admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:34:14 +00:00
parent 6653eddfa2
commit 7a710c34d3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4201 additions and 4201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

250
2002/0xxx/CVE-2002-0068.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101431040422095&w=2"
},
{
"name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name" : "20020222 Squid buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101440163111826&w=2"
},
{
"name" : "RHSA-2002:029",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name" : "20020222 TSLSA-2002-0031 - squid",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101443252627021&w=2"
},
{
"name" : "MDKSA-2002:016",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name" : "CSSA-2002-010.0",
"refsource" : "CALDERA",
"url" : "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name" : "CSSA-2002-SCO.7",
"refsource" : "CALDERA",
"url" : "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name" : "CLA-2002:464",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464"
},
{
"name" : "SuSE-SA:2002:008",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name" : "FreeBSD-SA-02:12",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name" : "4148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4148"
},
{
"name" : "squid-ftpbuildtitleurl-bo(8258)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8258.php"
},
{
"name" : "5378",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464"
},
{
"name": "SuSE-SA:2002:008",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 Squid buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101440163111826&w=2"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101443252627021&w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101431040422095&w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "CSSA-2002-010.0",
"refsource": "CALDERA",
"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt"
},
{
"name": "5378",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5378"
},
{
"name": "squid-ftpbuildtitleurl-bo(8258)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8258.php"
},
{
"name": "4148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4148"
}
]
}
}

170
2002/0xxx/CVE-2002-0177.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020402 icecast 1.3.11 remote shell/root exploit - #temp",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101780890326179&w=2"
},
{
"name" : "20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101786838300906&w=2"
},
{
"name" : "20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101793704306035&w=2"
},
{
"name" : "http://www.xiph.org/archives/icecast/2616.html",
"refsource" : "CONFIRM",
"url" : "http://www.xiph.org/archives/icecast/2616.html"
},
{
"name" : "VU#596387",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/596387"
},
{
"name" : "4415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4415"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in icecast 1.3.11 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request from an MP3 client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020402 icecast 1.3.11 remote shell/root exploit - #temp",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101780890326179&w=2"
},
{
"name": "VU#596387",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/596387"
},
{
"name": "http://www.xiph.org/archives/icecast/2616.html",
"refsource": "CONFIRM",
"url": "http://www.xiph.org/archives/icecast/2616.html"
},
{
"name": "4415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4415"
},
{
"name": "20020403 Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101786838300906&w=2"
},
{
"name": "20020404 Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101793704306035&w=2"
}
]
}
}

160
2002/0xxx/CVE-2002-0728.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207",
"refsource" : "CONFIRM",
"url" : "ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207"
},
{
"name" : "MDKSA-2002:049",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php"
},
{
"name" : "CLA-2002:512",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512"
},
{
"name" : "DSA-140",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-140"
},
{
"name" : "RHSA-2002:152",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-152.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-140",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-140"
},
{
"name": "ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207",
"refsource": "CONFIRM",
"url": "ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207"
},
{
"name": "RHSA-2002:152",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-152.html"
},
{
"name": "CLA-2002:512",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000512"
},
{
"name": "MDKSA-2002:049",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-049.php"
}
]
}
}

160
2002/0xxx/CVE-2002-0885.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0885",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/273584"
},
{
"name" : "20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html"
},
{
"name" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt",
"refsource" : "MISC",
"url" : "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt"
},
{
"name" : "solaris-inrarpd-code-execution(9150)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9150.php"
},
{
"name" : "4791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and possibly other operating systems including Caldera UnixWare and Open UNIX, allow remote attackers to execute arbitrary code, possibly via the functions (1) syserr and (2) error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4791"
},
{
"name": "20020521 [VulnWatch] [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0074.html"
},
{
"name": "20020522 [DER Adv #7] - Multiple Vulnerabilities in solaris in.rarpd",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/273584"
},
{
"name": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt",
"refsource": "MISC",
"url": "ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.29/CSSA-2002-SCO.29.txt"
},
{
"name": "solaris-inrarpd-code-execution(9150)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9150.php"
}
]
}
}

