admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:52:36 +00:00
parent a58889592a
commit 7b1c1af9ff
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3615 additions and 3615 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
2002/0xxx/CVE-2002-0034.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0034",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0034",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected."
"lang": "eng",
"value": "The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#361065",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/361065"
"name": "Q237399",
"refsource": "MS",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];237399"
},
{
"name" : "Q237399",
"refsource" : "MS",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];237399"
"name": "VU#361065",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361065"
}
]
}

110
2002/0xxx/CVE-2002-0657.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0657",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0657",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key."
"lang": "eng",
"value": "Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "CA-2002-23",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-23.html"
"name": "MDKSA-2002:046",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
},
{
"name" : "VU#561275",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/561275"
"name": "CSSA-2002-033.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
},
{
"name" : "CSSA-2002-033.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
"name": "CA-2002-23",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-23.html"
},
{
"name" : "CSSA-2002-033.1",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
"name": "VU#561275",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/561275"
},
{
"name" : "FreeBSD-SA-02:33",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
"name": "CSSA-2002-033.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
},
{
"name" : "MDKSA-2002:046",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
"name": "CLA-2002:513",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513"
},
{
"name" : "CLA-2002:513",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513"
"name": "FreeBSD-SA-02:33",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
},
{
"name" : "openssl-ssl3-masterkey-bo(9715)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9715.php"
"name": "openssl-ssl3-masterkey-bo(9715)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9715.php"
},
{
"name" : "5361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5361"
"name": "5361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5361"
}
]
}

68
2002/1xxx/CVE-2002-1736.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1736",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1736",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via \"unfiltered user input.\""
"lang": "eng",
"value": "Unknown vulnerability in CGINews before 1.06 allow remote attackers to read arbitrary files via \"unfiltered user input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1003506",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1003506"
"name": "1003506",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003506"
},
{
"name" : "cginews-view-files(8187)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8187"
"name": "cginews-view-files(8187)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8187"
}
]
}

80
2002/1xxx/CVE-2002-1859.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1859",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1859",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")."
"lang": "eng",
"value": "Orion Application Server 1.5.3, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot (\"WEB-INF.\")."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/279582"
"name": "5119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5119"
},
{
"name" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt",
"refsource" : "MISC",
"url" : "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt"
"name": "webinf-dot-file-retrieval(9446)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9446.php"
},
{
"name" : "5119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5119"
"name": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt",
"refsource": "MISC",
"url": "http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt"
},
{
"name" : "webinf-dot-file-retrieval(9446)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9446.php"
"name": "20020628 wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/279582"
}
]
}

80
2002/2xxx/CVE-2002-2062.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2062",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2062",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with \"Enable folder view for FTP sites\" and \"Enable Web content in folders\" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explorer 5.5 and 6.0, when running on Windows 2000 with \"Enable folder view for FTP sites\" and \"Enable Web content in folders\" selected, allows remote attackers to inject arbitrary web script or HTML via the hostname portion of an FTP URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020606 Microsoft Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html"
"name": "4954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4954"
},
{
"name" : "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html",
"refsource" : "MISC",
"url" : "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html"
"name": "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html",
"refsource": "MISC",
"url": "http://www.geocities.co.jp/SiliconValley/1667/advisory02e.html"
},
{
"name" : "4954",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4954"
"name": "20020606 Microsoft Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0037.html"
},
{
"name" : "ie-ftp-name-xss(9290)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9290.php"
"name": "ie-ftp-name-xss(9290)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9290.php"
}
]
}

74
2002/2xxx/CVE-2002-2201.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2201",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2201",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
"lang": "eng",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "FreeBSD-SN-02:05",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
"name": "FreeBSD-SN-02:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name" : "http://www.webmin.com/updates.html",
"refsource" : "CONFIRM",
"url" : "http://www.webmin.com/updates.html"
"name": "webmin-printer-shell-commands(10052)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"name" : "webmin-printer-shell-commands(10052)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10052.php"
"name": "http://www.webmin.com/updates.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/updates.html"
}
]
}

