admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:45:17 +00:00
parent 4382a7c029
commit 7ed899a0f4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3748 additions and 3748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2001/0xxx/CVE-2001-0011.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0011",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010129 Vulnerabilities in BIND 4 and 8",
"refsource" : "NAI",
"url" : "http://www.nai.com/research/covert/advisories/047.asp"
},
{
"name" : "CA-2001-02",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2001-02.html"
},
{
"name" : "RHSA-2001:007",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-007.html"
},
{
"name" : "2307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2001:007",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-007.html"
},
{
"name": "20010129 Vulnerabilities in BIND 4 and 8",
"refsource": "NAI",
"url": "http://www.nai.com/research/covert/advisories/047.asp"
},
{
"name": "2307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2307"
},
{
"name": "CA-2001-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-02.html"
}
]
}
}

130
2001/0xxx/CVE-2001-0192.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010201 XMail CTRLServer remote buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0047.html"
},
{
"name" : "http://xmailserver.org/XMail-Readme.txt",
"refsource" : "CONFIRM",
"url" : "http://xmailserver.org/XMail-Readme.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://xmailserver.org/XMail-Readme.txt",
"refsource": "CONFIRM",
"url": "http://xmailserver.org/XMail-Readme.txt"
},
{
"name": "20010201 XMail CTRLServer remote buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0047.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0234.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010126 NewsDaemon remote administrator access",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=60570",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"name" : "newsdaemon-gain-admin-access(6010)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010126 NewsDaemon remote administrator access",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=60570",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=60570"
},
{
"name": "newsdaemon-gain-admin-access(6010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6010"
}
]
}
}

160
2001/0xxx/CVE-2001-0970.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0970",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0970",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010820 tdforum 1.2 Messageboard",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=99832137410609&w=2"
},
{
"name" : "20010820 Re: tdforum 1.2 Messageboard",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0281.html"
},
{
"name" : "VU#782243",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/782243"
},
{
"name" : "3207",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3207"
},
{
"name" : "tdforum-cross-site-scripting(7009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010820 tdforum 1.2 Messageboard",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99832137410609&w=2"
},
{
"name": "3207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3207"
},
{
"name": "VU#782243",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/782243"
},
{
"name": "20010820 Re: tdforum 1.2 Messageboard",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0281.html"
},
{
"name": "tdforum-cross-site-scripting(7009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7009"
}
]
}
}

140
2001/1xxx/CVE-2001-1466.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011230 blackshell1: Multiple Prolems with Vandykes SecureCRT",
"refsource" : "VULN-DEV",
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0967.html"
},
{
"name" : "VU#216227",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/216227"
},
{
"name" : "securecrt-ssh1-protocol-bo(10111)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011230 blackshell1: Multiple Prolems with Vandykes SecureCRT",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q4/0967.html"
},
{
"name": "securecrt-ssh1-protocol-bo(10111)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10111"
},
{
"name": "VU#216227",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/216227"
}
]
}
}

140
2001/1xxx/CVE-2001-1491.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011211 Browsers fails on big image count",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/245152"
},
{
"name" : "3684",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3684"
},
{
"name" : "win-browser-image-dos(7709)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-browser-image-dos(7709)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7709"
},
{
"name": "20011211 Browsers fails on big image count",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245152"
},
{
"name": "3684",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3684"
}
]
}
}

210
2008/1xxx/CVE-2008-1147.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka \"Algorithm X2\"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource" : "MISC",
"url" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name" : "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487658"
},
{
"name" : "20080206 Re: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2008/Feb/0052.html"
},
{
"name" : "20080206 RE: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2008/Feb/0063.html"
},
{
"name" : "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=",
"refsource" : "CONFIRM",
"url" : "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype="
},
{
"name" : "27647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27647"
},
{
"name" : "28819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28819"
},
{
"name" : "openbsd-prng-dns-spoofing(40329)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name" : "openbsd-xor-weak-security(41155)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 2-bit random hops (aka \"Algorithm X2\"), as used in OpenBSD 2.6 through 3.4, Mac OS X 10 through 10.5.1, FreeBSD 4.4 through 7.0, and DragonFlyBSD 1.0 through 1.10.1, allows remote attackers to guess sensitive values such as IP fragmentation IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as injection into TCP packets and OS fingerprinting."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openbsd-xor-weak-security(41155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41155"
},
{
"name": "20080206 RE: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2008/Feb/0063.html"
},
{
"name": "20080206 Re: A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2008/Feb/0052.html"
},
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "28819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28819"
},
{
"name": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype=",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/ip_id.c?rev=1.10;contenttype="
},
{
"name": "27647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27647"
}
]
}
}

140
2008/1xxx/CVE-2008-1839.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "28785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28785"
},
{
"name" : "29823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29823"
},
{
"name" : "work-systemecommerce-main-xss(41811)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multgiple cross-site scripting (XSS) vulnerabilities in module/main.php in WORK system e-commerce 4.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, and (3) year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29823"
},
{
"name": "28785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28785"
},
{
"name": "work-systemecommerce-main-xss(41811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41811"
}
]
}
}

170
2008/1xxx/CVE-2008-1896.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080416 Carbon Communities forum Multiple Vulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490923/100/0/threaded"
},
{
"name" : "5456",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5456"
},
{
"name" : "http://bugreport.ir/index.php?/35",
"refsource" : "MISC",
"url" : "http://bugreport.ir/index.php?/35"
},
{
"name" : "28806",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28806"
},
{
"name" : "29827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29827"
},
{
"name" : "carboncommunities-login-membersend-xss(41846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Redirect parameter to login.asp and the (2) OrderBy parameter to member_send.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugreport.ir/index.php?/35",
"refsource": "MISC",
"url": "http://bugreport.ir/index.php?/35"
},
{
"name": "29827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29827"
},
{
"name": "20080416 Carbon Communities forum Multiple Vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490923/100/0/threaded"
},
{
"name": "28806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28806"
},
{
"name": "carboncommunities-login-membersend-xss(41846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41846"
},
{
"name": "5456",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5456"
}
]
}
}

160
2008/5xxx/CVE-2008-5221.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5221",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5221",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7170",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7170"
},
{
"name" : "32384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32384"
},
{
"name" : "ADV-2008-3219",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3219"
},
{
"name" : "4631",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4631"
},
{
"name" : "wportfolio-userinfo-security-bypass(46772)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The account_save action in admin/userinfo.php in wPortfolio 0.3 and earlier does not require authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified password and password_retype parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4631",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4631"
},
{
"name": "7170",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7170"
},
{
"name": "ADV-2008-3219",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3219"
},
{
"name": "wportfolio-userinfo-security-bypass(46772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46772"
},
{
"name": "32384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32384"
}
]
}
}

280
2008/5xxx/CVE-2008-5285.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5285",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498562/100/0/threaded"
},
{
"name" : "20081211 rPSA-2008-0336-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
},
{
"name" : "20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html"
},
{
"name" : "[oss-security] 20081124 CVE Request -- wireshark",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/24/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=472737",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=472737"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-07.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
},
{
"name" : "MDVSA-2008:242",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:242"
},
{
"name" : "RHSA-2009:0313",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
},
{
"name" : "32422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32422"
},
{
"name" : "oval:org.mitre.oval:def:11351",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11351"
},
{
"name" : "34144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34144"
},
{
"name" : "ADV-2008-3231",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3231"
},
{
"name" : "1021275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021275"
},
{
"name" : "32840",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32840"
},
{
"name" : "4663",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081211 rPSA-2008-0336-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
},
{
"name": "MDVSA-2008:242",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:242"
},
{
"name": "32422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32422"
},
{
"name": "4663",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4663"
},
{
"name": "20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
},
{
"name": "1021275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021275"
},
{
"name": "[oss-security] 20081124 CVE Request -- wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/24/1"
},
{
"name": "34144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34144"
},
{
"name": "ADV-2008-3231",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3231"
},
{
"name": "oval:org.mitre.oval:def:11351",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11351"
},
{
"name": "32840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32840"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=472737",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=472737"
},
{
"name": "RHSA-2009:0313",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2008-07.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2008-07.html"
},
{
"name": "20081122 [SVRT-04-08] Vulnerability in WireShark 1.0.4 for DoS Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498562/100/0/threaded"
}
]
}
}