160
2002/0xxx/CVE-2002-0901.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020527 AMANDA security issues",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/274215"
},
{
"name" : "amanda-operator-bo(9182)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9182.php"
},
{
"name" : "amanda-amindexd-bo(9181)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9181.php"
},
{
"name" : "4836",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4836"
},
{
"name" : "4840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Advanced Maryland Automatic Network Disk Archiver (AMANDA) 2.3.0.4 allow (1) remote attackers to execute arbitrary code via long commands to the amindexd daemon, or certain local users to execute arbitrary code via long command line arguments to the programs (2) amcheck, (3) amgetidx, (4) amtrmidx, (5) createindex-dump, or (6) createindex-gnutar."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "amanda-amindexd-bo(9181)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9181.php"
},
{
"name": "20020527 AMANDA security issues",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274215"
},
{
"name": "4836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4836"
},
{
"name": "amanda-operator-bo(9182)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9182.php"
},
{
"name": "4840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4840"
}
]
}
}

150
2002/1xxx/CVE-2002-1002.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html"
},
{
"name" : "20020627 Cluestick Advisory #001",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/279683"
},
{
"name" : "netware-imanage-username-dos(9444)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9444.php"
},
{
"name" : "5117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5117"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html"
},
{
"name": "netware-imanage-username-dos(9444)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9444.php"
},
{
"name": "20020627 Cluestick Advisory #001",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/279683"
},
{
"name": "5117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5117"
}
]
}
}

34
2002/1xxx/CVE-2002-1207.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1207",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1207",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2002/1xxx/CVE-2002-1237.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1237",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1237",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2002/1xxx/CVE-2002-1453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020814 new bugs in MyWebServer",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html"
},
{
"name" : "20020814 new bugs in MyWebServer",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102935720109934&w=2"
},
{
"name" : "5470",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5470"
},
{
"name" : "mywebserver-long-http-xss(9861)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9861.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020814 new bugs in MyWebServer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102935720109934&w=2"
},
{
"name": "20020814 new bugs in MyWebServer",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html"
},
{
"name": "5470",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5470"
},
{
"name": "mywebserver-long-http-xss(9861)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9861.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1938.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021022 Virgil CGI Scanner Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/296635"
},
{
"name" : "6031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6031"
},
{
"name" : "virgil-cgi-execute-commands(10444)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10444.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "virgil-cgi-execute-commands(10444)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10444.php"
},
{
"name": "6031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6031"
},
{
"name": "20021022 Virgil CGI Scanner Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/296635"
}
]
}
}

150
2002/2xxx/CVE-2002-2013.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020121 Mozilla Cookie Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
},
{
"name" : "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
"refsource" : "MISC",
"url" : "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
},
{
"name" : "3925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3925"
},
{
"name" : "mozilla-netscape-steal-cookies(7973)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7973.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3925"
},
{
"name": "20020121 Mozilla Cookie Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0270.html"
},
{
"name": "mozilla-netscape-steal-cookies(7973)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7973.php"
},
{
"name": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html",
"refsource": "MISC",
"url": "http://alive.znep.com/~marcs/security/mozillacookie/demo.html"
}
]
}
}

150
2002/2xxx/CVE-2002-2054.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102313697923798&w=2"
},
{
"name" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt",
"refsource" : "MISC",
"url" : "http://www.ifrance.com/kitetoua/tuto/Teekai.txt"
},
{
"name" : "4925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4925"
},
{
"name" : "teekais-forum-admin-access(9285)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9285.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TeeKai Forum 1.2 allows remote attackers to authenticate as the administrator and and gain privileged web forum access by setting the valid_level cookie to admin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/Teekai.txt"
},
{
"name": "20020603 Security holes in two Teekai's products + security hole in ncmail.netscape.com",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102313697923798&w=2"
},
{
"name": "4925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4925"
},
{
"name": "teekais-forum-admin-access(9285)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9285.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2325.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020724 Denial of Service bug in Pine 4.44",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/284086"
},
{
"name" : "5301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5301"
},
{
"name" : "pine-blank-boundary-dos(9668)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9668.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pine-blank-boundary-dos(9668)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9668.php"
},
{
"name": "20020724 Denial of Service bug in Pine 4.44",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284086"
},
{
"name": "5301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5301"
}
]
}
}

220
2003/0xxx/CVE-2003-0144.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030305 potential buffer overflow in lprm (fwd)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104690434504429&w=2"
},
{
"name" : "20030308 OpenBSD lprm(1) exploit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104714441925019&w=2"
},
{
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch"
},
{
"name" : "DSA-267",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-267"
},
{
"name" : "DSA-275",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-275"
},
{
"name" : "MDKSA-2003:059",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059"
},
{
"name" : "20030406-02-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P"
},
{
"name" : "SuSE-SA:2003:0014",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_014_lprold.html"
},
{
"name" : "7025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7025"
},
{
"name" : "8293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8293"
},
{
"name" : "lprm-bo(11473)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030406-02-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030406-02-P"
},
{
"name": "DSA-275",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-275"
},
{
"name": "7025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7025"
},
{
"name": "MDKSA-2003:059",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:059"
},
{
"name": "8293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8293"
},
{
"name": "SuSE-SA:2003:0014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_014_lprold.html"
},
{
"name": "DSA-267",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-267"
},
{
"name": "20030305 potential buffer overflow in lprm (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104690434504429&w=2"
},
{
"name": "20030308 OpenBSD lprm(1) exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104714441925019&w=2"
},
{
"name": "lprm-bo(11473)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11473"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.2/common/010_lprm.patch"
}
]
}
}

220
2005/1xxx/CVE-2005-1279.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396932"
},
{
"name" : "DSA-850",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-850"
},
{
"name" : "FLSA:156139",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name" : "RHSA-2005:417",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-417.html"
},
{
"name" : "RHSA-2005:421",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-421.html"
},
{
"name" : "SCOSA-2005.60",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
},
{
"name" : "13389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13389"
},
{
"name" : "oval:org.mitre.oval:def:9601",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9601"
},
{
"name" : "18146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18146"
},
{
"name" : "15125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15125"
},
{
"name" : "17101",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15125"
},
{
"name": "17101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17101"
},
{
"name": "RHSA-2005:421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-421.html"
},
{
"name": "oval:org.mitre.oval:def:9601",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9601"
},
{
"name": "20050426 tcpdump[v3.8.x/v3.9.1]: ISIS, BGP, and LDP infinite loop DOS exploits.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396932"
},
{
"name": "DSA-850",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-850"
},
{
"name": "RHSA-2005:417",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-417.html"
},
{
"name": "FLSA:156139",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name": "SCOSA-2005.60",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
},
{
"name": "18146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18146"
},
{
"name": "13389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13389"
}
]
}
}

120
2005/1xxx/CVE-2005-1340.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}

130
2005/1xxx/CVE-2005-1859.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2005-1859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050701-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20050701-01-P.asc"
},
{
"name" : "1014454",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050701-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20050701-01-P.asc"
},
{
"name": "1014454",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014454"
}
]
}
}

180
2009/1xxx/CVE-2009-1019.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35680"
},
{
"name" : "55884",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55884"
},
{
"name" : "1022560",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022560"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-database-netauth-unspecified(51748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55884",
"refsource": "OSVDB",
"url": "http://osvdb.org/55884"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "oracle-database-netauth-unspecified(51748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51748"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "35680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35680"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "1022560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022560"
}
]
}
}

150
2009/1xxx/CVE-2009-1248.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8291",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8291"
},
{
"name" : "34265",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34265"
},
{
"name" : "34485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34485"
},
{
"name" : "acutecontrol-themedirectory-file-include(49443)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49443"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in Acute Control Panel 1.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the theme_directory parameter to (1) container.php and (2) header.php in themes/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8291",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8291"
},
{
"name": "34265",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34265"
},
{
"name": "34485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34485"
},
{
"name": "acutecontrol-themedirectory-file-include(49443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49443"
}
]
}
}

130
2009/1xxx/CVE-2009-1600.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503183/100/0/threaded"
},
{
"name" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf",
"refsource" : "MISC",
"url" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf",
"refsource": "MISC",
"url": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf"
},
{
"name": "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503183/100/0/threaded"
}
]
}
}

180
2009/1xxx/CVE-2009-1983.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35697"
},
{
"name" : "55901",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55901"
},
{
"name" : "1022562",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022562"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-ebs-istore-unspecified(51766)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51766"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "oracle-ebs-istore-unspecified(51766)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51766"
},
{
"name": "55901",
"refsource": "OSVDB",
"url": "http://osvdb.org/55901"
},
{
"name": "35697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35697"
},
{
"name": "1022562",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022562"
}
]
}
}