62
2003/0xxx/CVE-2003-0343.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0343",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0343",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks."
"lang": "eng",
"value": "BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an \"Account does not exist\" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105353283720837&w=2"
"name": "20030520 [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105353283720837&w=2"
}
]
}

68
2003/0xxx/CVE-2003-0522.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0522",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0522",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030704 Another ProductCart SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105733145930031&w=2"
"name": "20030705 Re: Another ProductCart SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105760660928715&w=2"
},
{
"name" : "20030705 Re: Another ProductCart SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105760660928715&w=2"
"name": "20030704 Another ProductCart SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105733145930031&w=2"
}
]
}

98
2003/0xxx/CVE-2003-0643.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0643",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0643",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)."
"lang": "eng",
"value": "Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml",
"refsource" : "MISC",
"url" : "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml"
"name": "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog",
"refsource": "CONFIRM",
"url": "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog"
},
{
"name" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch",
"refsource" : "MISC",
"url" : "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch"
"name": "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch",
"refsource": "MISC",
"url": "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch"
},
{
"name" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog"
"name": "23265",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23265"
},
{
"name" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog",
"refsource" : "CONFIRM",
"url" : "http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog"
"name": "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml",
"refsource": "MISC",
"url": "http://www.ultramonkey.org/bugs/cve/CAN-2003-0643.shtml"
},
{
"name" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch",
"refsource" : "MISC",
"url" : "http://ftp.belnet.be/linux/gentoo-portage/sys-kernel/gentoo-sources/files/gentoo-sources-2.4.CAN-2003-0643.patch"
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
},
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX06_004_v11.pdf"
"name": "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog",
"refsource": "CONFIRM",
"url": "http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog"
},
{
"name" : "23265",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23265"
"name": "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch",
"refsource": "MISC",
"url": "http://www.ultramonkey.org/bugs/cve-patch/CAN-2003-0643.patch"
}
]
}

68
2003/0xxx/CVE-2003-0930.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0930",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0930",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy."
"lang": "eng",
"value": "Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109241692108678&w=2"
"name": "http://www.corsaire.com/advisories/c030807-001.txt",
"refsource": "MISC",
"url": "http://www.corsaire.com/advisories/c030807-001.txt"
},
{
"name" : "http://www.corsaire.com/advisories/c030807-001.txt",
"refsource" : "MISC",
"url" : "http://www.corsaire.com/advisories/c030807-001.txt"
"name": "20040813 Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109241692108678&w=2"
}
]
}

80
2009/1xxx/CVE-2009-1422.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1422",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1422",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209."
"lang": "eng",
"value": "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBGN02446",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
"name": "ADV-2009-1869",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1869"
},
{
"name" : "SSRT090111",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
"name": "SSRT090111",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
},
{
"name" : "1022536",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022536"
"name": "1022536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022536"
},
{
"name" : "ADV-2009-1869",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1869"
"name": "HPSBGN02446",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
}
]
}

104
2009/1xxx/CVE-2009-1442.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1442",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1442",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas."
"lang": "eng",
"value": "Multiple integer overflows in Skia, as used in Google Chrome 1.x before 1.0.154.64 and 2.x, and possibly Android, might allow remote attackers to execute arbitrary code in the renderer process via a crafted (1) image or (2) canvas."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=10736",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=10736"
"name": "http://code.google.com/p/chromium/issues/detail?id=10736",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=10736"
},
{
"name" : "http://code.google.com/p/skia/source/detail?r=159",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/skia/source/detail?r=159"
"name": "ADV-2009-1266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1266"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html"
"name": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html"
},
{
"name" : "34859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34859"
"name": "35014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35014"
},
{
"name" : "54248",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54248"
"name": "54248",
"refsource": "OSVDB",
"url": "http://osvdb.org/54248"
},
{
"name" : "1022175",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022175"
"name": "1022175",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022175"
},
{
"name" : "35014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35014"
"name": "34859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34859"
},
{
"name" : "ADV-2009-1266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1266"
"name": "http://code.google.com/p/skia/source/detail?r=159",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/skia/source/detail?r=159"
}
]
}

22
2009/5xxx/CVE-2009-5046.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5046",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5046",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2012/0xxx/CVE-2012-0336.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0336",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0336",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