180
2008/5xxx/CVE-2008-5301.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a \"..\" (dot dot) in a script name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Dovecot] 20081117 ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions)",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot/2008-November/035259.html"
},
{
"name" : "USN-838-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-838-1"
},
{
"name" : "32582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32582"
},
{
"name" : "36904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36904"
},
{
"name" : "ADV-2008-3190",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3190"
},
{
"name" : "32768",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32768"
},
{
"name" : "managesieve-sieve-directory-traversal(46672)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a \"..\" (dot dot) in a script name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "managesieve-sieve-directory-traversal(46672)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46672"
},
{
"name": "ADV-2008-3190",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3190"
},
{
"name": "USN-838-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-838-1"
},
{
"name": "[Dovecot] 20081117 ManageSieve SECURITY hole: virtual users can edit scripts of other virtual users (all versions)",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot/2008-November/035259.html"
},
{
"name": "32768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32768"
},
{
"name": "36904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36904"
},
{
"name": "32582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32582"
}
]
}
}

140
2008/5xxx/CVE-2008-5582.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5192",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5192"
},
{
"name" : "28009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28009"
},
{
"name" : "4732",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the email parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5192",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5192"
},
{
"name": "28009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28009"
},
{
"name": "4732",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4732"
}
]
}
}

130
2008/5xxx/CVE-2008-5924.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "33499",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33499"
},
{
"name" : "33152",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events Diary allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33152"
},
{
"name": "33499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33499"
}
]
}
}

140
2008/5xxx/CVE-2008-5980.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7319",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7319"
},
{
"name" : "32929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32929"
},
{
"name" : "mailinglist-o12mail-info-disclosure(47023)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7319",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7319"
},
{
"name": "32929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32929"
},
{
"name": "mailinglist-o12mail-info-disclosure(47023)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47023"
}
]
}
}

160
2011/2xxx/CVE-2011-2024.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110601 Default Credentials Vulnerability in Cisco Network Registrar",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80121.shtml"
},
{
"name" : "48076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48076"
},
{
"name" : "72720",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72720"
},
{
"name" : "1025589",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025589"
},
{
"name" : "cisco-cns-registrar-default-account(67782)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/67782"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Network Registrar before 7.2 has a default administrative password, which makes it easier for remote attackers to obtain access via a TCP session, aka Bug ID CSCsm50627."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-cns-registrar-default-account(67782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67782"
},
{
"name": "1025589",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025589"
},
{
"name": "48076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48076"
},
{
"name": "72720",
"refsource": "OSVDB",
"url": "http://osvdb.org/72720"
},
{
"name": "20110601 Default Credentials Vulnerability in Cisco Network Registrar",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80121.shtml"
}
]
}
}

210
2011/2xxx/CVE-2011-2191.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110601 cherokee server admin vulnerable to csrf",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"name" : "[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"name" : "[oss-security] 20110603 Security issue in cherokee",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"name" : "[oss-security] 20110606 Re: Security issue in cherokee",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"name" : "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=713304",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name" : "https://launchpad.net/bugs/784632",
"refsource" : "CONFIRM",
"url" : "https://launchpad.net/bugs/784632"
},
{
"name" : "FEDORA-2011-12698",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"name" : "49772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49772"
},
{
"name" : "72693",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/72693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in Cherokee before 1.2.99 allows remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting (XSS) sequences, as demonstrated by a crafted nickname field to vserver/apply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49772"
},
{
"name": "20110601 cherokee server admin vulnerable to csrf",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2011/Jun/0"
},
{
"name": "[oss-security] 20110606 Re: Security issue in cherokee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/06/22"
},
{
"name": "FEDORA-2011-12698",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066222.html"
},
{
"name": "https://launchpad.net/bugs/784632",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/784632"
},
{
"name": "[oss-security] 20110602 CVE Request -- Cherokee -- server admin vulnerable to csrf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/02/2"
},
{
"name": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz",
"refsource": "CONFIRM",
"url": "http://www.cherokee-project.com/download/LATEST_is_1.2.99/cherokee-1.2.99.tar.gz"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=713304",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=713304"
},
{
"name": "[oss-security] 20110603 Security issue in cherokee",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/03/6"
},
{
"name": "72693",
"refsource": "OSVDB",
"url": "http://osvdb.org/72693"
}
]
}
}

160
2011/2xxx/CVE-2011-2798.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=87815",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=87815"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name" : "74248",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/74248"
},
{
"name" : "oval:org.mitre.oval:def:14284",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14284"
},
{
"name" : "google-chrome-schemes-sec-bypass(68960)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68960"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14284",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14284"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=87815",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=87815"
},
{
"name": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/08/stable-channel-update.html"
},
{
"name": "google-chrome-schemes-sec-bypass(68960)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68960"
},
{
"name": "74248",
"refsource": "OSVDB",
"url": "http://osvdb.org/74248"
}
]
}
}