180
2012/0xxx/CVE-2012-0178.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka \"Plug and Play (PnP) Configuration Manager Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-0178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-033",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-033"
},
{
"name" : "TA12-129A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name" : "53378",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53378"
},
{
"name" : "81735",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81735"
},
{
"name" : "oval:org.mitre.oval:def:15229",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15229"
},
{
"name" : "1027043",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027043"
},
{
"name" : "49115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka \"Plug and Play (PnP) Configuration Manager Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49115"
},
{
"name": "MS12-033",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-033"
},
{
"name": "1027043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027043"
},
{
"name": "81735",
"refsource": "OSVDB",
"url": "http://osvdb.org/81735"
},
{
"name": "TA12-129A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-129A.html"
},
{
"name": "53378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53378"
},
{
"name": "oval:org.mitre.oval:def:15229",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15229"
}
]
}
}

160
2012/0xxx/CVE-2012-0536.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "53099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53099"
},
{
"name" : "1026954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026954"
},
{
"name" : "48878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53099"
},
{
"name": "48878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48878"
},
{
"name": "1026954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026954"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2012/0xxx/CVE-2012-0677.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-06-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:17016",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted .m3u playlist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:17016",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17016"
},
{
"name": "APPLE-SA-2012-06-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jun/msg00000.html"
}
]
}
}

34
2012/0xxx/CVE-2012-0718.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0718",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0718",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2012/0xxx/CVE-2012-0835.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to \"administrator.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120203 CVE-request: Joomla! Security News 2012-02-03",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/03/6"
},
{
"name" : "[oss-security] 20120203 Re: CVE-request: Joomla! Security News 2012-02-03",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/03/9"
},
{
"name" : "http://developer.joomla.org/security/news/387-20120201-core-information-disclosure",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/387-20120201-core-information-disclosure"
},
{
"name" : "http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html"
},
{
"name" : "http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html"
},
{
"name" : "78824",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78824"
},
{
"name" : "47847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain sensitive information via unknown vectors related to \"administrator.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html"
},
{
"name": "[oss-security] 20120203 Re: CVE-request: Joomla! Security News 2012-02-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/03/9"
},
{
"name": "http://developer.joomla.org/security/news/387-20120201-core-information-disclosure",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/387-20120201-core-information-disclosure"
},
{
"name": "47847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47847"
},
{
"name": "http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5410-joomla-251-released.html"
},
{
"name": "[oss-security] 20120203 CVE-request: Joomla! Security News 2012-02-03",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/03/6"
},
{
"name": "78824",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78824"
}
]
}
}

190
2012/3xxx/CVE-2012-3526.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120822 CVE Request: Apache mod RPAF denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/22/2"
},
{
"name" : "[oss-security] 20120822 Re: CVE Request: Apache mod RPAF denial of service",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/22/7"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984"
},
{
"name" : "http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial",
"refsource" : "MISC",
"url" : "http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial"
},
{
"name" : "DSA-2532",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2532"
},
{
"name" : "55154",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55154"
},
{
"name" : "50400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50400"
},
{
"name" : "modrpaf-apache-dos(77987)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77987"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120822 CVE Request: Apache mod RPAF denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683984"
},
{
"name": "http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial",
"refsource": "MISC",
"url": "http://zecrazytux.net/troubleshooting/apache2-segfault-debugging-tutorial"
},
{
"name": "[oss-security] 20120822 Re: CVE Request: Apache mod RPAF denial of service",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/7"
},
{
"name": "55154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55154"
},
{
"name": "modrpaf-apache-dos(77987)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77987"
},
{
"name": "50400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50400"
},
{
"name": "DSA-2532",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2532"
}
]
}
}

170
2012/3xxx/CVE-2012-3668.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

150
2012/3xxx/CVE-2012-3735.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the \"Slide to Power Off\" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "85640",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85640"
},
{
"name" : "apple-ios-passcodelock-cve20123735(78683)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Passcode Lock implementation in Apple iOS before 6 does not properly interact with the \"Slide to Power Off\" feature, which allows physically proximate attackers to see the most recently used third-party app by watching the device's screen."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85640",
"refsource": "OSVDB",
"url": "http://osvdb.org/85640"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "apple-ios-passcodelock-cve20123735(78683)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78683"
}
]
}
}

