "CVE-2018-10332",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/10xxx/CVE-2018-10623.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-31T00:00:00", "DATE_PUBLIC": "2018-05-31T00:00:00",
"ID" : "CVE-2018-10623", "ID": "CVE-2018-10623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Delta Industrial Automation DOPSoft", "product_name": "Delta Industrial Automation DOPSoft",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 4.00.04 and prior." "version_value": "Version 4.00.04 and prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Delta Electronics" "vendor_name": "Delta Electronics"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OUT-OF-BOUNDS READ CWE-125"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01" "lang": "eng",
}, "value": "Delta Electronics Delta Industrial Automation DOPSoft version 4.00.04 and prior performs read operations on a memory buffer where the position can be determined by a value read from a .dpa file. This may cause improper restriction of operations within the bounds of the memory buffer, allow remote code execution, alter the intended control flow, allow reading of sensitive information, or cause the application to crash."
{ }
"name" : "104375", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104375" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "OUT-OF-BOUNDS READ CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104375",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104375"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-151-01"
}
]
}
} }

118
2018/10xxx/CVE-2018-10760.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10760", "ID": "CVE-2018-10760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180513 CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/30" "lang": "eng",
} "value": "Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180513 CVE-2018-10759/CVE-2018-10760: Project Pier 0.8.8 vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/30"
}
]
}
} }

138
2018/14xxx/CVE-2018-14332.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14332", "ID": "CVE-2018-14332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332" "lang": "eng",
}, "value": "An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user opens a malformed mp3 file."
{ }
"name" : "https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/clementine-player/Clementine/issues/6078", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/clementine-player/Clementine/issues/6078" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/clementine-player/Clementine/issues/6078",
"refsource": "CONFIRM",
"url": "https://github.com/clementine-player/Clementine/issues/6078"
},
{
"name": "https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155",
"refsource": "CONFIRM",
"url": "https://github.com/clementine-player/Clementine/blob/e5ab3e786f9adde12cec3cc90cfe8c1cc6b06320/src/moodbar/moodbarpipeline.cpp#L155"
},
{
"name": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332",
"refsource": "MISC",
"url": "https://github.com/MostafaSoliman/Security-Advisories/blob/master/CVE-2018-14332"
}
]
}
} }

32
2018/17xxx/CVE-2018-17318.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17318", "ID": "CVE-2018-17318",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/17xxx/CVE-2018-17758.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17758", "ID": "CVE-2018-17758",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/17xxx/CVE-2018-17828.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17828", "ID": "CVE-2018-17828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/gdraheim/zziplib/issues/62", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/gdraheim/zziplib/issues/62" "lang": "eng",
} "value": "Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. (dot dot) in a zip file, because of the function unzzip_cat in the bins/unzzipcat-mem.c file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gdraheim/zziplib/issues/62",
"refsource": "MISC",
"url": "https://github.com/gdraheim/zziplib/issues/62"
}
]
}
} }

140
2018/17xxx/CVE-2018-17893.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-16T00:00:00", "DATE_PUBLIC": "2018-10-16T00:00:00",
"ID" : "CVE-2018-17893", "ID": "CVE-2018-17893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LAquis SCADA", "product_name": "LAquis SCADA",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.1.0.3870 and prior" "version_value": "4.1.0.3870 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "LCDS - Leão Consultoria e Desenvolvimento de Sistemas LTDA ME" "vendor_name": "LCDS - Le\u00e3o Consultoria e Desenvolvimento de Sistemas LTDA ME"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "UNTRUSTED POINTER DEREFERENCE CWE-822"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://laquisscada.com/instale1.php", "description_data": [
"refsource" : "MISC", {
"url" : "http://laquisscada.com/instale1.php" "lang": "eng",
}, "value": "LAquis SCADA Versions 4.1.0.3870 and prior has an untrusted pointer dereference vulnerability, which may allow remote code execution."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105719", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105719" "lang": "eng",
} "value": "UNTRUSTED POINTER DEREFERENCE CWE-822"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://laquisscada.com/instale1.php",
"refsource": "MISC",
"url": "http://laquisscada.com/instale1.php"
},
{
"name": "105719",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105719"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-289-01"
}
]
}
} }

32
2018/20xxx/CVE-2018-20037.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20037", "ID": "CVE-2018-20037",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20081", "ID": "CVE-2018-20081",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20209.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20209", "ID": "CVE-2018-20209",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20505.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20505", "ID": "CVE-2018-20505",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9195.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9195", "ID": "CVE-2018-9195",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9470.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9470", "ID": "CVE-2018-9470",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9579.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9579", "ID": "CVE-2018-9579",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9803.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9803", "ID": "CVE-2018-9803",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }