admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:07:13 +00:00
parent 99ade1d47d
commit 7bffc8471d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4009 additions and 4009 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/1xxx/CVE-2002-1445.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name" : "5447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5447"
},
{
"name" : "cern-proxy-xss(9834)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9834.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html"
},
{
"name": "5447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5447"
},
{
"name": "cern-proxy-xss(9834)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9834.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1470.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020806 Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html"
},
{
"name" : "shoutcast-scservlog-world-readable(9775)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9775.php"
},
{
"name" : "5414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext administrative password via a GET request to port 8001, which causes the password to be logged in the world-readable sc_serv.log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5414"
},
{
"name": "shoutcast-scservlog-world-readable(9775)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9775.php"
},
{
"name": "20020806 Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1549.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021112 Remote Buffer Overflow vulnerability in Light HTTPd",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html"
},
{
"name" : "6162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6162"
},
{
"name" : "light-httpd-bo(10607)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10607.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021112 Remote Buffer Overflow vulnerability in Light HTTPd",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html"
},
{
"name": "6162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6162"
},
{
"name": "light-httpd-bo(10607)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10607.php"
}
]
}
}

120
2003/0xxx/CVE-2003-0296.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030514 Buffer overflows in multiple IMAP clients",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105294024124163&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030514 Buffer overflows in multiple IMAP clients",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105294024124163&w=2"
}
]
}
}

150
2003/0xxx/CVE-2003-0348.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS03-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-021"
},
{
"name" : "VU#320516",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/320516"
},
{
"name" : "8034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8034"
},
{
"name" : "mediaplayer-activex-obtain-information(12440)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12440"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Microsoft Windows Media Player 9 Series ActiveX control allows remote attackers to view and manipulate the Media Library on the local system via HTML script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-021"
},
{
"name": "8034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8034"
},
{
"name": "mediaplayer-activex-obtain-information(12440)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12440"
},
{
"name": "VU#320516",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/320516"
}
]
}
}

130
2003/0xxx/CVE-2003-0733.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource" : "CONFIRM",
"url" : "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp"
},
{
"name" : "8357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp",
"refsource": "CONFIRM",
"url": "http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp"
},
{
"name": "8357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8357"
}
]
}
}

170
2003/1xxx/CVE-2003-1249.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1249",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1249",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030109 WebIntelligence session hijacking vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name" : "20030109 WebIntelligence session hijacking vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/305991"
},
{
"name" : "1005906",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1005906"
},
{
"name" : "7846",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7846"
},
{
"name" : "webintelligence-session-hijacking(11026)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/11026.php"
},
{
"name" : "6569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7846"
},
{
"name": "webintelligence-session-hijacking(11026)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11026.php"
},
{
"name": "1005906",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1005906"
},
{
"name": "6569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6569"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0014.html"
},
{
"name": "20030109 WebIntelligence session hijacking vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/305991"
}
]
}
}

120
2003/1xxx/CVE-2003-1338.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030629 Aprelium Abyss webserver X1 arbitrary code execution and header injection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-06/0235.html"
}
]
}
}

120
2003/1xxx/CVE-2003-1595.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform \"intruder detection,\" which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does not properly perform \"intruder detection,\" which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}

160
2004/2xxx/CVE-2004-2045.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040721 Denial of Service in Conceptronic CADSLR1 Router",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109045084522857&w=2"
},
{
"name" : "http://www.shellsec.net/leer_advisory.php?id=5",
"refsource" : "MISC",
"url" : "http://www.shellsec.net/leer_advisory.php?id=5"
},
{
"name" : "10769",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10769"
},
{
"name" : "12110",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12110"
},
{
"name" : "conceptronic-long-username-dos(16746)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16746"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12110"
},
{
"name": "http://www.shellsec.net/leer_advisory.php?id=5",
"refsource": "MISC",
"url": "http://www.shellsec.net/leer_advisory.php?id=5"
},
{
"name": "10769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10769"
},
{
"name": "conceptronic-long-username-dos(16746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16746"
},
{
"name": "20040721 Denial of Service in Conceptronic CADSLR1 Router",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109045084522857&w=2"
}
]
}
}

170
2004/2xxx/CVE-2004-2266.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2004-17/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2004-17/advisory/"
},
{
"name" : "11824",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11824"
},
{
"name" : "12236",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12236"
},
{
"name" : "1012434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012434"
},
{
"name" : "12856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12856"
},
{
"name" : "ansel-image-sql-injection(18373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11824",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11824"
},
{
"name": "12236",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12236"
},
{
"name": "1012434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012434"
},
{
"name": "http://secunia.com/secunia_research/2004-17/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2004-17/advisory/"
},
{
"name": "12856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12856"
},
{
"name": "ansel-image-sql-injection(18373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18373"
}
]
}
}

250
2004/2xxx/CVE-2004-2466.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040702 Multiple Vulnerabilities in Easy Chat Server 1.2",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.html"
},
{
"name" : "33326",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/33326"
},
{
"name" : "20040702 Multiple Vulnerabilities in Easy Chat Server 1.2",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.html"
},
{
"name" : "4289",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4289"
},
{
"name" : "http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txt",
"refsource" : "MISC",
"url" : "http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txt"
},
{
"name" : "25328",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25328"
},
{
"name" : "67384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/67384"
},
{
"name" : "58427",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/58427"
},
{
"name" : "ADV-2007-2901",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2901"
},
{
"name" : "7416",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/7416"
},
{
"name" : "12006",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12006"
},
{
"name" : "26461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26461"
},
{
"name" : "easychat-chatghp-username-dos(16629)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16629"
},
{
"name" : "easychatserver-username-dos(36013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25328"
},
{
"name": "67384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67384"
},
{
"name": "58427",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58427"
},
{
"name": "easychatserver-username-dos(36013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36013"
},
{
"name": "33326",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33326"
},
{
"name": "20040702 Multiple Vulnerabilities in Easy Chat Server 1.2",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0077.html"
},
{
"name": "12006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12006"
},
{
"name": "easychat-chatghp-username-dos(16629)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16629"
},
{
"name": "http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/EasyChatServer1.2-adv.txt"
},
{
"name": "ADV-2007-2901",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2901"
},
{
"name": "26461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26461"
},
{
"name": "4289",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4289"
},
{
"name": "7416",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7416"
},
{
"name": "20040702 Multiple Vulnerabilities in Easy Chat Server 1.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-07/0013.html"
}
]
}
}

200
2012/0xxx/CVE-2012-0068.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/01/11/7"
},
{
"name" : "[oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/01/20/4"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-01.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "oval:org.mitre.oval:def:15379",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15379"
},
{
"name" : "47494",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47494"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service (application crash) via a Novell capture file containing a record that is too small."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120119 Re: CVE request: Wireshark multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/4"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-01.html"
},
{
"name": "[oss-security] 20120111 Re: CVE request: Wireshark multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/11/7"
},
{
"name": "47494",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47494"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=40169"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670"
},
{
"name": "oval:org.mitre.oval:def:15379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15379"
}
]
}
}

180
2012/0xxx/CVE-2012-0283.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2012-24/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2012-24/"
},
{
"name" : "http://bugs.dokuwiki.org/index.php?do=details&task_id=2561",
"refsource" : "CONFIRM",
"url" : "http://bugs.dokuwiki.org/index.php?do=details&task_id=2561"
},
{
"name" : "FEDORA-2012-16550",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name" : "FEDORA-2012-16605",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name" : "FEDORA-2012-16614",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"name" : "GLSA-201301-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name" : "54439",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54439"
},
{
"name": "GLSA-201301-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-07.xml"
},
{
"name": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2561",
"refsource": "CONFIRM",
"url": "http://bugs.dokuwiki.org/index.php?do=details&task_id=2561"
},
{
"name": "FEDORA-2012-16550",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090755.html"
},
{
"name": "FEDORA-2012-16605",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090938.html"
},
{
"name": "FEDORA-2012-16614",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090899.html"
},
{
"name": "http://secunia.com/secunia_research/2012-24/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-24/"
}
]
}
}

160
2012/0xxx/CVE-2012-0284.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120717 Secunia Research: Cisco Linksys PlayerPT ActiveX Control \"SetSource()\" Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0113.html"
},
{
"name" : "http://secunia.com/secunia_research/2012-25/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2012-25/"
},
{
"name" : "54588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54588"
},
{
"name" : "1027259",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027259"
},
{
"name" : "cisco-linksys-activex-bo(77085)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2012-25/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-25/"
},
{
"name": "cisco-linksys-activex-bo(77085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77085"
},
{
"name": "20120717 Secunia Research: Cisco Linksys PlayerPT ActiveX Control \"SetSource()\" Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0113.html"
},
{
"name": "54588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54588"
},
{
"name": "1027259",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027259"
}
]
}
}

150
2012/0xxx/CVE-2012-0430.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7011538",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=772898",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=772898"
},
{
"name" : "1027910",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before 8.8.7.2 on Windows allows remote attackers to obtain an administrator cookie and bypass authorization checks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7011538",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7011538"
},
{
"name": "1027910",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027910"
},
{
"name": "http://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=772898",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=772898"
}
]
}
}

180
2012/0xxx/CVE-2012-0872.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120220 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0106.html"
},
{
"name" : "20120220 Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0113.html"
},
{
"name" : "[oss-security] 20120220 Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/10"
},
{
"name" : "[oss-security] 20120221 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/5"
},
{
"name" : "http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss",
"refsource" : "MISC",
"url" : "http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss"
},
{
"name" : "52090",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52090"
},
{
"name" : "oxwall-multiple-xss(73466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) captchaField, (2) email, (3) form_name, (4) password, (5) realname, (6) repeatPassword, or (7) username parameters to Oxwall/join; (8) captcha, (9) email, (10) form_name, (11) from, or (12) subject parameters to Oxwall/contact; (13) tag parameter to Oxwall/blogs/browse-by-tag; or (14) PATH_INFO to Oxwall/photo/viewlist/tagged, (15) Oxwall/photo/viewlist, or (16) Oxwall/video/viewlist."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oxwall-multiple-xss(73466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73466"
},
{
"name": "http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss",
"refsource": "MISC",
"url": "http://yehg.net/lab/pr0js/advisories/%5BOxWall_1.1.1%5D_xss"
},
{
"name": "[oss-security] 20120221 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/5"
},
{
"name": "[oss-security] 20120220 Re: OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/10"
},
{
"name": "20120220 Re: [oss-security] OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0113.html"
},
{
"name": "20120220 OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0106.html"
},
{
"name": "52090",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52090"
}
]
}
}

150
2012/1xxx/CVE-2012-1017.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18465",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18465"
},
{
"name" : "51874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51874"
},
{
"name" : "47857",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47857"
},
{
"name" : "base-ipaddr-sql-injection(72998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72998"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18465",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18465"
},
{
"name": "47857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47857"
},
{
"name": "51874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51874"
},
{
"name": "base-ipaddr-sql-injection(72998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72998"
}
]
}
}

140
2012/1xxx/CVE-2012-1470.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23078",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23078"
},
{
"name" : "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm",
"refsource" : "CONFIRM",
"url" : "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm"
},
{
"name" : "http://ocportal.com/site/news/view/ocportal-security-update.htm",
"refsource" : "CONFIRM",
"url" : "http://ocportal.com/site/news/view/ocportal-security-update.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ocportal.com/site/news/view/ocportal-security-update.htm",
"refsource": "CONFIRM",
"url": "http://ocportal.com/site/news/view/ocportal-security-update.htm"
},
{
"name": "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm",
"refsource": "CONFIRM",
"url": "http://ocportal.com/site/news/view/new-releases/ocportal-7-1-6-released.htm"
},
{
"name": "https://www.htbridge.com/advisory/HTB23078",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23078"
}
]
}
}

130
2012/1xxx/CVE-2012-1783.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18524",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18524"
},
{
"name" : "tiny-http-dos(73482)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tiny Server 1.1.9 and earlier allows remote attackers to cause a denial of service (crash) via a long string in a GET request without an HTTP version number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18524",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18524"
},
{
"name": "tiny-http-dos(73482)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73482"
}
]
}
}

34
2012/1xxx/CVE-2012-1794.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1794",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1794",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/1xxx/CVE-2012-1814.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
},
{
"name" : "53591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53591"
},
{
"name" : "81996",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81996"
},
{
"name" : "49210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name": "81996",
"refsource": "OSVDB",
"url": "http://osvdb.org/81996"
},
{
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}
}

150
2012/4xxx/CVE-2012-4469.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when \"Log failed hashcash\" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name" : "http://drupal.org/node/1663306",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1663306"
},
{
"name" : "http://drupal.org/node/1650784",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1650784"
},
{
"name" : "http://drupal.org/node/1650790",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1650790"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Hashcash module 6.x-2.x before 6.x-2.6 and 7.x-2.x before 7.x-2.2 for Drupal, when \"Log failed hashcash\" is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid token, which is not properly handled when administrators use the Database logging module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name": "http://drupal.org/node/1650790",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1650790"
},
{
"name": "http://drupal.org/node/1650784",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1650784"
},
{
"name": "http://drupal.org/node/1663306",
"refsource": "MISC",
"url": "http://drupal.org/node/1663306"
}
]
}
}

340
2012/4xxx/CVE-2012-4537.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Xen-announce] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html"
},
{
"name" : "[oss-security] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/13/6"
},
{
"name" : "DSA-2582",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2582"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "RHSA-2012:1540",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1540.html"
},
{
"name" : "SUSE-SU-2012:1615",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
},
{
"name" : "SUSE-SU-2012:1486",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html"
},
{
"name" : "SUSE-SU-2012:1487",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html"
},
{
"name" : "openSUSE-SU-2012:1572",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name" : "SUSE-SU-2014:0446",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name" : "SUSE-SU-2014:0470",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
},
{
"name" : "openSUSE-SU-2012:1573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name" : "56498",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56498"
},
{
"name" : "87307",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87307"
},
{
"name" : "1027761",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027761"
},
{
"name" : "51468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51468"
},
{
"name" : "51200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51200"
},
{
"name" : "51413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51413"
},
{
"name" : "51324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51324"
},
{
"name" : "51352",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51352"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
},
{
"name" : "xen-setp2mentry-dos(80024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 3.4 through 4.2, and possibly earlier versions, does not properly synchronize the p2m and m2p tables when the set_p2m_entry function fails, which allows local HVM guest OS administrators to cause a denial of service (memory consumption and assertion failure), aka \"Memory mapping failure DoS vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1540",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1540.html"
},
{
"name": "SUSE-SU-2014:0470",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00000.html"
},
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "xen-setp2mentry-dos(80024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80024"
},
{
"name": "[oss-security] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/13/6"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
},
{
"name": "51200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51200"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "DSA-2582",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2582"
},
{
"name": "SUSE-SU-2012:1486",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00008.html"
},
{
"name": "[Xen-announce] 20121113 Xen Security Advisory 22 (CVE-2012-4537) - Memory mapping failure DoS vulnerability",
"refsource": "MLIST",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-11/msg00005.html"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "51468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51468"
},
{
"name": "SUSE-SU-2012:1487",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00009.html"
},
{
"name": "SUSE-SU-2014:0446",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html"
},
{
"name": "51352",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51352"
},
{
"name": "51324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51324"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "56498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56498"
},
{
"name": "SUSE-SU-2012:1615",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00001.html"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "87307",
"refsource": "OSVDB",
"url": "http://osvdb.org/87307"
},
{
"name": "1027761",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027761"
}
]
}
}

120
2012/5xxx/CVE-2012-5307.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html"
}
]
}
}

150
2012/5xxx/CVE-2012-5554.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5554",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has \"Enforce Permissions\" disabled, which allows remote attackers to obtain contact information by reading webforms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5554",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/4"
},
{
"name" : "http://drupal.org/node/1768632",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1768632"
},
{
"name" : "http://drupal.org/node/1834868",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1834868"
},
{
"name" : "http://drupal.org/node/1774252",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1774252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration for the Webform CiviCRM Integration module 7.x-3.x before 7.x-3.2 has \"Enforce Permissions\" disabled, which allows remote attackers to obtain contact information by reading webforms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1834868",
"refsource": "MISC",
"url": "http://drupal.org/node/1834868"
},
{
"name": "http://drupal.org/node/1774252",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1774252"
},
{
"name": "http://drupal.org/node/1768632",
"refsource": "MISC",
"url": "http://drupal.org/node/1768632"
},
{
"name": "[oss-security] 20121120 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/20/4"
}
]
}
}

270
2012/5xxx/CVE-2012-5837.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-102.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-102.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=800363",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=800363"
},
{
"name" : "openSUSE-SU-2012:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name" : "openSUSE-SU-2012:1585",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name" : "openSUSE-SU-2012:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name" : "SUSE-SU-2012:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2013:0175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name" : "USN-1638-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name" : "USN-1638-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name" : "56645",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56645"
},
{
"name" : "87586",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87586"
},
{
"name" : "oval:org.mitre.oval:def:16542",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16542"
},
{
"name" : "51369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51369"
},
{
"name" : "51434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51434"
},
{
"name" : "51439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51439"
},
{
"name" : "firefox-developer-tool-priv-esc(80180)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1638-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name": "openSUSE-SU-2012:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-102.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-102.html"
},
{
"name": "openSUSE-SU-2013:0175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name": "87586",
"refsource": "OSVDB",
"url": "http://osvdb.org/87586"
},
{
"name": "51434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51434"
},
{
"name": "openSUSE-SU-2012:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name": "51439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51439"
},
{
"name": "USN-1638-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name": "56645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56645"
},
{
"name": "SUSE-SU-2012:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=800363",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=800363"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "oval:org.mitre.oval:def:16542",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16542"
},
{
"name": "firefox-developer-tool-priv-esc(80180)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80180"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
}
]
}
}

34
2012/5xxx/CVE-2012-5982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5982",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5982",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

282
2017/3xxx/CVE-2017-3135.json
View File

@ -1,143 +1,143 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-officer@isc.org",
"DATE_PUBLIC" : "2017-02-08T00:00:00.000Z",
"ID" : "CVE-2017-3135",
"STATE" : "PUBLIC",
"TITLE" : "Combination of DNS64 and RPZ Can Lead to Crash"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIND 9",
"version" : {
"version_data" : [
{
"version_name" : "BIND 9",
"version_value" : "9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1"
}
]
}
}
]
},
"vendor_name" : "ISC"
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
}
],
"credit" : [
{
"lang" : "eng",
"value" : "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition. When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer. On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability."
}
"CVE_data_meta": {
"ASSIGNER": "security-officer@isc.org",
"DATE_PUBLIC": "2017-02-08T00:00:00.000Z",
"ID": "CVE-2017-3135",
"STATE": "PUBLIC",
"TITLE": "Combination of DNS64 and RPZ Can Lead to Crash"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIND 9",
"version": {
"version_data": [
{
"version_name": "BIND 9",
"version_value": "9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1"
}
]
}
}
]
},
"vendor_name": "ISC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/docs/aa-01453",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/docs/aa-01453"
},
{
"name" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name" : "DSA-3795",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3795"
},
{
"name" : "GLSA-201708-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-01"
},
{
"name" : "RHSA-2017:0276",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0276.html"
},
{
"name" : "96150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96150"
},
{
"name" : "1037801",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037801"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P6\n BIND 9 version 9.10.4-P6\n BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S8"
}
],
"source" : {
"discovery" : "EXTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
}
]
}
}
},
"configuration": [
{
"lang": "eng",
"value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition."
}
],
"credit": [
{
"lang": "eng",
"value": "ISC would like to thank Ramesh Damodaran(Infoblox) and Aliaksandr Shubnik (Infoblox) for reporting the issue and assisting us in the investigation."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Under some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Servers utilizing both DNS64 and RPZ are potentially susceptible to encountering this condition. When this condition occurs, it will result in either an INSIST assertion failure (and subsequent abort) or an attempt to read through a NULL pointer. On most platforms a NULL pointer read leads to a segmentation fault (SEGFAULT), which causes the process to be terminated.\n\nOnly servers which are configured to simultaneously use both Response Policy Zones (RPZ) and DNS64 (a method for synthesizing AAAA records from A records) can be affected by this vulnerability."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201708-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-01"
},
{
"name": "RHSA-2017:0276",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0005/"
},
{
"name": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us"
},
{
"name": "96150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96150"
},
{
"name": "1037801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037801"
},
{
"name": "DSA-3795",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3795"
},
{
"name": "https://kb.isc.org/docs/aa-01453",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/docs/aa-01453"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to the patched release most closely related to your current version of BIND. These can all be downloaded from http://www.isc.org/downloads.\n\n BIND 9 version 9.9.9-P6\n BIND 9 version 9.10.4-P6\n BIND 9 version 9.11.0-P3\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n BIND 9 version 9.9.9-S8"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "While it is possible to avoid the condition by removing either DNS64 or RPZ from the configuration, or by carefully restricting the contents of the policy zone, for an affected configuration the most practical and safest course of action is to upgrade to a version of BIND without this vulnerability."
}
]
}

166
2017/3xxx/CVE-2017-3401.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advanced Outbound Telephony",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1"
},
{
"version_value" : "12.1.2"
},
{
"version_value" : "12.1.3"
},
{
"version_value" : "12.2.3"
},
{
"version_value" : "12.2.4"
},
{
"version_value" : "12.2.5"
},
{
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advanced Outbound Telephony",
"version": {
"version_data": [
{
"version_value": "12.1.1"
},
{
"version_value": "12.1.2"
},
{
"version_value": "12.1.3"
},
{
"version_value": "12.2.3"
},
{
"version_value": "12.2.4"
},
{
"version_value": "12.2.5"
},
{
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95531",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Advanced Outbound Telephony, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data as well as unauthorized update, insert or delete access to some of Oracle Advanced Outbound Telephony accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95531"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

34
2017/3xxx/CVE-2017-3716.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3716",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-3716",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/3xxx/CVE-2017-3977.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-3977",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-3977",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