300
2012/4xxx/CVE-2012-4213.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=795708",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=795708"
},
{
"name" : "openSUSE-SU-2012:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name" : "openSUSE-SU-2012:1585",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name" : "openSUSE-SU-2012:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name" : "SUSE-SU-2012:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2013:0175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name" : "USN-1638-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name" : "USN-1638-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name" : "USN-1638-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name" : "USN-1636-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name" : "56638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56638"
},
{
"name" : "oval:org.mitre.oval:def:16761",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16761"
},
{
"name" : "51369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51369"
},
{
"name" : "51381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51381"
},
{
"name" : "51434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51434"
},
{
"name" : "51439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51439"
},
{
"name" : "51440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51440"
},
{
"name" : "51370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1638-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name": "51370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51370"
},
{
"name": "USN-1638-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name": "openSUSE-SU-2012:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name": "USN-1636-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name": "openSUSE-SU-2013:0175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name": "51434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51434"
},
{
"name": "openSUSE-SU-2012:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name": "51439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51439"
},
{
"name": "oval:org.mitre.oval:def:16761",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16761"
},
{
"name": "51440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51440"
},
{
"name": "USN-1638-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name": "SUSE-SU-2012:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "56638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56638"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=795708",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=795708"
}
]
}
}

130
2012/4xxx/CVE-2012-4331.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"refsource" : "MLIST",
"url" : "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
},
{
"name" : "1026970",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026970"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack vectors that are not related to cross-site scripting (XSS), different vulnerabilities than CVE-2012-2151."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1026970",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026970"
},
{
"name": "[Spip-en] 20120423 New stable releases SPIP 1.9.2o, 2.0.18 et 2.1.13 are availables",
"refsource": "MLIST",
"url": "http://archives.rezo.net/archives/spip-en.mbox/U5QUZ6WJRAJC7H5BR7W5SQG6WCD3PXL7/"
}
]
}
}

160
2012/4xxx/CVE-2012-4426.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/06/8"
},
{
"name" : "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/06/9"
},
{
"name" : "[oss-security] 20120910 Re: CVE request - mcrypt buffer overflow flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/10/5"
},
{
"name" : "[oss-security] 20120913 Re: CVE request - mcrypt buffer overflow flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/13/22"
},
{
"name" : "55557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55557"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120910 Re: CVE request - mcrypt buffer overflow flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/10/5"
},
{
"name": "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/06/9"
},
{
"name": "[oss-security] 20120913 Re: CVE request - mcrypt buffer overflow flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/22"
},
{
"name": "55557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55557"
},
{
"name": "[oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/06/8"
}
]
}
}

160
2012/4xxx/CVE-2012-4731.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rt-announce] 20121025 RTFM 2.4.5 Released",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html"
},
{
"name" : "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource" : "MLIST",
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name" : "DSA-2568",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2568"
},
{
"name" : "51062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51062"
},
{
"name" : "51111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51111"
},
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
},
{
"name": "DSA-2568",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2568"
},
{
"name": "[rt-announce] 20121025 RTFM 2.4.5 Released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000215.html"
},
{
"name": "51062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51062"
}
]
}
}

140
2012/6xxx/CVE-2012-6101.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130121 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/01/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=220162",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=220162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=220162",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=220162"
},
{
"name": "[oss-security] 20130121 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/21/1"
}
]
}
}