220
2011/2xxx/CVE-2011-2869.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2012-03-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name" : "APPLE-SA-2012-03-07-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
},
{
"name" : "APPLE-SA-2012-03-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name" : "52365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52365"
},
{
"name" : "79908",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79908"
},
{
"name" : "oval:org.mitre.oval:def:16795",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16795"
},
{
"name" : "1026774",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026774"
},
{
"name" : "48274",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48274"
},
{
"name" : "48288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48288"
},
{
"name" : "48377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48377"
},
{
"name" : "apple-webkit-cve20112869-code-execution(73798)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73798"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16795",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16795"
},
{
"name": "52365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52365"
},
{
"name": "1026774",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026774"
},
{
"name": "48377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48377"
},
{
"name": "79908",
"refsource": "OSVDB",
"url": "http://osvdb.org/79908"
},
{
"name": "apple-webkit-cve20112869-code-execution(73798)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73798"
},
{
"name": "APPLE-SA-2012-03-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
},
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

140
2011/3xxx/CVE-2011-3944.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-3944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"
},
{
"name" : "http://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.ffmpeg.org/security.html"
},
{
"name" : "DSA-2855",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2855"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The smacker_decode_header_tree function in libavcodec/smacker.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via crafted Smacker data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2855",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2855"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1285baaab550e3e761590ef6dfb1d9bd9d1332e4"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
}

160
2013/0xxx/CVE-2013-0352.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0352",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0352",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "HPSBST02955",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "57365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57365"
},
{
"name" : "57126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57126"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57365"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
}
]
}
}

130
2013/0xxx/CVE-2013-0509.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21638183",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21638183"
},
{
"name" : "netcool-cve20130509-mib-bo(82334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool System Service Monitors (SSM) and Application Service Monitors (ASM) 4.0.0 before FP14 allows remote attackers to execute arbitrary code via a SQL transaction with a long table name that is not properly handled by a packet decoder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netcool-cve20130509-mib-bo(82334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82334"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21638183",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21638183"
}
]
}
}

210
2013/0xxx/CVE-2013-0747.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0747",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-0747",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-10.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733305",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733305"
},
{
"name" : "SUSE-SU-2013:0048",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name" : "SUSE-SU-2013:0049",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name" : "openSUSE-SU-2013:0131",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:0149",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name" : "USN-1681-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name" : "USN-1681-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-2"
},
{
"name" : "USN-1681-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name" : "oval:org.mitre.oval:def:16866",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16866"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The gPluginHandler.handleEvent function in the plugin handler in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not properly enforce the Same Origin Policy, which allows remote attackers to conduct clickjacking attacks via crafted JavaScript code that listens for a mutation event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0048",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00006.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733305",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733305"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-10.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-10.html"
},
{
"name": "openSUSE-SU-2013:0131",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00010.html"
},
{
"name": "USN-1681-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-4"
},
{
"name": "oval:org.mitre.oval:def:16866",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16866"
},
{
"name": "SUSE-SU-2013:0049",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00007.html"
},
{
"name": "USN-1681-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-1"
},
{
"name": "openSUSE-SU-2013:0149",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00017.html"
},
{
"name": "USN-1681-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1681-2"
}
]
}
}

34
2013/1xxx/CVE-2013-1099.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1099",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-1099",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

120
2013/1xxx/CVE-2013-1242.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1242",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1242",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the web framework in the server in Cisco Unified Presence (CUP) allows remote attackers to cause a denial of service (memory consumption) via malformed TCP packets, aka Bug ID CSCug38080."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130507 Cisco Unified Presence Memory Exhaustion Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1242"
}
]
}
}

180
2013/1xxx/CVE-2013-1577.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=46340&r2=46339&pathrev=46340",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=46340&r2=46339&pathrev=46340"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46340",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46340"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-01.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042"
},
{
"name" : "openSUSE-SU-2013:0276",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
},
{
"name" : "openSUSE-SU-2013:0285",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name" : "oval:org.mitre.oval:def:16253",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_sip_p_charging_func_addresses function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 does not properly handle offset data associated with a quoted string, which allows remote attackers to cause a denial of service (infinite loop) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-01.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8042"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=46340&r2=46339&pathrev=46340",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-sip.c?r1=46340&r2=46339&pathrev=46340"
},
{
"name": "openSUSE-SU-2013:0285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46340",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46340"
},
{
"name": "openSUSE-SU-2013:0276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
},
{
"name": "oval:org.mitre.oval:def:16253",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16253"
}
]
}
}