140
2012/0xxx/CVE-2012-0471.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0471",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0471",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=715319",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=715319"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715319",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=715319"
"name": "48922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48922"
},
{
"name" : "DSA-2457",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2457"
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-24.html"
},
{
"name" : "DSA-2458",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2458"
"name": "oval:org.mitre.oval:def:16961",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961"
},
{
"name" : "DSA-2464",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2464"
"name": "49055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49055"
},
{
"name" : "MDVSA-2012:066",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066"
"name": "DSA-2458",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2458"
},
{
"name" : "MDVSA-2012:081",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081"
"name": "48920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48920"
},
{
"name" : "53219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53219"
"name": "53219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53219"
},
{
"name" : "oval:org.mitre.oval:def:16961",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16961"
"name": "DSA-2457",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2457"
},
{
"name" : "48972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48972"
"name": "DSA-2464",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2464"
},
{
"name" : "49047",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49047"
"name": "MDVSA-2012:081",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:081"
},
{
"name" : "49055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49055"
"name": "48972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48972"
},
{
"name" : "48920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48920"
"name": "MDVSA-2012:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:066"
},
{
"name" : "48922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48922"
"name": "49047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49047"
}
]
}

68
2012/0xxx/CVE-2012-0912.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0912",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0912",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf"
"name": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf",
"refsource": "CONFIRM",
"url": "http://www.stone-ware.com/support/techdocs/kb/d1960/sb_6_0_8.pdf"
},
{
"name" : "http://www.stone-ware.com/swql.jsp?kb=d1960",
"refsource" : "CONFIRM",
"url" : "http://www.stone-ware.com/swql.jsp?kb=d1960"
"name": "http://www.stone-ware.com/swql.jsp?kb=d1960",
"refsource": "CONFIRM",
"url": "http://www.stone-ware.com/swql.jsp?kb=d1960"
}
]
}

74
2012/0xxx/CVE-2012-0999.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0999",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0999",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.htbridge.ch/advisory/HTB23072",
"refsource" : "MISC",
"url" : "https://www.htbridge.ch/advisory/HTB23072"
"name": "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt",
"refsource": "CONFIRM",
"url": "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt"
},
{
"name" : "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt",
"refsource" : "CONFIRM",
"url" : "http://www.lepton-cms.org/media/changelog/changelog_1.1.4.txt"
"name": "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php",
"refsource": "CONFIRM",
"url": "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php"
},
{
"name" : "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php",
"refsource" : "CONFIRM",
"url" : "http://www.lepton-cms.org/posts/security-release-lepton-1.1.4-52.php"
"name": "https://www.htbridge.ch/advisory/HTB23072",
"refsource": "MISC",
"url": "https://www.htbridge.ch/advisory/HTB23072"
}
]
}

22
2012/1xxx/CVE-2012-1341.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1341",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1341",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2012/3xxx/CVE-2012-3036.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3036",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-3036",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
}
]
}

110
2012/3xxx/CVE-2012-3214.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3214",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3214",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
"name": "TA12-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
"name": "oval:org.mitre.oval:def:16178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16178"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
"name": "MS13-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013"
},
{
"name" : "MS12-080",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080"
"name": "oval:org.mitre.oval:def:16500",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16500"
},
{
"name" : "MS13-013",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-013"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name" : "TA12-346A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
"name": "MS12-080",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-080"
},
{
"name" : "TA13-043B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "oval:org.mitre.oval:def:16178",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16178"
"name": "TA13-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
},
{
"name" : "oval:org.mitre.oval:def:16500",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16500"
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}