34
2012/6xxx/CVE-2012-6291.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6291",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6291",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/6xxx/CVE-2012-6695.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource" : "MISC",
"url" : "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name" : "https://twitter.com/digitalbond/status/619250429751222277",
"refsource" : "MISC",
"url" : "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1"
},
{
"name" : "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource" : "CONFIRM",
"url" : "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of ddpadmin for the ddpadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C40_WS_INST_SV_2063534-001r2.pdf?REQ=RAA&DIRECTION=2063534-001&FILENAME=C40_WS_INST_SV_2063534-001r2.pdf&FILEREV=1&DOCREV_ORG=1"
},
{
"name": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/",
"refsource": "MISC",
"url": "http://www.forbes.com/sites/thomasbrewster/2015/07/10/vulnerable-breasts/"
},
{
"name": "https://twitter.com/digitalbond/status/619250429751222277",
"refsource": "MISC",
"url": "https://twitter.com/digitalbond/status/619250429751222277"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-037-02"
},
{
"name": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1",
"refsource": "CONFIRM",
"url": "http://apps.gehealthcare.com/servlet/ClientServlet/C401_WS_INST_SV_2069560001r1.pdf?REQ=RAA&DIRECTION=2069560-001&FILENAME=C401_WS_INST_SV_2069560001r1.pdf&FILEREV=1&DOCREV_ORG=1"
}
]
}
}

148
2017/1002xxx/CVE-2017-1002001.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-03-01",
"ID" : "CVE-2017-1002001",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mobile-app-builder-by-wappress",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "1.05"
}
]
}
}
]
},
"vendor_name" : "Invedion"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unrestricted File Upload"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-03-01",
"ID": "CVE-2017-1002001",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mobile-app-builder-by-wappress",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "1.05"
}
]
}
}
]
},
"vendor_name": "Invedion"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41540",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41540/"
},
{
"name" : "http://www.vapidlabs.com/advisory.php?v=180",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=180"
},
{
"name" : "https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress/",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in wordpress plugin mobile-app-builder-by-wappress v1.05, The plugin includes unlicensed vulnerable CMS software from http://www.invedion.com."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unrestricted File Upload"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins-wp/mobile-app-builder-by-wappress/"
},
{
"name": "41540",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41540/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=180",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=180"
}
]
}
}

140
2017/2xxx/CVE-2017-2400.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"SafariViewController\" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97138"
},
{
"name" : "1038139",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"SafariViewController\" component. It allows attackers to obtain sensitive information by leveraging the SafariViewController's incorrect synchronization of Safari cache clearing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038139"
},
{
"name": "97138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97138"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

160
2017/2xxx/CVE-2017-2448.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the \"Keychain\" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97134"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. The issue involves the \"Keychain\" component. It allows man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging lack of authentication for OTR packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97134"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

34
2017/2xxx/CVE-2017-2655.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2655",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2655",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

132
2017/2xxx/CVE-2017-2708.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nice",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier before Nice-AL00C00B0135"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nice",
"version": {
"version_data": [
{
"version_value": "Versions earlier before Nice-AL00C00B0135"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"
},
{
"name" : "95911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The 'Find Phone' function in Nice smartphones with software versions earlier before Nice-AL00C00B0135 has an authentication bypass vulnerability. An unauthenticated attacker may wipe and factory reset the phone by special steps. Due to missing authentication of the 'Find Phone' function, an attacker may exploit the vulnerability to bypass the 'Find Phone' function in order to use the phone normally."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95911"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170125-01-smartphone-en"
}
]
}
}

138
2017/6xxx/CVE-2017-6136.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-12-20T00:00:00",
"ID" : "CVE-2017-6136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0"
},
{
"version_value" : "12.0.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
},
{
"version_value": "12.0.0 - 12.1.2"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K81137982",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K81137982"
},
{
"name" : "1040046",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and WebSafe software version 13.0.0 and 12.0.0 - 12.1.2, undisclosed traffic patterns sent to BIG-IP virtual servers, with the TCP Fast Open and Tail Loss Probe options enabled in the associated TCP profile, may cause a disruption of service to the Traffic Management Microkernel (TMM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040046"
},
{
"name": "https://support.f5.com/csp/article/K81137982",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K81137982"
}
]
}
}

140
2017/6xxx/CVE-2017-6547.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41571",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41571/"
},
{
"name" : "https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss",
"refsource" : "MISC",
"url" : "https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss"
},
{
"name" : "96938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41571",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41571/"
},
{
"name": "96938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96938"
},
{
"name": "https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss",
"refsource": "MISC",
"url": "https://bierbaumer.net/security/asuswrt/#cross-site-scripting-xss"
}
]
}
}