180
2013/3xxx/CVE-2013-3333.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-3333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
},
{
"name" : "RHSA-2013:0825",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
},
{
"name" : "SUSE-SU-2013:0798",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:0892",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
},
{
"name" : "openSUSE-SU-2013:0954",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
},
{
"name" : "oval:org.mitre.oval:def:16804",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16804"
},
{
"name" : "53442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2728, CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3334, and CVE-2013-3335."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0892",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
},
{
"name": "53442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53442"
},
{
"name": "SUSE-SU-2013:0798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0954",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
},
{
"name": "RHSA-2013:0825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
},
{
"name": "oval:org.mitre.oval:def:16804",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16804"
}
]
}
}

150
2013/4xxx/CVE-2013-4192.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q3/261"
},
{
"name" : "http://plone.org/products/plone-hotfix/releases/20130618",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name" : "http://plone.org/products/plone/security/advisories/20130618-announcement",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=978464",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plone.org/products/plone/security/advisories/20130618-announcement",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/20130618-announcement"
},
{
"name": "http://plone.org/products/plone-hotfix/releases/20130618",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone-hotfix/releases/20130618"
},
{
"name": "[oss-security] 20130801 Re: CVE Request -- Plone: 20130618 Hotfix (multiple vectors)",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/261"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=978464",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=978464"
}
]
}
}

160
2013/4xxx/CVE-2013-4419.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Libguestfs] 20131017 ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1016960",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1016960"
},
{
"name" : "RHSA-2013:1536",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1536.html"
},
{
"name" : "SUSE-SU-2013:1626",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html"
},
{
"name" : "55813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when using the --remote or --listen option, does not properly check the ownership of /tmp/.guestfish-$UID/ when creating a temporary socket file in this directory, which allows local users to write to the socket and execute arbitrary commands by creating /tmp/.guestfish-$UID/ in advance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1536",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1536.html"
},
{
"name": "55813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55813"
},
{
"name": "[Libguestfs] 20131017 ANNOUNCE: CVE-2013-4419: insecure temporary directory handling for guestfish's network socket",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libguestfs/2013-October/msg00031.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1016960",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1016960"
},
{
"name": "SUSE-SU-2013:1626",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00001.html"
}
]
}
}

34
2013/4xxx/CVE-2013-4561.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4561",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4561",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/5xxx/CVE-2013-5621.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5621",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-5621",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions."
}
]
}
}

240
2013/5xxx/CVE-2013-5895.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name" : "HPSBUX02972",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "SSRT101454",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name" : "RHSA-2014:0030",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name" : "64758",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64758"
},
{
"name" : "64906",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64906"
},
{
"name" : "102022",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102022"
},
{
"name" : "1029608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029608"
},
{
"name" : "56484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56484"
},
{
"name" : "56485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56485"
},
{
"name" : "56535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56535"
},
{
"name" : "oracle-cpujan2014-cve20135895(90353)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90353"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56484"
},
{
"name": "56535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56535"
},
{
"name": "RHSA-2014:0030",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0030.html"
},
{
"name": "56485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56485"
},
{
"name": "SSRT101454",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04166777"
},
{
"name": "64906",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64906"
},
{
"name": "HPSBUX02972",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139402697611681&w=2"
},
{
"name": "1029608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029608"
},
{
"name": "oracle-cpujan2014-cve20135895(90353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90353"
},
{
"name": "64758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64758"
},
{
"name": "102022",
"refsource": "OSVDB",
"url": "http://osvdb.org/102022"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html"
}
]
}
}

142
2017/12xxx/CVE-2017-12546.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-09-26T00:00:00",
"ID" : "CVE-2017-12546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "System Management Homepage for Windows and Linux",
"version" : {
"version_data" : [
{
"version_value" : "prior to 7.6.1"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "local buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-09-26T00:00:00",
"ID": "CVE-2017-12546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "System Management Homepage for Windows and Linux",
"version": {
"version_data": [
{
"version_value": "prior to 7.6.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us"
},
{
"name" : "101029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101029"
},
{
"name" : "1039437",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A local buffer overflow vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "local buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039437"
},
{
"name": "101029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101029"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us"
}
]
}
}