146
2012/3xxx/CVE-2012-3400.json
View File

@ -1,131 +1,131 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3400",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3400",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem."
"lang": "eng",
"value": "Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel before 3.4.5 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120709 Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/10/2"
"name": "USN-1556-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1556-1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256"
"name": "[oss-security] 20120709 Re: CVE Request: Stability fixes in UDF Logical Volume Descriptor handling",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/10/2"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
"name": "USN-1557-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1557-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=843139",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=843139"
"name": "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256"
},
{
"name" : "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=843139",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=843139"
},
{
"name" : "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/adee11b2085bee90bd8f4f52123ffb07882d6256"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=adee11b2085bee90bd8f4f52123ffb07882d6256"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
"name": "USN-1555-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1555-1"
},
{
"name" : "RHSA-2013:0594",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0594.html"
"name": "USN-1529-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
},
{
"name" : "USN-1557-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1557-1"
"name": "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/1df2ae31c724e57be9d7ac00d78db8a5dabdd050"
},
{
"name" : "USN-1529-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1529-1"
"name": "RHSA-2013:0594",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0594.html"
},
{
"name" : "USN-1555-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1555-1"
"name": "50506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50506"
},
{
"name" : "USN-1556-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1556-1"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1df2ae31c724e57be9d7ac00d78db8a5dabdd050"
},
{
"name" : "50506",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50506"
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
}
]
}

176
2012/3xxx/CVE-2012-3547.json
View File

@ -1,156 +1,156 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3547",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3547",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
"lang": "eng",
"value": "Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS 2.1.10 through 2.1.12, when using TLS-based EAP methods, allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via a long \"not after\" timestamp in a client certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
"name": "50584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50584"
},
{
"name" : "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/10/2"
"name": "APPLE-SA-2013-10-22-5",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
},
{
"name" : "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt",
"refsource" : "MISC",
"url" : "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
"name": "50637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50637"
},
{
"name" : "http://freeradius.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://freeradius.org/security.html"
"name": "USN-1585-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1585-1"
},
{
"name" : "APPLE-SA-2013-10-22-5",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00006.html"
"name": "RHSA-2012:1327",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
},
{
"name" : "DSA-2546",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2546"
"name": "50484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50484"
},
{
"name" : "FEDORA-2012-15743",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
"name": "DSA-2546",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2546"
},
{
"name" : "MDVSA-2012:159",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
"name": "55483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55483"
},
{
"name" : "RHSA-2012:1327",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1327.html"
"name": "1027509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027509"
},
{
"name" : "RHSA-2012:1326",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
"name": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt",
"refsource": "MISC",
"url": "http://www.pre-cert.de/advisories/PRE-SA-2012-06.txt"
},
{
"name" : "openSUSE-SU-2012:1200",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
"name": "20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0043.html"
},
{
"name" : "USN-1585-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1585-1"
"name": "[oss-security] 20120910 [PRE-SA-2012-06] FreeRADIUS: Stack Overflow in TLS-based EAP Methods",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/10/2"
},
{
"name" : "55483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55483"
"name": "MDVSA-2012:159",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:159"
},
{
"name" : "85325",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85325"
"name": "openSUSE-SU-2012:1200",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00023.html"
},
{
"name" : "1027509",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027509"
"name": "freeradius-cbtlsverify-bo(78408)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
},
{
"name" : "50484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50484"
"name": "RHSA-2012:1326",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1326.html"
},
{
"name" : "50584",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50584"
"name": "85325",
"refsource": "OSVDB",
"url": "http://osvdb.org/85325"
},
{
"name" : "50637",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50637"
"name": "50770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50770"
},
{
"name" : "50770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50770"
"name": "http://freeradius.org/security.html",
"refsource": "CONFIRM",
"url": "http://freeradius.org/security.html"
},
{
"name" : "freeradius-cbtlsverify-bo(78408)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78408"
"name": "FEDORA-2012-15743",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090171.html"
}
]
}

22
2012/3xxx/CVE-2012-3788.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3788",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3788",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2012/3xxx/CVE-2012-3944.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3944",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3944",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2012/4xxx/CVE-2012-4002.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4002",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4002",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI before 0.83.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/13/1"
"name": "[oss-security] 20120712 GLPI 0.83.2 CVE-2012-4002 CSRF and CVE-2012-4003 XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/13/1"
},
{
"name" : "https://forge.indepnet.net/issues/3704",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/issues/3704"
"name": "https://forge.indepnet.net/issues/3707",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/issues/3707"
},
{
"name" : "https://forge.indepnet.net/issues/3707",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/issues/3707"
"name": "MDVSA-2012:132",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132"
},
{
"name" : "https://forge.indepnet.net/projects/glpi/versions/771",
"refsource" : "CONFIRM",
"url" : "https://forge.indepnet.net/projects/glpi/versions/771"
"name": "https://forge.indepnet.net/issues/3704",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/issues/3704"
},
{
"name" : "MDVSA-2012:132",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:132"
"name": "https://forge.indepnet.net/projects/glpi/versions/771",
"refsource": "CONFIRM",
"url": "https://forge.indepnet.net/projects/glpi/versions/771"
}
]
}