142
2017/6xxx/CVE-2017-6102.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "larry0@me.com",
"ID" : "CVE-2017-6102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "wordpress plugin rockhoist-badges",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "1.2.2"
}
]
}
}
]
},
"vendor_name" : "blairjordan"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Persistent XSS in wordpress plugin rockhoist-badges v1.2.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"ID": "CVE-2017-6102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wordpress plugin rockhoist-badges",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "blairjordan"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=176",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=176"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8763",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8763"
},
{
"name" : "96533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Persistent XSS in wordpress plugin rockhoist-badges v1.2.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8763",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8763"
},
{
"name": "96533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96533"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=176",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=176"
}
]
}
}

132
2017/6xxx/CVE-2017-6330.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@symantec.com",
"DATE_PUBLIC" : "2017-09-07T00:00:00",
"ID" : "CVE-2017-6330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Symantec Encryption Desktop",
"version" : {
"version_data" : [
{
"version_value" : "SED prior to 10.4.1MP2"
}
]
}
}
]
},
"vendor_name" : "Symantec Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (DoS)"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"DATE_PUBLIC": "2017-09-07T00:00:00",
"ID": "CVE-2017-6330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Symantec Encryption Desktop",
"version": {
"version_data": [
{
"version_value": "SED prior to 10.4.1MP2"
}
]
}
}
]
},
"vendor_name": "Symantec Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170907_00",
"refsource" : "CONFIRM",
"url" : "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170907_00"
},
{
"name" : "100552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170907_00",
"refsource": "CONFIRM",
"url": "https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20170907_00"
},
{
"name": "100552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100552"
}
]
}
}

130
2017/6xxx/CVE-2017-6646.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Remote Expert Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Remote Expert Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Remote Expert Manager",
"version": {
"version_data": [
{
"version_value": "Cisco Remote Expert Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6"
},
{
"name" : "98529",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Order information on an affected system. The vulnerability exists because the affected software does not sufficiently protect sensitive data when responding to HTTP requests that are sent to the web interface of the software. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web interface of the software on an affected system. A successful exploit could allow the attacker to access sensitive information about the software. The attacker could use this information to conduct additional reconnaissance attacks. Cisco Bug IDs: CSCvc52866 CSCvc52868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98529",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98529"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-rem6"
}
]
}
}

130
2017/6xxx/CVE-2017-6714.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Ultra Services Framework",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Ultra Services Framework"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-78"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Ultra Services Framework",
"version": {
"version_data": [
{
"version_value": "Cisco Ultra Services Framework"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
},
{
"name" : "99436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99436"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the AutoIT service of Cisco Ultra Services Framework Staging Server could allow an unauthenticated, remote attacker to execute arbitrary shell commands as the Linux root user. The vulnerability is due to improper shell invocations. An attacker could exploit this vulnerability by crafting CLI command inputs to execute Linux shell commands as the root user. This vulnerability affects all releases of Cisco Ultra Services Framework Staging Server prior to Releases 5.0.3 and 5.1. Cisco Bug IDs: CSCvc76673."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99436"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-usf3"
}
]
}
}

150
2017/7xxx/CVE-2017-7162.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208325",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208325"
},
{
"name" : "https://support.apple.com/HT208327",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208327"
},
{
"name" : "https://support.apple.com/HT208331",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208331"
},
{
"name" : "https://support.apple.com/HT208334",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name": "https://support.apple.com/HT208327",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208327"
},
{
"name": "https://support.apple.com/HT208325",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208325"
},
{
"name": "https://support.apple.com/HT208334",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208334"
}
]
}
}

130
2017/7xxx/CVE-2017-7324.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf",
"refsource" : "MISC",
"url" : "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf"
},
{
"name" : "97228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the core_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97228"
},
{
"name": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf",
"refsource": "MISC",
"url": "https://mazinahmed.net/services/public-reports/ModX%20-%20Responsible%20Disclosure%20-%20January%202017.pdf"
}
]
}
}

150
2017/7xxx/CVE-2017-7455.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41850",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41850/"
},
{
"name" : "20170411 Moxa MXview v2.8 Remote Private Key Disclosure",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Apr/49"
},
{
"name" : "http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt"
},
{
"name" : "http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170411 Moxa MXview v2.8 Remote Private Key Disclosure",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Apr/49"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt"
},
{
"name": "41850",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41850/"
},
{
"name": "http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142074/Moxa-MXview-2.8-Private-Key-Disclosure.html"
}
]
}
}

