admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:08:41 +00:00
parent 0c4e7c516b
commit 84a136c8c8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3487 additions and 3487 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2002/0xxx/CVE-2002-0655.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0655", "ID": "CVE-2002-0655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CA-2002-23", "description_data": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2002-23.html" "lang": "eng",
}, "value": "OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code."
{ }
"name" : "VU#308891", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/308891" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CSSA-2002-033.0", "description": [
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2002-033.1", ]
"refsource" : "CALDERA", }
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt" ]
}, },
{ "references": {
"name" : "FreeBSD-SA-02:33", "reference_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc" "name": "MDKSA-2002:046",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php"
"name" : "MDKSA-2002:046", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-046.php" "name": "CSSA-2002-033.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.0.txt"
"name" : "CLA-2002:513", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513" "name": "CA-2002-23",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-23.html"
"name" : "5364", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5364" "name": "CSSA-2002-033.1",
} "refsource": "CALDERA",
] "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-033.1.txt"
} },
} {
"name": "CLA-2002:513",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513"
},
{
"name": "FreeBSD-SA-02:33",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc"
},
{
"name": "VU#308891",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/308891"
},
{
"name": "5364",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5364"
}
]
}
}

180
2002/1xxx/CVE-2002-1145.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1145", "ID": "CVE-2002-1145",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103487044122900&w=2" "lang": "eng",
}, "value": "The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions."
{ }
"name" : "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=ntbugtraq&m=103486356413404&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.nextgenss.com/advisories/mssql-webtasks.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/advisories/mssql-webtasks.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS02-061", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061" ]
}, },
{ "references": {
"name" : "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061", "reference_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml" "name": "5980",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5980"
"name" : "5980", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5980" "name": "http://www.nextgenss.com/advisories/mssql-webtasks.txt",
}, "refsource": "MISC",
{ "url": "http://www.nextgenss.com/advisories/mssql-webtasks.txt"
"name" : "mssql-webtask-gain-privileges(10388)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10388.php" "name": "mssql-webtask-gain-privileges(10388)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/10388.php"
} },
} {
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103487044122900&w=2"
},
{
"name": "MS02-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-061"
},
{
"name": "20021017 Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=103486356413404&w=2"
},
{
"name": "20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml"
}
]
}
}

200
2002/1xxx/CVE-2002-1181.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1181", "ID": "CVE-2002-1181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103651224215736&w=2" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the administrative web pages for Microsoft Internet Information Server (IIS) 4.0 through 5.1 allow remote attackers to execute HTML script as other users through (1) a certain ASP file in the IISHELP virtual directory, or (2) possibly other unknown attack vectors."
{ }
"name" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html", ]
"refsource" : "MISC", },
"url" : "http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS02-062", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "N-011", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/n-011.shtml" ]
}, },
{ "references": {
"name" : "6068", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6068" "name": "iis-admin-pages-xss(10501)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/10501.php"
"name" : "6072", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6072" "name": "6072",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6072"
"name" : "oval:org.mitre.oval:def:942", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942" "name": "oval:org.mitre.oval:def:942",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A942"
"name" : "oval:org.mitre.oval:def:944", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944" "name": "N-011",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/n-011.shtml"
"name" : "iis-admin-pages-xss(10501)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10501.php" "name": "6068",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6068"
} },
} {
"name": "http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/intelligence/SNSAdvisory/58.html"
},
{
"name": "oval:org.mitre.oval:def:944",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A944"
},
{
"name": "MS02-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062"
},
{
"name": "20021105 [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103651224215736&w=2"
}
]
}
}

140
2002/1xxx/CVE-2002-1227.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1227", "ID": "CVE-2002-1227",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-177", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-177" "lang": "eng",
}, "value": "PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users."
{ }
"name" : "pam-disabled-bypass-authentication(10405)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10405.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5994", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5994" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "pam-disabled-bypass-authentication(10405)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10405.php"
},
{
"name": "5994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5994"
},
{
"name": "DSA-177",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-177"
}
]
}
}