34
2017/12xxx/CVE-2017-12903.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12903",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12903",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/13xxx/CVE-2017-13041.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp6.c:icmp6_nodeinfo_print()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/f4b9e24c7384d882a7f434cc7413925bf871d63e"
},
{
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

34
2017/13xxx/CVE-2017-13345.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13345",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13345",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13527.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13527",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13527",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/16xxx/CVE-2017-16026.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "request node module",
"version" : {
"version_data" : [
{
"version_value" : ">=2.2.6 <2.47.0 || >2.51.0 <=2.67.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Through Sent Data (CWE-201)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "request node module",
"version": {
"version_data": [
{
"version_value": ">=2.2.6 <2.47.0 || >2.51.0 <=2.67.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/request/request/issues/1904",
"refsource" : "MISC",
"url" : "https://github.com/request/request/issues/1904"
},
{
"name" : "https://github.com/request/request/pull/2018",
"refsource" : "MISC",
"url" : "https://github.com/request/request/pull/2018"
},
{
"name" : "https://nodesecurity.io/advisories/309",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Through Sent Data (CWE-201)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/request/request/pull/2018",
"refsource": "MISC",
"url": "https://github.com/request/request/pull/2018"
},
{
"name": "https://nodesecurity.io/advisories/309",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/309"
},
{
"name": "https://github.com/request/request/issues/1904",
"refsource": "MISC",
"url": "https://github.com/request/request/issues/1904"
}
]
}
}

130
2017/16xxx/CVE-2017-16846.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource" : "MISC",
"url" : "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
},
{
"name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html",
"refsource" : "CONFIRM",
"url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /manageApplications.do?method=AddSubGroup haid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2017-16846.html"
},
{
"name": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2017/11/more-sql-injections-in-manageengine.html"
}
]
}
}

210
2017/16xxx/CVE-2017-16943.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2017/11/25/1",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/11/25/1"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/11/25/2",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/11/25/2"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/11/25/3",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2017/11/25/3"
},
{
"name" : "https://bugs.exim.org/show_bug.cgi?id=2199",
"refsource" : "MISC",
"url" : "https://bugs.exim.org/show_bug.cgi?id=2199"
},
{
"name" : "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde",
"refsource" : "MISC",
"url" : "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde"
},
{
"name" : "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4",
"refsource" : "MISC",
"url" : "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4"
},
{
"name" : "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944",
"refsource" : "MISC",
"url" : "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944"
},
{
"name" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
"refsource" : "MISC",
"url" : "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html"
},
{
"name" : "DSA-4053",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4053"
},
{
"name" : "1039872",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039872",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039872"
},
{
"name": "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html",
"refsource": "MISC",
"url": "https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html"
},
{
"name": "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde",
"refsource": "MISC",
"url": "https://git.exim.org/exim.git/commit/4090d62a4b25782129cc1643596dc2f6e8f63bde"
},
{
"name": "http://openwall.com/lists/oss-security/2017/11/25/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/11/25/3"
},
{
"name": "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944",
"refsource": "MISC",
"url": "https://github.com/LetUsFsck/PoC-Exploit-Mirror/tree/master/CVE-2017-16944"
},
{
"name": "http://openwall.com/lists/oss-security/2017/11/25/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/11/25/1"
},
{
"name": "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4",
"refsource": "MISC",
"url": "https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4"
},
{
"name": "http://openwall.com/lists/oss-security/2017/11/25/2",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2017/11/25/2"
},
{
"name": "DSA-4053",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4053"
},
{
"name": "https://bugs.exim.org/show_bug.cgi?id=2199",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=2199"
}
]
}
}

140
2017/17xxx/CVE-2017-17867.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17867",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17867",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43428",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43428/"
},
{
"name" : "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998",
"refsource" : "MISC",
"url" : "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name" : "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html",
"refsource" : "MISC",
"url" : "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users to execute arbitrary OS commands by modifying the leasetrigger field in the odhcpd configuration to specify an arbitrary program, as demonstrated by a program located on an SMB share. This issue existed because the /etc/uci-defaults directory was not being used to secure the OpenWrt configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2017/12/23/rce-inteno-iopsys.html"
},
{
"name": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998",
"refsource": "MISC",
"url": "http://public.inteno.se/?p=feed-inteno-openwrt.git;a=commit;h=efcc985a721107e72a66da4db66891ec54441998"
},
{
"name": "43428",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43428/"
}
]
}
}