74
2012/4xxx/CVE-2012-4150.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4150",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4150",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
"name": "oval:org.mitre.oval:def:16467",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16467"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "oval:org.mitre.oval:def:16467",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16467"
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}

68
2012/4xxx/CVE-2012-4847.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4847",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4847",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte."
"lang": "eng",
"value": "IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21615445",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21615445"
"name": "cognos-bi-nullbyte-dos(79536)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79536"
},
{
"name" : "cognos-bi-nullbyte-dos(79536)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79536"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21615445",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21615445"
}
]
}

62
2012/4xxx/CVE-2012-4882.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4882",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4882",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in 3D XML Player 6.212.13.12076 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working directory, as demonstrated by a directory that contains a .3dx file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "48923",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48923"
"name": "48923",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48923"
}
]
}

86
2017/2xxx/CVE-2017-2526.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2526",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2526",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT207798",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207798"
"name": "1038487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"name" : "https://support.apple.com/HT207804",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207804"
"name": "98474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98474"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207804"
},
{
"name" : "98474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98474"
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "1038487",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038487"
"name": "https://support.apple.com/HT207798",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207798"
}
]
}

106
2017/2xxx/CVE-2017-2625.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-2625",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2625",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "libXdmcp",
"version" : {
"version_data" : [
"product_name": "libXdmcp",
"version": {
"version_data": [
{
"version_value" : "1.1.2"
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name" : "Xorg"
"vendor_name": "Xorg"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
"lang": "eng",
"value": "It was discovered that libXdmcp before 1.1.2 including used weak entropy to generate session keys. On a multi-user system using xdmcp, a local attacker could potentially use information available from the process list to brute force the key, allowing them to hijack other users' sessions."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version" : "3.0"
"vectorString": "6.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-331"
"lang": "eng",
"value": "CWE-331"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource" : "MISC",
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
"name": "GLSA-201704-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201704-03"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2625"
},
{
"name" : "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f",
"refsource" : "CONFIRM",
"url" : "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
"name": "RHSA-2017:1865",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1865"
},
{
"name" : "GLSA-201704-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201704-03"
"name": "1037919",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037919"
},
{
"name" : "RHSA-2017:1865",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1865"
"name": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libXdmcp/commit/?id=0554324ec6bbc2071f5d1f8ad211a1643e29eb1f"
},
{
"name" : "96480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96480"
"name": "96480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96480"
},
{
"name" : "1037919",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037919"
"name": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/"
}
]
}

22
2017/2xxx/CVE-2017-2748.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2748",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2748",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

64
2017/2xxx/CVE-2017-2913.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00",
"ID" : "CVE-2017-2913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-10-31T00:00:00",
"ID": "CVE-2017-2913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Circle",
"version" : {
"version_data" : [
"product_name": "Circle",
"version": {
"version_data": [
{
"version_value" : "firmware 2.0.1"
"version_value": "firmware 2.0.1"
}
]
}
}
]
},
"vendor_name" : "Circle Media"
"vendor_name": "Circle Media"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability."
"lang": "eng",
"value": "An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "authentication bypass"
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420"
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0420"
}
]
}