260
2002/1xxx/CVE-2002-1383.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1383", "ID": "CVE-2002-1383",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104032149026670&w=2" "lang": "eng",
}, "value": "Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun."
{ }
"name" : "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.idefense.com/advisory/12.19.02.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/12.19.02.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CSSA-2003-004.0", ]
"refsource" : "CALDERA", }
"url" : "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt" ]
}, },
{ "references": {
"name" : "RHSA-2002:295", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-295.html" "name": "7858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7858"
"name" : "SuSE-SA:2003:002", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2003_002_cups.html" "name": "7843",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7843"
"name" : "7907", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7907" "name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html"
"name" : "7756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7756/" "name": "9325",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/9325/"
"name" : "7794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7794" "name": "CSSA-2003-004.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt"
"name" : "7803", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7803" "name": "7756",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7756/"
"name" : "7843", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7843" "name": "7907",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7907"
"name" : "7858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7858" "name": "7913",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7913/"
"name" : "7913", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/7913/" "name": "7794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/7794"
"name" : "8080", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/8080/" "name": "SuSE-SA:2003:002",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2003_002_cups.html"
"name" : "9325", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/9325/" "name": "http://www.idefense.com/advisory/12.19.02.txt",
} "refsource": "MISC",
] "url": "http://www.idefense.com/advisory/12.19.02.txt"
} },
} {
"name": "RHSA-2002:295",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-295.html"
},
{
"name": "7803",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7803"
},
{
"name": "8080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8080/"
},
{
"name": "20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104032149026670&w=2"
}
]
}
}

150
2002/1xxx/CVE-2002-1798.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1798", "ID": "CVE-2002-1798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021002 Multiple Web Security Holes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html" "lang": "eng",
}, "value": "MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php."
{ }
"name" : "5851", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5851" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5855", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5855" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "midicart-php-access-upload(10306)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10306.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5855"
},
{
"name": "20021002 Multiple Web Security Holes",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html"
},
{
"name": "midicart-php-access-upload(10306)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10306.php"
},
{
"name": "5851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5851"
}
]
}
}

140
2002/1xxx/CVE-2002-1967.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1967", "ID": "CVE-2002-1967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020705 bug", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0005.html" "lang": "eng",
}, "value": "Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause a denial of service (disconnect) via a long (1) ctcp, (2) primsg, (3) msg, or (4) notice command."
{ }
"name" : "5185", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5185" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "xircon-client-command-dos(9516)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9516.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5185"
},
{
"name": "20020705 bug",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0005.html"
},
{
"name": "xircon-client-command-dos(9516)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9516.php"
}
]
}
}

190
2003/0xxx/CVE-2003-0003.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0003", "ID": "CVE-2003-0003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104394414713415&w=2" "lang": "eng",
}, "value": "Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information."
{ }
"name" : "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=ntbugtraq&m=104393588232166&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS03-001", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2003-03", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2003-03.html" ]
}, },
{ "references": {
"name" : "VU#610986", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/610986" "name": "MS03-001",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001"
"name" : "6666", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6666" "name": "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104394414713415&w=2"
"name" : "win-locator-bo(11132)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11132" "name": "oval:org.mitre.oval:def:103",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103"
"name" : "oval:org.mitre.oval:def:103", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103" "name": "win-locator-bo(11132)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11132"
} },
} {
"name": "6666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6666"
},
{
"name": "VU#610986",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/610986"
},
{
"name": "CA-2003-03",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-03.html"
},
{
"name": "20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=104393588232166&w=2"
}
]
}
}

150
2003/0xxx/CVE-2003-0208.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0208", "ID": "CVE-2003-0208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105033712615013&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field."
{ }
"name" : "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/securitynews/5XP0B0U9PE.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm"
},
{
"name": "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004514.html"
},
{
"name": "http://www.securiteam.com/securitynews/5XP0B0U9PE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/5XP0B0U9PE.html"
},
{
"name": "20030413 Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105033712615013&w=2"
}
]
}
}

120
2003/0xxx/CVE-2003-0314.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0314", "ID": "CVE-2003-0314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a \"</\" sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030516 Snowblind Web Server: multiple issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105311719128173&w=2" "lang": "eng",
} "value": "Snowblind Web Server 1.0 allows remote attackers to cause a denial of service (crash) via a URL that ends in a \"</\" sequence."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030516 Snowblind Web Server: multiple issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105311719128173&w=2"
}
]
}
}

34
2003/0xxx/CVE-2003-0534.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0534", "ID": "CVE-2003-0534",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2003/0xxx/CVE-2003-0779.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0779", "ID": "CVE-2003-0779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "A091103-1", "description_data": [
"refsource" : "ATSTAKE", {
"url" : "http://www.atstake.com/research/advisories/2003/a091103-1.txt" "lang": "eng",
} "value": "SQL injection vulnerability in the Call Detail Record (CDR) logging functionality for Asterisk allows remote attackers to execute arbitrary SQL via a CallerID string."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "A091103-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2003/a091103-1.txt"
}
]
}
}