152
2017/7xxx/CVE-2017-7835.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "57"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Mixed content blocking incorrectly applies with redirects"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "57"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/"
},
{
"name" : "101832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101832"
},
{
"name" : "1039803",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mixed content blocking of insecure (HTTP) sub-resources in a secure (HTTPS) document was not correctly applied for resources that redirect from HTTPS to HTTP, allowing content that should be blocked, such as scripts, to be loaded on a page. This vulnerability affects Firefox < 57."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mixed content blocking incorrectly applies with redirects"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1402363"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-24/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-24/"
},
{
"name": "101832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101832"
},
{
"name": "1039803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039803"
}
]
}
}

130
2017/7xxx/CVE-2017-7905.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GE Multilin SR, UR, and URplus Protective Relays",
"version" : {
"version_data" : [
{
"version_value" : "GE Multilin SR, UR, and URplus Protective Relays"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-261"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GE Multilin SR, UR, and URplus Protective Relays",
"version": {
"version_data": [
{
"version_value": "GE Multilin SR, UR, and URplus Protective Relays"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
},
{
"name" : "98063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98063"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protection Relay, firmware versions prior to Version 5.23; SR 489 Generator Protection Relay, firmware versions prior to Version 4.06; SR 745 Transformer Protection Relay, firmware versions prior to Version 5.23; SR 369 Motor Protection Relay, all firmware versions; Multilin Universal Relay, firmware Version 6.0 and prior versions; and Multilin URplus (D90, C90, B95), all versions. Ciphertext versions of user passwords were created with a non-random initialization vector leaving them susceptible to dictionary attacks. Ciphertext of user passwords can be obtained from the front LCD panel of affected products and through issued Modbus commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-261"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98063"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-117-01A"
}
]
}
}

130
2017/7xxx/CVE-2017-7936.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NXP i.MX Product Family",
"version" : {
"version_data" : [
{
"version_value" : "NXP i.MX Product Family"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NXP i.MX Product Family",
"version": {
"version_data": [
{
"version_value": "NXP i.MX Product Family"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name" : "99966",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX 53, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, i.MX 6QuadPlus, Vybrid VF3xx, Vybrid VF5xx, and Vybrid VF6xx. When the device is configured in security enabled configuration, SDP could be used to download a small section of code to an unprotected region of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02"
},
{
"name": "99966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99966"
}
]
}
}

122
2017/8xxx/CVE-2017-8159.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN,",
"version" : {
"version_data" : [
{
"version_value" : "AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Type Confusion"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Agassi-L09HN,Agassi-W09HN,Kobe-L09AHN,Kobe-W09CHN,",
"version": {
"version_data": [
{
"version_value": "AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Some Huawei smartphones with software AGS-L09C233B019,AGS-W09C233B019,KOB-L09C233B017,KOB-W09C233B012 have a type confusion vulnerability. The program initializes a variable using one type, but it later accesses that variable using a type that is different with the original type when do certain register operation. Successful exploit could result in buffer overflow then may cause malicious code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Type Confusion"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171018-02-smartphone-en"
}
]
}
}

142
2017/8xxx/CVE-2017-8590.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00",
"ID" : "CVE-2017-8590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-07-11T00:00:00",
"ID": "CVE-2017-8590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016.",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8590",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8590"
},
{
"name" : "99427",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99427"
},
{
"name" : "1038853",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way that the Windows Common Log File System (CLFS) driver handles objects in memory, aka \"Windows CLFS Elevation of Privilege Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038853"
},
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8590",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8590"
},
{
"name": "99427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99427"
}
]
}
}

34
2017/8xxx/CVE-2017-8885.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8885",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8885",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

154
2018/10xxx/CVE-2018-10139.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@paloaltonetworks.com",
"DATE_PUBLIC" : "2018-08-15T00:00:00",
"ID" : "CVE-2018-10139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PAN-OS",
"version" : {
"version_data" : [
{
"version_value" : "6.1.21 and earlier"
},
{
"version_value" : "7.1.18 and earlier"
},
{
"version_value" : "8.0.11 and earlier"
}
]
}
}
]
},
"vendor_name" : "Palo Alto Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@paloaltonetworks.com",
"DATE_PUBLIC": "2018-08-15T00:00:00",
"ID": "CVE-2018-10139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PAN-OS",
"version": {
"version_data": [
{
"version_value": "6.1.21 and earlier"
},
{
"version_value": "7.1.18 and earlier"
},
{
"version_value": "8.0.11 and earlier"
}
]
}
}
]
},
"vendor_name": "Palo Alto Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/128",
"refsource" : "CONFIRM",
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/128"
},
{
"name" : "105111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105111"
},
{
"name" : "1041544",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PAN-OS response for GlobalProtect Gateway in Palo Alto Networks PAN-OS 6.1.21 and earlier, PAN-OS 7.1.18 and earlier, PAN-OS 8.0.11 and earlier may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. PAN-OS 8.1 is NOT affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/128",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/128"
},
{
"name": "105111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105111"
},
{
"name": "1041544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041544"
}
]
}
}