22
2017/3xxx/CVE-2017-3699.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3699",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3699",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/6xxx/CVE-2017-6220.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6220",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6220",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/6xxx/CVE-2017-6554.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6554",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6554",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action."
"lang": "eng",
"value": "pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured as a policy server, allows remote attackers to write to arbitrary files and consequently execute arbitrary code with root privileges via an ACT_NEWFILESENT action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "41861",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41861/"
"name": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824",
"refsource": "CONFIRM",
"url": "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824"
},
{
"name" : "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html"
"name": "97686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97686"
},
{
"name" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/",
"refsource" : "MISC",
"url" : "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/"
"name": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/",
"refsource": "MISC",
"url": "https://0xdeadface.wordpress.com/2017/04/07/multiple-vulnerabilities-in-quest-privilege-manager-6-0-0-xx-cve-2017-6553-cve-2017-6554/"
},
{
"name" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824",
"refsource" : "CONFIRM",
"url" : "https://support.oneidentity.com/privilege-manager-for-unix/kb/SOL133824"
"name": "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142095/Quest-Privilege-Manager-6.0.0-Arbitrary-File-Write.html"
},
{
"name" : "97686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97686"
"name": "41861",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41861/"
}
]
}

72
2017/6xxx/CVE-2017-6776.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2017-08-16T00:00:00",
"ID" : "CVE-2017-6776",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2017-08-16T00:00:00",
"ID": "CVE-2017-6776",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Elastic Services Controller",
"version" : {
"version_data" : [
"product_name": "Elastic Services Controller",
"version": {
"version_data": [
{
"version_value" : "2.2(9.76)"
"version_value": "2.2(9.76)"
},
{
"version_value" : "2.3(1)"
"version_value": "2.3(1)"
}
]
}
}
]
},
"vendor_name" : "Cisco Systems, Inc."
"vendor_name": "Cisco Systems, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1)."
"lang": "eng",
"value": "A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affected software. An attacker could exploit this vulnerability by convincing a user to access a malicious link or by intercepting a user request and injecting malicious code into the request. An exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvd76324. Known Affected Releases: 2.2(9.76) and 2.3(1)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20170816 Cisco Elastic Services Controller Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2"
"name": "20170816 Cisco Elastic Services Controller Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170816-esc2"
},
{
"name" : "100370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100370"
"name": "100370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100370"
}
]
}

92
2017/7xxx/CVE-2017-7106.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7106",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7106",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. The issue involves the \"WebKit\" component. It allows remote attackers to spoof the address bar."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
"name": "1039384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039384"
},
{
"name" : "https://support.apple.com/HT208116",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208116"
"name": "https://support.apple.com/HT208142",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208142"
},
{
"name" : "https://support.apple.com/HT208142",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208142"
"name": "1039385",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039385"
},
{
"name" : "100893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100893"
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name" : "1039384",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039384"
"name": "100893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100893"
},
{
"name" : "1039385",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039385"
"name": "https://support.apple.com/HT208116",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208116"
}
]
}

88
2017/7xxx/CVE-2017-7467.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2017-7467",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7467",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "minicom",
"version" : {
"version_data" : [
"product_name": "minicom",
"version": {
"version_data": [
{
"version_value" : "minicom 2.7.1"
"version_value": "minicom 2.7.1"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process."
"lang": "eng",
"value": "A buffer overflow flaw was found in the way minicom before version 2.7.1 handled VT100 escape sequences. A malicious terminal device could potentially use this flaw to crash minicom, or execute arbitrary code in the context of the minicom process."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
"vectorString": "7.0/CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-787"
"lang": "eng",
"value": "CWE-787"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20170418 CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/04/18/5"
"name": "[oss-security] 20170418 CVE-2017-7467: minicom and prl-vzvncserver vt100.c escparms[] buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/18/5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467"
"name": "97966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97966"
},
{
"name" : "GLSA-201706-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-13"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7467"
},
{
"name" : "97966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97966"
"name": "GLSA-201706-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-13"
}
]
}

64
2017/7xxx/CVE-2017-7680.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2017-07-13T00:00:00",
"ID" : "CVE-2017-7680",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2017-07-13T00:00:00",
"ID": "CVE-2017-7680",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache OpenMeetings",
"version" : {
"version_data" : [
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value" : "1.0.0"
"version_value": "1.0.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains."
"lang": "eng",
"value": "Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Insecure crossdomain.xml policy"
"lang": "eng",
"value": "Insecure crossdomain.xml policy"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy",
"refsource" : "MLIST",
"url" : "http://markmail.org/message/whhibri7ervbjvda"
"name": "[user] 20170713 CVE-2017-7680 - Apache OpenMeetings - Insecure crossdomain.xml policy",
"refsource": "MLIST",
"url": "http://markmail.org/message/whhibri7ervbjvda"
}
]
}