180
2003/1xxx/CVE-2003-1120.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1120", "ID": "CVE-2003-1120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ssh.com/company/newsroom/article/520/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ssh.com/company/newsroom/article/520/" "lang": "eng",
}, "value": "Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the password change plugin (ssh-passwd-plugin) is enabled, allows local users to obtain the server's private key."
{ }
"name" : "VU#814198", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/814198" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9956", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9956" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4491", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/displayvuln.php?osvdb_id=4491" ]
}, },
{ "references": {
"name" : "1009532", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2004/Mar/1009532.html" "name": "4491",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/displayvuln.php?osvdb_id=4491"
"name" : "11193", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11193" "name": "http://www.ssh.com/company/newsroom/article/520/",
}, "refsource": "CONFIRM",
{ "url": "http://www.ssh.com/company/newsroom/article/520/"
"name" : "sshtectiaserver-passwdplugin-race-condition(15585)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585" "name": "1009532",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/alerts/2004/Mar/1009532.html"
} },
} {
"name": "sshtectiaserver-passwdplugin-race-condition(15585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15585"
},
{
"name": "9956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9956"
},
{
"name": "11193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11193"
},
{
"name": "VU#814198",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/814198"
}
]
}
}

160
2004/2xxx/CVE-2004-2028.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2028", "ID": "CVE-2004-2028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040521 e107 web portal Referers HTTP Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108515632622796&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php."
{ }
"name" : "10395", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10395" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6345", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6345" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11693", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11693" ]
}, },
{ "references": {
"name" : "e107-log-xss(16231)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231" "name": "11693",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/11693"
} },
} {
"name": "6345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6345"
},
{
"name": "20040521 e107 web portal Referers HTTP Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108515632622796&w=2"
},
{
"name": "10395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10395"
},
{
"name": "e107-log-xss(16231)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16231"
}
]
}
}

210
2004/2xxx/CVE-2004-2172.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2172", "ID": "CVE-2004-2172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html" "lang": "eng",
}, "value": "EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack."
{ }
"name" : "20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/354288" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040218 Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.s-quadra.com/advisories/Adv-20040216.txt", ]
"refsource" : "MISC", }
"url" : "http://www.s-quadra.com/advisories/Adv-20040216.txt" ]
}, },
{ "references": {
"name" : "http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt" "name": "20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/354288"
"name" : "9669", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9669" "name": "9669",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9669"
"name" : "3979", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3979" "name": "http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt"
"name" : "1009085", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2004/Feb/1009085.html" "name": "1009085",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/alerts/2004/Feb/1009085.html"
"name" : "10898", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10898" "name": "20040216 EarlyImpact ProductCart shopping cart software multiple security vulnerabilities",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html"
"name" : "productcart-keystream-obtain-information(15231)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15231" "name": "productcart-keystream-obtain-information(15231)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15231"
} },
} {
"name": "http://www.s-quadra.com/advisories/Adv-20040216.txt",
"refsource": "MISC",
"url": "http://www.s-quadra.com/advisories/Adv-20040216.txt"
},
{
"name": "3979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3979"
},
{
"name": "20040218 Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html"
},
{
"name": "10898",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10898"
}
]
}
}

200
2004/2xxx/CVE-2004-2764.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2764", "ID": "CVE-2004-2764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka \"XML sniffing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040808 Java XSLT security advisory addendum", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/371208" "lang": "eng",
}, "value": "Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka \"XML sniffing.\""
{ }
"name" : "HPSBUX01087", ]
"refsource" : "HP", },
"url" : "http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT4806", "description": [
"refsource" : "HP", {
"url" : "http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57613", ]
"refsource" : "SUNALERT", }
"url" : "http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html" ]
}, },
{ "references": {
"name" : "10844", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10844" "name": "HPSBUX01087",
}, "refsource": "HP",
{ "url": "http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d"
"name" : "8288", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/8288" "name": "sun-xslt-applet-gain-privileges(16864)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16864"
"name" : "1011661", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1011661" "name": "8288",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/8288"
"name" : "12206", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12206" "name": "57613",
}, "refsource": "SUNALERT",
{ "url": "http://archive.cert.uni-stuttgart.de/uniras/2004/08/msg00007.html"
"name" : "sun-xslt-applet-gain-privileges(16864)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16864" "name": "1011661",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1011661"
} },
} {
"name": "20040808 Java XSLT security advisory addendum",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/371208"
},
{
"name": "12206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12206"
},
{
"name": "SSRT4806",
"refsource": "HP",
"url": "http://groups.google.com/group/comp.security.unix/tree/browse_frm/month/2004-10/fe63f1daa9689d50?rnum=161&_done=%2Fgroup%2Fcomp.security.unix%2Fbrowse_frm%2Fmonth%2F2004-10%3Ffwc%3D1%26#doc_29036353582c690d"
},
{
"name": "10844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10844"
}
]
}
}