160
2017/6xxx/CVE-2017-6753.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco WebEx Browser Extension",
"version" : {
"version_data" : [
{
"version_value" : "Cisco WebEx Browser Extension"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco WebEx Browser Extension",
"version": {
"version_data": [
{
"version_value": "Cisco WebEx Browser Extension"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name" : "99614",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99614"
},
{
"name" : "1038909",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038909"
},
{
"name" : "1038910",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038910"
},
{
"name" : "1038911",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038911",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038911"
},
{
"name": "99614",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99614"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex"
},
{
"name": "1038910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038910"
},
{
"name": "1038909",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038909"
}
]
}
}

142
2017/6xxx/CVE-2017-6775.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2017-08-16T00:00:00",
"ID" : "CVE-2017-6775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "StarOS for ASR 5000 Series Aggregated Services Routers",
"version" : {
"version_data" : [
{
"version_value" : "21.0.v0.65839"
}
]
}
}
]
},
"vendor_name" : "Cisco Systems, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2017-08-16T00:00:00",
"ID": "CVE-2017-6775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "StarOS for ASR 5000 Series Aggregated Services Routers",
"version": {
"version_data": [
{
"version_value": "21.0.v0.65839"
}
]
}
}
]
},
"vendor_name": "Cisco Systems, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170816 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
},
{
"name" : "100381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100381"
},
{
"name" : "1039183",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS operating system could allow an authenticated, local attacker to elevate their privileges to admin-level privileges. The vulnerability is due to incorrect permissions that are given to a set of users. An attacker could exploit this vulnerability by logging in to the shell of an affected device and elevating their privileges by modifying environment variables. An exploit could allow the attacker to gain admin-level privileges and take control of the affected device. Cisco Bug IDs: CSCvd47741. Known Affected Releases: 21.0.v0.65839."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100381"
},
{
"name": "20170816 Cisco StarOS for ASR 5000 Series Routers Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-staros3"
},
{
"name": "1039183",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039183"
}
]
}
}

260
2017/7xxx/CVE-2017-7472.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2017-7472",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux kernel before 4.10.13",
"version" : {
"version_data" : [
{
"version_value" : "Linux kernel before 4.10.13"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "exhaust kernel memory"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux kernel before 4.10.13",
"version": {
"version_data": [
{
"version_value": "Linux kernel before 4.10.13"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42136",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42136/"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/05/11/1",
"refsource" : "CONFIRM",
"url" : "http://openwall.com/lists/oss-security/2017/05/11/1"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=1034862",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=1034862"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
},
{
"name" : "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name" : "https://lkml.org/lkml/2017/4/1/235",
"refsource" : "CONFIRM",
"url" : "https://lkml.org/lkml/2017/4/1/235"
},
{
"name" : "https://lkml.org/lkml/2017/4/3/724",
"refsource" : "CONFIRM",
"url" : "https://lkml.org/lkml/2017/4/3/724"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13"
},
{
"name" : "RHSA-2018:0151",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name" : "RHSA-2018:0152",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"name" : "RHSA-2018:0181",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"name" : "SUSE-SU-2018:0011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name" : "98422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98422"
},
{
"name" : "1038471",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "exhaust kernel memory"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name": "https://lkml.org/lkml/2017/4/3/724",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2017/4/3/724"
},
{
"name": "RHSA-2018:0181",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0181"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1442086"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13"
},
{
"name": "SUSE-SU-2018:0011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
},
{
"name": "RHSA-2018:0152",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0152"
},
{
"name": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b"
},
{
"name": "98422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98422"
},
{
"name": "1038471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038471"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=1034862",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=1034862"
},
{
"name": "42136",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42136/"
},
{
"name": "http://openwall.com/lists/oss-security/2017/05/11/1",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/05/11/1"
},
{
"name": "RHSA-2018:0151",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0151"
},
{
"name": "https://lkml.org/lkml/2017/4/1/235",
"refsource": "CONFIRM",
"url": "https://lkml.org/lkml/2017/4/1/235"
}
]
}
}