62
2018/10xxx/CVE-2018-10186.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10186",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10186",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368."
"lang": "eng",
"value": "In radare2 2.5.0, there is a heap-based buffer over-read in the r_hex_bin2str function (libr/util/hex.c). Remote attackers could leverage this vulnerability to cause a denial of service via a crafted DEX file. This issue is different from CVE-2017-15368."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/radare/radare2/issues/9915",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9915"
"name": "https://github.com/radare/radare2/issues/9915",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/9915"
}
]
}

74
2018/10xxx/CVE-2018-10229.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10229",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10229",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API."
"lang": "eng",
"value": "A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf",
"refsource" : "MISC",
"url" : "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf"
"name": "104084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104084"
},
{
"name" : "VU#283803",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/283803"
"name": "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf",
"refsource": "MISC",
"url": "https://www.vusec.net/wp-content/uploads/2018/05/glitch.pdf"
},
{
"name" : "104084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104084"
"name": "VU#283803",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/283803"
}
]
}

68
2018/10xxx/CVE-2018-10482.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-10482",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-10482",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "9.0.0.29935"
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409."
"lang": "eng",
"value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the U3D Texture Image Format object. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5409."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-392",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-392"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "https://zerodayinitiative.com/advisories/ZDI-18-392",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-392"
}
]
}

88
2018/10xxx/CVE-2018-10892.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-10892",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10892",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "docker",
"version" : {
"version_data" : [
"product_name": "docker",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness."
"lang": "eng",
"value": "The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby from 1.11 to current does not block /proc/acpi pathnames. The flaw allows an attacker to modify host's hardware like enabling/disabling bluetooth or turning up/down keyboard brightness."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "6.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version" : "3.0"
"vectorString": "6.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-250"
"lang": "eng",
"value": "CWE-250"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892"
"name": "https://github.com/moby/moby/pull/37404",
"refsource": "CONFIRM",
"url": "https://github.com/moby/moby/pull/37404"
},
{
"name" : "https://github.com/moby/moby/pull/37404",
"refsource" : "CONFIRM",
"url" : "https://github.com/moby/moby/pull/37404"
"name": "RHSA-2018:2729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2729"
},
{
"name" : "RHSA-2018:2482",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2482"
"name": "RHSA-2018:2482",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2482"
},
{
"name" : "RHSA-2018:2729",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2729"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892"
}
]
}

68
2018/14xxx/CVE-2018-14060.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14060",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14060",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data."
"lang": "eng",
"value": "OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON data."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520",
"refsource" : "MISC",
"url" : "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520"
"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/CNVD-2018-04520"
},
{
"name" : "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py",
"refsource" : "MISC",
"url" : "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py"
"name": "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py",
"refsource": "MISC",
"url": "https://github.com/cc-crack/router/blob/master/CNVD-2018-04520.py"
}
]
}

62
2018/14xxx/CVE-2018-14080.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14080",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14080",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file."
"lang": "eng",
"value": "An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/",
"refsource" : "MISC",
"url" : "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
"name": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/",
"refsource": "MISC",
"url": "https://blog.nivel4.com/investigaciones/nuevas-vulnerabilidades-en-router-d-link-permiten-tomar-control-remoto-del-dispositivo/"
}
]
}

22
2018/14xxx/CVE-2018-14485.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14485",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14485",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/14xxx/CVE-2018-14707.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14707",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14707",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations."
"lang": "eng",
"value": "Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc",
"refsource" : "MISC",
"url" : "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc"
"name": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc",
"refsource": "MISC",
"url": "https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc"
}
]
}

22
2018/15xxx/CVE-2018-15031.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15031",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15031",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