200
2008/2xxx/CVE-2008-2621.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2621", "ID": "CVE-2008-2621",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, and CVE-2008-2622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2616, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, and CVE-2008-2622."
{ }
"name" : "HPSBMA02133", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT061201", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2115", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2115" ]
}, },
{ "references": {
"name" : "ADV-2008-2109", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2109/references" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html"
"name" : "1020497", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020497" "name": "ADV-2008-2115",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2115"
"name" : "31113", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31113" "name": "SSRT061201",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
"name" : "31087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31087" "name": "1020497",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020497"
"name" : "oracle-peopsoft-peoptools-unspecified(43822)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43822" "name": "HPSBMA02133",
} "refsource": "HP",
] "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00727143"
} },
} {
"name": "ADV-2008-2109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2109/references"
},
{
"name": "31087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31087"
},
{
"name": "oracle-peopsoft-peoptools-unspecified(43822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43822"
},
{
"name": "31113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31113"
}
]
}
}

170
2012/0xxx/CVE-2012-0256.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-0256", "ID": "CVE-2012-0256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html" "lang": "eng",
}, "value": "Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before 3.1.3 does not properly allocate heap memory, which allows remote attackers to cause a denial of service (daemon crash) via a long HTTP Host header."
{ }
"name" : "20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2012/Mar/260" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.cert.fi/en/reports/2012/vulnerability612884.html", "description": [
"refsource" : "MISC", {
"url" : "https://www.cert.fi/en/reports/2012/vulnerability612884.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://trafficserver.apache.org/downloads", ]
"refsource" : "CONFIRM", }
"url" : "http://trafficserver.apache.org/downloads" ]
}, },
{ "references": {
"name" : "52696", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52696" "name": "20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0118.html"
"name" : "1026847", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026847" "name": "20120322 [ANNOUNCE] Apache Traffic Server releases for security incident CVE-2012-0256",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2012/Mar/260"
} },
} {
"name": "52696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52696"
},
{
"name": "https://www.cert.fi/en/reports/2012/vulnerability612884.html",
"refsource": "MISC",
"url": "https://www.cert.fi/en/reports/2012/vulnerability612884.html"
},
{
"name": "1026847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026847"
},
{
"name": "http://trafficserver.apache.org/downloads",
"refsource": "CONFIRM",
"url": "http://trafficserver.apache.org/downloads"
}
]
}
}

310
2012/0xxx/CVE-2012-0845.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0845", "ID": "CVE-2012-0845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120213 Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/02/13/4" "lang": "eng",
}, "value": "SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC POST request that contains a smaller amount of data than specified by the Content-Length header."
{ }
"name" : "http://bugs.python.org/issue14001", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.python.org/issue14001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://python.org/download/releases/2.6.8/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://python.org/download/releases/2.6.8/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://python.org/download/releases/2.7.3/", ]
"refsource" : "CONFIRM", }
"url" : "http://python.org/download/releases/2.7.3/" ]
}, },
{ "references": {
"name" : "http://python.org/download/releases/3.1.5/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://python.org/download/releases/3.1.5/" "name": "[oss-security] 20120213 Re: CVE Request -- python (SimpleXMLRPCServer): DoS (excessive CPU usage) via malformed XML-RPC / HTTP POST request",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/02/13/4"
"name" : "http://python.org/download/releases/3.2.3/", },
"refsource" : "CONFIRM", {
"url" : "http://python.org/download/releases/3.2.3/" "name": "USN-1615-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1615-1"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=789790", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=789790" "name": "http://python.org/download/releases/3.2.3/",
}, "refsource": "CONFIRM",
{ "url": "http://python.org/download/releases/3.2.3/"
"name" : "APPLE-SA-2013-10-22-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" "name": "http://bugs.python.org/issue14001",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.python.org/issue14001"
"name" : "USN-1596-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1596-1" "name": "51087",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51087"
"name" : "USN-1613-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1613-2" "name": "USN-1592-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1592-1"
"name" : "USN-1592-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1592-1" "name": "1026689",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026689"
"name" : "USN-1613-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1613-1" "name": "USN-1616-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1616-1"
"name" : "USN-1615-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1615-1" "name": "51040",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51040"
"name" : "USN-1616-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1616-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=789790",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=789790"
"name" : "1026689", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026689" "name": "APPLE-SA-2013-10-22-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
"name" : "51089", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51089" "name": "50858",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50858"
"name" : "50858", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50858" "name": "51089",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51089"
"name" : "51024", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51024" "name": "http://python.org/download/releases/2.6.8/",
}, "refsource": "CONFIRM",
{ "url": "http://python.org/download/releases/2.6.8/"
"name" : "51040", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51040" "name": "USN-1596-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1596-1"
"name" : "51087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51087" "name": "USN-1613-2",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1613-2"
} },
} {
"name": "51024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51024"
},
{
"name": "USN-1613-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1613-1"
},
{
"name": "http://python.org/download/releases/3.1.5/",
"refsource": "CONFIRM",
"url": "http://python.org/download/releases/3.1.5/"
},
{
"name": "http://python.org/download/releases/2.7.3/",
"refsource": "CONFIRM",
"url": "http://python.org/download/releases/2.7.3/"
}
]
}
}