140
2018/11xxx/CVE-2018-11346.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11346",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the \"download_sys_settings\" action and then specify files arbitrarily throughout the system via the act parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/2"
},
{
"name" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource" : "MISC",
"url" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name" : "https://github.com/mefulton/asustorexploit",
"refsource" : "MISC",
"url" : "https://github.com/mefulton/asustorexploit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the \"download_sys_settings\" action and then specify files arbitrarily throughout the system via the act parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource": "MISC",
"url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name": "https://github.com/mefulton/asustorexploit",
"refsource": "MISC",
"url": "https://github.com/mefulton/asustorexploit"
},
{
"name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/2"
}
]
}
}

150
2018/14xxx/CVE-2018-14028.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://core.trac.wordpress.org/ticket/44710",
"refsource" : "MISC",
"url" : "https://core.trac.wordpress.org/ticket/44710"
},
{
"name" : "https://github.com/rastating/wordpress-exploit-framework/pull/52",
"refsource" : "MISC",
"url" : "https://github.com/rastating/wordpress-exploit-framework/pull/52"
},
{
"name" : "https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/",
"refsource" : "MISC",
"url" : "https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/"
},
{
"name" : "105060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but the PHP file remains in a predictable wp-content/uploads location, allowing for an attacker to then execute the file. This represents a security risk in limited scenarios where an attacker (who does have the required capabilities for plugin uploads) cannot simply place arbitrary PHP code into a valid plugin ZIP file and upload that plugin, because a machine's wp-content/plugins directory permissions were set up to block all new plugins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://core.trac.wordpress.org/ticket/44710",
"refsource": "MISC",
"url": "https://core.trac.wordpress.org/ticket/44710"
},
{
"name": "https://github.com/rastating/wordpress-exploit-framework/pull/52",
"refsource": "MISC",
"url": "https://github.com/rastating/wordpress-exploit-framework/pull/52"
},
{
"name": "https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/",
"refsource": "MISC",
"url": "https://rastating.github.io/unrestricted-file-upload-via-plugin-uploader-in-wordpress/"
},
{
"name": "105060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105060"
}
]
}
}

130
2018/14xxx/CVE-2018-14297.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-757",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-757"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of FreeText annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6213."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-757",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-757"
}
]
}
}

120
2018/14xxx/CVE-2018-14590.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/axiomatic-systems/Bento4/issues/305",
"refsource" : "MISC",
"url" : "https://github.com/axiomatic-systems/Bento4/issues/305"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/305",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/305"
}
]
}
}

132
2018/14xxx/CVE-2018-14808.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-09-27T00:00:00",
"ID" : "CVE-2018-14808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "AMS Device Manager",
"version" : {
"version_data" : [
{
"version_value" : "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name" : "Emerson"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-09-27T00:00:00",
"ID": "CVE-2018-14808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AMS Device Manager",
"version": {
"version_data": [
{
"version_value": "v12.0 to v13.5"
}
]
}
}
]
},
"vendor_name": "Emerson"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name" : "105406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Emerson AMS Device Manager v12.0 to v13.5. Non-administrative users are able to change executable and library files on the affected products."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER PRIVILEGE MANAGEMENT CWE-269"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-270-01"
},
{
"name": "105406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105406"
}
]
}
}

34
2018/14xxx/CVE-2018-14909.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14909",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14909",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15073.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15073",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15073",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/15xxx/CVE-2018-15711.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}

34
2018/15xxx/CVE-2018-15921.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15921",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-15921",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

130
2018/15xxx/CVE-2018-15991.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106164"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/20xxx/CVE-2018-20110.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20110",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20110",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

34
2018/20xxx/CVE-2018-20143.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20143",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20143",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9087.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9087",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9087",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/9xxx/CVE-2018-9507.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00",
"ID" : "CVE-2018-9507",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9",
"refsource" : "MISC",
"url" : "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9"
},
{
"name" : "https://source.android.com/security/bulletin/2018-10-01,",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name" : "105482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9"
},
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
}
]
}
}

34
2018/9xxx/CVE-2018-9741.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9741",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9741",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9752.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9752",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9752",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9892.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9892",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9892",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/9xxx/CVE-2018-9925.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/idreamsoft/iCMS/issues/18",
"refsource" : "MISC",
"url" : "https://github.com/idreamsoft/iCMS/issues/18"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/idreamsoft/iCMS/issues/18",
"refsource": "MISC",
"url": "https://github.com/idreamsoft/iCMS/issues/18"
}
]
}
}