130
2018/10xxx/CVE-2018-10313.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44617",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44617/"
},
{
"name" : "https://github.com/wuzhicms/wuzhicms/issues/133",
"refsource" : "MISC",
"url" : "https://github.com/wuzhicms/wuzhicms/issues/133"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter to the /index.php?m=member&f=index&v=profile&set_iframe=1 URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44617",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44617/"
},
{
"name": "https://github.com/wuzhicms/wuzhicms/issues/133",
"refsource": "MISC",
"url": "https://github.com/wuzhicms/wuzhicms/issues/133"
}
]
}
}

34
2018/10xxx/CVE-2018-10834.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10834",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10834",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/10xxx/CVE-2018-10998.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10998",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10998",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/303",
"refsource" : "MISC",
"url" : "https://github.com/Exiv2/exiv2/issues/303"
},
{
"name" : "DSA-4238",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4238"
},
{
"name" : "GLSA-201811-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-14"
},
{
"name" : "USN-3700-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3700-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp allows remote attackers to cause a denial of service (SIGABRT) by triggering an incorrect Safe::add call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3700-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3700-1/"
},
{
"name": "DSA-4238",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4238"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html"
},
{
"name": "https://github.com/Exiv2/exiv2/issues/303",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/303"
}
]
}
}

130
2018/13xxx/CVE-2018-13471.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BeyondCashToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BeyondCashToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for BeyondCashToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BeyondCashToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BeyondCashToken"
}
]
}
}

120
2018/13xxx/CVE-2018-13876.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/tree/master/hdf5"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/hdf5"
}
]
}
}

34
2018/17xxx/CVE-2018-17331.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17331",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17331",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17400.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20Authentication%20Bypass-1.pdf",
"refsource" : "MISC",
"url" : "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20Authentication%20Bypass-1.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by intercepting the user name and PIN during the initial configuration of the application. NOTE: the vendor says that, to exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app, that the Android platform provides fair warnings to the users before turning on accessibility for any application, and that it believes it is similar to installing malicious keyboards, or malicious apps taking screenshots."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20Authentication%20Bypass-1.pdf",
"refsource": "MISC",
"url": "https://github.com/magicj3lly/appexploits/blob/master/PhonePe-%20Authentication%20Bypass-1.pdf"
}
]
}
}

130
2018/17xxx/CVE-2018-17687.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PhantomPDF",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-17687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PhantomPDF",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1169/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1169/"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportValues property of a radio button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7068."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1169/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1169/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/17xxx/CVE-2018-17823.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17823",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17823",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20208.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20208",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20208",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/20xxx/CVE-2018-20237.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-02-07T00:00:00",
"ID" : "CVE-2018-20237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Confluence Server",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "6.13.1"
}
]
}
},
{
"product_name" : "Confluence Data Center",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "6.13.1"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Indirect Object Reference"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-02-07T00:00:00",
"ID": "CVE-2018-20237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Confluence Server",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.13.1"
}
]
}
},
{
"product_name": "Confluence Data Center",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "6.13.1"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/CONFSERVER-57814",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/CONFSERVER-57814"
},
{
"name" : "107041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Atlassian Confluence Server and Data Center before version 6.13.1 allows an authenticated user to download a deleted page via the word export feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Indirect Object Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/CONFSERVER-57814",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/CONFSERVER-57814"
},
{
"name": "107041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107041"
}
]
}
}

34
2018/9xxx/CVE-2018-9332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9478.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9478",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9478",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/9xxx/CVE-2018-9509.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00",
"ID" : "CVE-2018-9509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31",
"refsource" : "MISC",
"url" : "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31"
},
{
"name" : "https://source.android.com/security/bulletin/2018-10-01,",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name" : "105482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105482"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In smp_proc_master_id of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937027"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/system/bt/+/198888b8e0163bab7a417161c63e483804ae8e31"
},
{
"name": "105482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105482"
},
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
}
]
}
}

34
2018/9xxx/CVE-2018-9671.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9671",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9671",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}