34
2012/1xxx/CVE-2012-1306.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1306", "ID": "CVE-2012-1306",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2012/1xxx/CVE-2012-1603.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1603", "ID": "CVE-2012-1603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS 0.6 allow remote attackers to execute arbitrary SQL commands via the (1) curstr parameter in the findUsers function, (2) id parameter in the isIdAvailable function, or (3) username parameter in the getGreetings function."
{ }
"name" : "[oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/03/29/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/30/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html" ]
}, },
{ "references": {
"name" : "http://www.waraxe.us/advisory-80.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.waraxe.us/advisory-80.html" "name": "[oss-security] 20120329 Re: CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/30/2"
"name" : "52728", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52728" "name": "52728",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52728"
"name" : "80637", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/80637" "name": "20120327 [waraxe-2012-SA#080] - Multiple Vulnerabilities in NextBBS 0.6.0",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0135.html"
} },
} {
"name": "http://www.waraxe.us/advisory-80.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-80.html"
},
{
"name": "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111250/NextBBS-0.6.0-Authentication-Bypass-SQL-Injection-XSS.html"
},
{
"name": "[oss-security] 20120329 CVE-request: NextBBS 0.6.0 waraxe-2012-SA#080",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/29/8"
},
{
"name": "80637",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80637"
}
]
}
}

170
2012/1xxx/CVE-2012-1858.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1858", "ID": "CVE-2012-1858",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka \"HTML Sanitization Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" "lang": "eng",
}, "value": "The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka \"HTML Sanitization Vulnerability.\""
{ }
"name" : "MS12-039", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS12-050", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA12-164A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" ]
}, },
{ "references": {
"name" : "TA12-192A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" "name": "TA12-192A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
"name" : "oval:org.mitre.oval:def:15530", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530" "name": "MS12-050",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050"
} },
} {
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "MS12-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name": "oval:org.mitre.oval:def:15530",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15530"
},
{
"name": "MS12-039",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-039"
}
]
}
}

140
2012/4xxx/CVE-2012-4443.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4443", "ID": "CVE-2012-4443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120921 Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/21/10" "lang": "eng",
}, "value": "Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688879"
},
{
"name": "[oss-security] 20120921 Re: CVE-request: monkey CGI scripts executed without dropping RUID/RGID root",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/21/10"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688008"
}
]
}
}

130
2012/4xxx/CVE-2012-4917.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2012-4917", "ID": "CVE-2012-4917",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "57535", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57535" "lang": "eng",
}, "value": "The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
{ }
"name" : "51410", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/51410" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57535"
},
{
"name": "51410",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51410"
}
]
}
}

150
2012/5xxx/CVE-2012-5054.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5054", "ID": "CVE-2012-5054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html" "lang": "eng",
}, "value": "Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-19.html", ]
"refsource" : "MISC", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-19.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vupen.com/english/services/ba-index.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.vupen.com/english/services/ba-index.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "adobe-flash-matrix3d-overflow(78866)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78866" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.adobe.com/support/security/bulletins/apsb12-19.html",
"refsource": "MISC",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-19.html"
},
{
"name": "http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/116435/Adobe-Flash-Player-Matrix3D-Integer-Overflow-Code-Execution.html"
},
{
"name": "adobe-flash-matrix3d-overflow(78866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78866"
},
{
"name": "http://www.vupen.com/english/services/ba-index.php",
"refsource": "MISC",
"url": "http://www.vupen.com/english/services/ba-index.php"
}
]
}
}