66
2018/15xxx/CVE-2018-15124.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"DATE_PUBLIC" : "2018-08-08T00:00:00",
"ID" : "CVE-2018-15124",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-08-08T00:00:00",
"ID": "CVE-2018-15124",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Zipato Zipabox Smart Home Controller",
"version" : {
"version_data" : [
"product_name": "Zipato Zipabox Smart Home Controller",
"version": {
"version_data": [
{
"version_value" : "BOARD REV - 1"
"version_value": "BOARD REV - 1"
},
{
"version_value" : "SYSTEM VERSION -118"
"version_value": "SYSTEM VERSION -118"
}
]
}
}
]
},
"vendor_name" : "Kaspersky Lab"
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device."
"lang": "eng",
"value": "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Weak hashing algorithm"
"lang": "eng",
"value": "Weak hashing algorithm"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"
}
]
}

62
2018/20xxx/CVE-2018-20062.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20062",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20062",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\\think\\Request/input&filter=phpinfo&data=1 query string."
"lang": "eng",
"value": "An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of the filter parameter, as demonstrated by the s=index/\\think\\Request/input&filter=phpinfo&data=1 query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/nangge/noneCms/issues/21",
"refsource" : "MISC",
"url" : "https://github.com/nangge/noneCms/issues/21"
"name": "https://github.com/nangge/noneCms/issues/21",
"refsource": "MISC",
"url": "https://github.com/nangge/noneCms/issues/21"
}
]
}

62
2018/20xxx/CVE-2018-20173.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20173",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20173",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API."
"lang": "eng",
"value": "Zoho ManageEngine OpManager 12.3 before 123238 allows SQL injection via the getGraphData API."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/network-monitoring/help/read-me.html"
"name": "https://www.manageengine.com/network-monitoring/help/read-me.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/network-monitoring/help/read-me.html"
}
]
}

22
2018/20xxx/CVE-2018-20269.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20269",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20269",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/20xxx/CVE-2018-20323.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20323",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20323",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/20xxx/CVE-2018-20436.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20436",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20436",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** The \"secret chat\" feature in Telegram 4.9.1 for Android has a \"side channel\" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the \"Secret chats > Preview links\" setting."
"lang": "eng",
"value": "** DISPUTED ** The \"secret chat\" feature in Telegram 4.9.1 for Android has a \"side channel\" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more other Telegram products, such as Telegram Web-version 0.7.0. In addition, it can be interpreted as an SSRF issue. NOTE: a third party has reported that potentially unwanted behavior is caused by misconfiguration of the \"Secret chats > Preview links\" setting."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html",
"refsource" : "MISC",
"url" : "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html"
"name": "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/abusando-de-telegram-para-conseguir-una.html"
},
{
"name" : "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html",
"refsource" : "MISC",
"url" : "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html"
"name": "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/telegram-siempre-in-middle.html"
}
]
}

62
2018/9xxx/CVE-2018-9042.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9042",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9042",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000."
"lang": "eng",
"value": "In Advanced SystemCare Ultimate 11.0.1.58, the driver file (Monitor_win10_x64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9c402000."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000"
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Advanced%20SystemCare%20Utimate/Monitor_win10_x64.sys-0x9c402000"
}
]
}

22
2018/9xxx/CVE-2018-9125.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9125",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9125",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/9xxx/CVE-2018-9225.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9225",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9225",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/9xxx/CVE-2018-9322.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9322",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9322",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell."
"lang": "eng",
"value": "The Head Unit HU_NBT (aka Infotainment) component on BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series vehicles produced in 2012 through 2018 allows local attacks involving the USB or OBD-II interface. An attacker can bypass the code-signing protection mechanism for firmware updates, and consequently obtain a root shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf",
"refsource" : "MISC",
"url" : "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf"
"name": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf",
"refsource": "MISC",
"url": "https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf"
},
{
"name" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/",
"refsource" : "MISC",
"url" : "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/"
"name": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/",
"refsource": "MISC",
"url": "https://www.theregister.co.uk/2018/05/23/bmw_security_bugs/"
},
{
"name" : "104258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104258"
"name": "104258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104258"
}
]
}

80
2018/9xxx/CVE-2018-9958.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9958",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9958",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value" : "9.0.1.1049"
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
"vendor_name": "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620."
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44941",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44941/"
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name" : "45269",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45269/"
"name": "https://zerodayinitiative.com/advisories/ZDI-18-342",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-342"
},
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-342",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-342"
"name": "44941",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44941/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
"name": "45269",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45269/"
}
]
}