34
2017/4xxx/CVE-2017-4335.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4335",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4335",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4502.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4502",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4502",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4531.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4531",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4531",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4844.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4844",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4844",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2018/18xxx/CVE-2018-18276.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18276",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18276",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/18xxx/CVE-2018-18676.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18676",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18676",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/18xxx/CVE-2018-18758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18758",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18758",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/18xxx/CVE-2018-18993.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-18993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CX-One (CX-Programmer and CX-Server)",
"version" : {
"version_data" : [
{
"version_value" : "CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-18993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-One (CX-Programmer and CX-Server)",
"version": {
"version_data": [
{
"version_value": "CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01"
},
{
"name" : "106106",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-338-01"
},
{
"name": "106106",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106106"
}
]
}
}

288
2018/1xxx/CVE-2018-1020.json
View File

@ -1,146 +1,146 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-1020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer 9",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name" : "Internet Explorer 11",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows 8.1 for 32-bit systems"
},
{
"version_value" : "Windows 8.1 for x64-based systems"
},
{
"version_value" : "Windows RT 8.1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2012 R2"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Internet Explorer 10",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2012"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-1020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer 9",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Internet Explorer 11",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Internet Explorer 10",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1020",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1020"
},
{
"name" : "103612",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103612"
},
{
"name" : "1040653",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1020",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1020"
},
{
"name": "1040653",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040653"
},
{
"name": "103612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103612"
}
]
}
}

34
2018/1xxx/CVE-2018-1586.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1586",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1586",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

336
2018/5xxx/CVE-2018-5129.json
View File

@ -1,170 +1,170 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.7"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.7"
}
]
}
},
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "59"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write with malformed IPC messages"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.7"
}
]
}
},
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "59"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name" : "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name" : "DSA-4139",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4139"
},
{
"name" : "DSA-4155",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4155"
},
{
"name" : "GLSA-201810-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-01"
},
{
"name" : "GLSA-201811-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-13"
},
{
"name" : "RHSA-2018:0526",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name" : "RHSA-2018:0527",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name" : "RHSA-2018:0647",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name" : "RHSA-2018:0648",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name" : "USN-3545-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3545-1/"
},
{
"name" : "USN-3596-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3596-1/"
},
{
"name" : "103388",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103388"
},
{
"name" : "1040514",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A lack of parameter validation on IPC messages results in a potential out-of-bounds write through malformed IPC messages. This can potentially allow for sandbox escape through memory corruption in the parent process. This vulnerability affects Thunderbird < 52.7, Firefox ESR < 52.7, and Firefox < 59."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write with malformed IPC messages"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4139",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4139"
},
{
"name": "GLSA-201810-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-01"
},
{
"name": "103388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103388"
},
{
"name": "GLSA-201811-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-13"
},
{
"name": "RHSA-2018:0527",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0527"
},
{
"name": "USN-3545-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3545-1/"
},
{
"name": "[debian-lts-announce] 20180315 [SECURITY] [DLA 1308-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00010.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-09/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-09/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-07/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-07/"
},
{
"name": "RHSA-2018:0526",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0526"
},
{
"name": "[debian-lts-announce] 20180329 [SECURITY] [DLA 1327-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00029.html"
},
{
"name": "DSA-4155",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4155"
},
{
"name": "RHSA-2018:0648",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0648"
},
{
"name": "RHSA-2018:0647",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0647"
},
{
"name": "1040514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040514"
},
{
"name": "USN-3596-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3596-1/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-06/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-06/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1428947"
}
]
}
}

120
2018/5xxx/CVE-2018-5360.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5360",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/540/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/540/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF before 4.0.6 mishandles the reading of TIFF files, as demonstrated by a heap-based buffer over-read in the ReadTIFFImage function in coders/tiff.c in GraphicsMagick 1.3.27."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/540/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/540/"
}
]
}
}

130
2018/5xxx/CVE-2018-5362.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/9003",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/9003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/wpglobus.md"
},
{
"name": "https://wpvulndb.com/vulnerabilities/9003",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9003"
}
]
}
}

120
2018/5xxx/CVE-2018-5866.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-5866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted Pointer Dereference in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

122
2018/5xxx/CVE-2018-5882.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-07-02T00:00:00",
"ID" : "CVE-2018-5882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Over-read in Multimedia"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-07-02T00:00:00",
"ID": "CVE-2018-5882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in Multimedia"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}