350
2012/5xxx/CVE-2012-5077.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-5077", "ID": "CVE-2012-5077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security."
{ }
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201406-32", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" ]
}, },
{ "references": {
"name" : "HPSBUX02832", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" "name": "SUSE-SU-2012:1398",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
"name" : "SSRT101042", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "HPSBOV02833", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html"
"name" : "SSRT101043", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" "name": "RHSA-2012:1386",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
"name" : "RHSA-2012:1385", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" "name": "51141",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51141"
"name" : "RHSA-2012:1386", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" "name": "SSRT101043",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
"name" : "RHSA-2012:1391", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" "name": "openSUSE-SU-2012:1423",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html"
"name" : "RHSA-2012:1392", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" "name": "RHSA-2012:1391",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
"name" : "RHSA-2012:1467", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" "name": "51029",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51029"
"name" : "openSUSE-SU-2012:1423", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" "name": "56058",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56058"
"name" : "SUSE-SU-2012:1398", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" "name": "HPSBOV02833",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
"name" : "56058", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56058" "name": "51166",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51166"
"name" : "oval:org.mitre.oval:def:16585", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16585" "name": "51390",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51390"
"name" : "51028", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51028" "name": "RHSA-2012:1392",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html"
"name" : "51029", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51029" "name": "javaruntimeenvironment-sec-info-disc(79437)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79437"
"name" : "51141", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51141" "name": "RHSA-2012:1467",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
"name" : "51326", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51326" "name": "oval:org.mitre.oval:def:16585",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16585"
"name" : "51390", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51390" "name": "SSRT101042",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
"name" : "51166", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51166" "name": "51028",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51028"
"name" : "javaruntimeenvironment-sec-info-disc(79437)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79437" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
} },
} {
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
},
{
"name": "RHSA-2012:1385",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name": "HPSBUX02832",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
}
]
}
}

34
2012/5xxx/CVE-2012-5880.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5880", "ID": "CVE-2012-5880",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

166
2017/3xxx/CVE-2017-3350.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3350", "ID": "CVE-2017-3350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Marketing", "product_name": "Marketing",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95500", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95500" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95500"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

150
2017/3xxx/CVE-2017-3883.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-3883", "ID": "CVE-2017-3883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty" "lang": "eng",
}, "value": "A vulnerability in the authentication, authorization, and accounting (AAA) implementation of Cisco Firepower Extensible Operating System (FXOS) and NX-OS System Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability occurs because AAA processes prevent the NX-OS System Manager from receiving keepalive messages when an affected device receives a high rate of login attempts, such as in a brute-force login attack. System memory can run low on the FXOS devices under the same conditions, which could cause the AAA process to unexpectedly restart or cause the device to reload. An attacker could exploit this vulnerability by performing a brute-force login attack against a device that is configured with AAA security services. A successful exploit could allow the attacker to cause the affected device to reload. This vulnerability affects the following Cisco products if they are running Cisco FXOS or NX-OS System Software that is configured for AAA services: Firepower 4100 Series Next-Generation Firewall, Firepower 9300 Security Appliance, Multilayer Director Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5000 Series Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, Unified Computing System (UCS) 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuq58760, CSCuq71257, CSCur97432, CSCus05214, CSCux54898, CSCvc33141, CSCvd36971, CSCve03660."
{ }
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us", ]
"refsource" : "CONFIRM", },
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101493", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101493" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1039614", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039614" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1039614",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039614"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171018-aaavty"
},
{
"name": "101493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101493"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03846en_us"
}
]
}
}

140
2017/6xxx/CVE-2017-6391.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6391", "ID": "CVE-2017-6391",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"admin_console/web/tools/SimpleJWPlayer.php\" URL, the \"admin_console/web/tools/AkamaiBroadcaster.php\" URL, the \"admin_console/web/tools/bigRedButton.php\" URL, and the \"admin_console/web/tools/bigRedButtonPtsPoc.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337" "lang": "eng",
}, "value": "An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the \"admin_console/web/tools/SimpleJWPlayer.php\" URL, the \"admin_console/web/tools/AkamaiBroadcaster.php\" URL, the \"admin_console/web/tools/bigRedButton.php\" URL, and the \"admin_console/web/tools/bigRedButtonPtsPoc.php\" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website."
{ }
"name" : "https://github.com/kaltura/server/issues/5300", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/kaltura/server/issues/5300" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96534", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96534" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96534"
},
{
"name": "https://github.com/kaltura/server/issues/5300",
"refsource": "CONFIRM",
"url": "https://github.com/kaltura/server/issues/5300"
},
{
"name": "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337",
"refsource": "CONFIRM",
"url": "https://github.com/kaltura/server/commit/041a6d5e8336f7713985b120139c8f4b6279a337"
}
]
}
}

34
2017/6xxx/CVE-2017-6593.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6593", "ID": "CVE-2017-6593",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/7xxx/CVE-2017-7137.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7137", "ID": "CVE-2017-7137",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the \"ld64\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208103", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208103" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. Xcode before 9 is affected. The issue involves the \"ld64\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Mach-O file."
{ }
"name" : "100894", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100894" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039386", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039386" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "100894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100894"
},
{
"name": "https://support.apple.com/HT208103",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208103"
},
{
"name": "1039386",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039386"
}
]
}
}

142
2017/7xxx/CVE-2017-7344.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@fortinet.com", "ASSIGNER": "psirt@fortinet.com",
"DATE_PUBLIC" : "2017-12-12T00:00:00", "DATE_PUBLIC": "2017-12-12T00:00:00",
"ID" : "CVE-2017-7344", "ID": "CVE-2017-7344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FortiClientWindows", "product_name": "FortiClientWindows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0" "version_value": "5.6.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Fortinet, Inc." "vendor_name": "Fortinet, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/", "description_data": [
"refsource" : "MISC", {
"url" : "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/" "lang": "eng",
}, "value": "A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows \"security alert\" dialog thereby popping up when the \"VPN before logon\" feature is enabled and an untrusted certificate chain."
{ }
"name" : "https://fortiguard.com/advisory/FG-IR-17-070", ]
"refsource" : "CONFIRM", },
"url" : "https://fortiguard.com/advisory/FG-IR-17-070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "102176", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102176" "lang": "eng",
} "value": "Escalation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/",
"refsource": "MISC",
"url": "https://securite.intrinsec.com/2017/12/22/cve-2017-7344-fortinet-forticlient-windows-privilege-escalation-at-logon/"
},
{
"name": "102176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102176"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-17-070",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-17-070"
}
]
}
}

160
2017/7xxx/CVE-2017-7476.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7476", "ID": "CVE-2017-7476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Gnulib before 2017-04-26", "product_name": "Gnulib before 2017-04-26",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Gnulib before 2017-04-26" "version_value": "Gnulib before 2017-04-26"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap-based buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4" "lang": "eng",
}, "value": "Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the save_abbr function in time_rz.c."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1444774", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1444774" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1445185", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1445185" "lang": "eng",
}, "value": "heap-based buffer overflow"
{ }
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-7476", ]
"refsource" : "CONFIRM", }
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-7476" ]
}, },
{ "references": {
"name" : "98098", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98098" "name": "https://security-tracker.debian.org/tracker/CVE-2017-7476",
} "refsource": "CONFIRM",
] "url": "https://security-tracker.debian.org/tracker/CVE-2017-7476"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1445185"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1444774"
},
{
"name": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commit;h=94e01571507835ff59dd8ce2a0b56a4b566965a4"
},
{
"name": "98098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98098"
}
]
}
}

150
2017/7xxx/CVE-2017-7907.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7907", "ID": "CVE-2017-7907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Schneider Electric Wonderware Historian Client", "product_name": "Schneider Electric Wonderware Historian Client",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Schneider Electric Wonderware Historian Client" "version_value": "Schneider Electric Wonderware Historian Client"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/", "description_data": [
"refsource" : "MISC", {
"url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/" "lang": "eng",
}, "value": "An Improper XML Parser Configuration issue was discovered in Schneider Electric Wonderware Historian Client 2014 R2 SP1 and prior. An improperly restricted XML parser (with improper restriction of XML external entity reference, or XXE) may allow an attacker to enter malicious input through the application which could cause a denial of service or disclose file contents from a server or connected network."
{ }
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01", ]
"refsource" : "MISC", },
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98254", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98254" "lang": "eng",
}, "value": "CWE-611"
{ }
"name" : "1038542", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038542" ]
} },
] "references": {
} "reference_data": [
} {
"name": "98254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98254"
},
{
"name": "1038542",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038542"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-01"
},
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000120/"
}
]
}
}

142
2017/8xxx/CVE-2017-8569.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-8569", "ID": "CVE-2017-8569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft SharePoint Enterprise Server 2016", "product_name": "Microsoft SharePoint Enterprise Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft SharePoint Enterprise Server 2016" "version_value": "Microsoft SharePoint Enterprise Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka \"SharePoint Server XSS Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8569", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8569" "lang": "eng",
}, "value": "Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka \"SharePoint Server XSS Vulnerability\"."
{ }
"name" : "99447", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99447" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038861", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038861" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8569",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2017-8569"
},
{
"name": "99447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99447"
},
{
"name": "1038861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038861"
}
]
}
}

34
2018/10xxx/CVE-2018-10270.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10270", "ID": "CVE-2018-10270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/10xxx/CVE-2018-10280.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10280", "ID": "CVE-2018-10280",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/10xxx/CVE-2018-10372.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10372", "ID": "CVE-2018-10372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23064", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23064" "lang": "eng",
}, "value": "process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted binary file, as demonstrated by readelf."
{ }
"name" : "RHSA-2018:3032", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3032" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103976", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103976" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103976"
},
{
"name": "RHSA-2018:3032",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3032"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23064",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23064"
}
]
}
}

140
2018/10xxx/CVE-2018-10507.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2018-10507", "ID": "CVE-2018-10507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro OfficeScan", "product_name": "Trend Micro OfficeScan",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.0 SP1, XG" "version_value": "11.0 SP1, XG"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Permissions"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44858", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44858/" "lang": "eng",
}, "value": "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to take a series of steps to bypass or render the OfficeScan Unauthorized Change Prevention inoperable on vulnerable installations. An attacker must already have administrator privileges in order to exploit this vulnerability."
{ }
"name" : "http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt", ]
"refsource" : "MISC", },
"url" : "http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://success.trendmicro.com/solution/1119961", "description": [
"refsource" : "CONFIRM", {
"url" : "https://success.trendmicro.com/solution/1119961" "lang": "eng",
} "value": "Insecure Permissions"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt"
},
{
"name": "https://success.trendmicro.com/solution/1119961",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119961"
},
{
"name": "44858",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44858/"
}
]
}
}

130
2018/10xxx/CVE-2018-10805.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10805", "ID": "CVE-2018-10805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1054", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1054" "lang": "eng",
}, "value": "ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage in coders/ycbcr.c."
{ }
"name" : "USN-3681-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3681-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1054",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1054"
},
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
}
]
}
}

34
2018/13xxx/CVE-2018-13381.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13381", "ID": "CVE-2018-13381",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17520.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17520", "ID": "CVE-2018-17520",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/17xxx/CVE-2018-17567.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17567", "ID": "CVE-2018-17567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the \"include\" key in the \"_config.yml\" file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/jekyll/jekyll/pull/7224", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/jekyll/jekyll/pull/7224" "lang": "eng",
}, "value": "Jekyll through 3.6.2, 3.7.x through 3.7.3, and 3.8.x through 3.8.3 allows attackers to access arbitrary files by specifying a symlink in the \"include\" key in the \"_config.yml\" file."
{ }
"name" : "https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/", ]
"refsource" : "CONFIRM", },
"url" : "https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jekyll/jekyll/pull/7224",
"refsource": "CONFIRM",
"url": "https://github.com/jekyll/jekyll/pull/7224"
},
{
"name": "https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/",
"refsource": "CONFIRM",
"url": "https://jekyllrb.com/news/2018/09/19/security-fixes-for-3-6-3-7-3-8/"
}
]
}
}

130
2018/17xxx/CVE-2018-17685.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17685", "ID": "CVE-2018-17685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Reader", "product_name": "Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1204/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1204/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6819."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1204/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1204/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/17xxx/CVE-2018-17833.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17833", "ID": "CVE-2018-17833",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20506.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20506", "ID": "CVE-2018-20506",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/9xxx/CVE-2018-9021.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vuln@ca.com", "ASSIGNER": "vuln@ca.com",
"DATE_PUBLIC" : "2018-06-14T00:00:00", "DATE_PUBLIC": "2018-06-14T00:00:00",
"ID" : "CVE-2018-9021", "ID": "CVE-2018-9021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CA Privileged Access Manager", "product_name": "CA Privileged Access Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.8.2 and earlier" "version_value": "2.8.2 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "CA Technologies" "vendor_name": "CA Technologies"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html" "lang": "eng",
}, "value": "An authentication bypass vulnerability in CA Privileged Access Manager 2.8.2 and earlier allows remote attackers to execute arbitrary commands with specially crafted requests."
{ }
"name" : "104496", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104496" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Authentication Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104496"
},
{
"name": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html",
"refsource": "CONFIRM",
"url": "https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html"
}
]
}
}

34
2018/9xxx/CVE-2018-9094.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9094", "ID": "CVE-2018-9094",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9629.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9629", "ID": "CVE-2018-9629",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9699.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9699", "ID": "CVE-2018-9699",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2018/9xxx/CVE-2018-9989.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9989", "ID": "CVE-2018-9989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html" "lang": "eng",
}, "value": "ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input."
{ }
"name" : "https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released", ]
"refsource" : "CONFIRM", }
"url" : "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"
},
{
"name": "https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e",
"refsource": "CONFIRM",
"url": "https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e"
},
{
"name": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released"
},
{
"name": "https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e",
"refsource": "CONFIRM",
"url": "https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e"
}
]
}
}