admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:05:07 +00:00
parent 55e3c54248
commit 8764a4337b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3421 additions and 3421 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0490.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0490", "ID": "CVE-2002-0490",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020323 Instant Web Mail additional POP3 commands and mail headers", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/264041" "lang": "eng",
}, "value": "Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php."
{ }
"name" : "http://instantwebmail.sourceforge.net/#changeLog", ]
"refsource" : "CONFIRM", },
"url" : "http://instantwebmail.sourceforge.net/#changeLog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "instant-webmail-pop-commands(8650)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8650.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4361", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4361" ]
} },
] "references": {
} "reference_data": [
} {
"name": "instant-webmail-pop-commands(8650)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8650.php"
},
{
"name": "4361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4361"
},
{
"name": "20020323 Instant Web Mail additional POP3 commands and mail headers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/264041"
},
{
"name": "http://instantwebmail.sourceforge.net/#changeLog",
"refsource": "CONFIRM",
"url": "http://instantwebmail.sourceforge.net/#changeLog"
}
]
}
}

170
2002/1xxx/CVE-2002-1242.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1242", "ID": "CVE-2002-1242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.idefense.com/advisory/10.31.02c.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/10.31.02c.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the \"bio\" argument to modules.php."
{ }
"name" : "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=103616324103171&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpnuke-accountmanager-sql-injection(10516)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10516.php" ]
}, },
{ "references": {
"name" : "6088", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6088" "name": "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html"
"name" : "6244", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6244" "name": "6088",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6088"
} },
} {
"name": "20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103616324103171&w=2"
},
{
"name": "phpnuke-accountmanager-sql-injection(10516)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10516.php"
},
{
"name": "6244",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6244"
},
{
"name": "http://www.idefense.com/advisory/10.31.02c.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/10.31.02c.txt"
}
]
}
}

140
2002/1xxx/CVE-2002-1566.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1566", "ID": "CVE-2002-1566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020909 netris-0.5.", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://marc.info/?l=vuln-dev&m=103158692532256&w=2" "lang": "eng",
}, "value": "netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284."
{ }
"name" : "5680", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5680" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netris-remote-bo(10081)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10081" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020909 netris-0.5.",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=103158692532256&w=2"
},
{
"name": "netris-remote-bo(10081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10081"
},
{
"name": "5680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5680"
}
]
}
}

140
2002/1xxx/CVE-2002-1719.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1719", "ID": "CVE-2002-1719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4079", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4079" "lang": "eng",
}, "value": "Unknown vulnerability in Bavo 0.3 allows remote attackers to modify posted messages."
{ }
"name" : "1003503", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1003503" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "bavo-unspecified-security-bypass(40988)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40988" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "bavo-unspecified-security-bypass(40988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40988"
},
{
"name": "1003503",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003503"
},
{
"name": "4079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4079"
}
]
}
}

180
2003/0xxx/CVE-2003-0193.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0193", "ID": "CVE-2003-0193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-575", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-575" "lang": "eng",
}, "value": "msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names (\"word$$.html\")."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11560", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11560" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11193", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/11193" ]
}, },
{ "references": {
"name" : "13021", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13021/" "name": "11193",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/11193"
"name" : "13022", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13022/" "name": "11560",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11560"
"name" : "catdoc-xlsview-symlink(16335)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335" "name": "13021",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/13021/"
} },
} {
"name": "13022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13022/"
},
{
"name": "catdoc-xlsview-symlink(16335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16335"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525"
},
{
"name": "DSA-575",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-575"
}
]
}
}

130
2003/0xxx/CVE-2003-0332.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0332", "ID": "CVE-2003-0332",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105346382524169&w=2" "lang": "eng",
}, "value": "The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via a filename with a .ats extension instead of a .hts extension."
{ }
"name" : "20030520 BadBlue Remote Administrative Interface Access Vulnerability", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030520 BadBlue Remote Administrative Interface Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105346382524169&w=2"
},
{
"name": "20030520 BadBlue Remote Administrative Interface Access Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0075.html"
}
]
}
}

120
2003/0xxx/CVE-2003-0636.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0636", "ID": "CVE-2003-0636",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm" "lang": "eng",
} "value": "Novell iChain 2.2 before Support Pack 1 does not properly verify that URL redirects match the DNS name of an accelerator, which allows attackers to redirect URLs to malicious web sites."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm"
}
]
}
}

200
2003/0xxx/CVE-2003-0743.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0743", "ID": "CVE-2003-0743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030901 exim remote heap overflow, probably not exploitable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106252015820395&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 and Exim 4 (exim4) before 4.21 may allow remote attackers to execute arbitrary code via an invalid (1) HELO or (2) EHLO argument with a large number of spaces followed by a NULL character and a newline, which is not properly trimmed before the \"(no argument given)\" string is appended to the buffer."
{ }
"name" : "20030903 Re: exim remote heap overflow, probably not exploitable", ]
"refsource" : "VULN-DEV", },
"url" : "http://marc.info/?l=vuln-dev&m=106264740820334&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[Exim] 20030814 Minor security bug", "description": [
"refsource" : "MLIST", {
"url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[Exim] 20030815 Minor security bug", ]
"refsource" : "MLIST", }
"url" : "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html" ]
}, },
{ "references": {
"name" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog" "name": "DSA-376",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2003/dsa-376"
"name" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog", },
"refsource" : "CONFIRM", {
"url" : "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog" "name": "CLA-2003:735",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735"
"name" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html" "name": "[Exim] 20030814 Minor security bug",
}, "refsource": "MLIST",
{ "url": "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057720.html"
"name" : "DSA-376", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2003/dsa-376" "name": "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.exim.org/pipermail/exim-announce/2003q3/000094.html"
"name" : "CLA-2003:735", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000735" "name": "20030901 exim remote heap overflow, probably not exploitable",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=106252015820395&w=2"
} },
} {
"name": "20030903 Re: exim remote heap overflow, probably not exploitable",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=106264740820334&w=2"
},
{
"name": "[Exim] 20030815 Minor security bug",
"refsource": "MLIST",
"url": "http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030811/057809.html"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/e/exim/exim_3.36-13/changelog"
},
{
"name": "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog",
"refsource": "CONFIRM",
"url": "http://packages.debian.org/changelogs/pool/main/e/exim4/exim4_4.34-10/changelog"
}
]
}
}

170
2003/1xxx/CVE-2003-1163.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1163", "ID": "CVE-2003-1163",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031106 DoS for Ganglia", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/343689" "lang": "eng",
}, "value": "hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denial of service (segmentation fault) via a UDP packet that contains a single-byte name string, which is used as an out-of-bounds array index."
{ }
"name" : "http://ganglia.sourceforge.net/", ]
"refsource" : "CONFIRM", },
"url" : "http://ganglia.sourceforge.net/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8988", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8988" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2787", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/2787" ]
}, },
{ "references": {
"name" : "10166", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10166" "name": "2787",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/2787"
"name" : "ganglia-gmond-dos(13631)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631" "name": "8988",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/8988"
} },
} {
"name": "20031106 DoS for Ganglia",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343689"
},
{
"name": "ganglia-gmond-dos(13631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13631"
},
{
"name": "10166",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10166"
},
{
"name": "http://ganglia.sourceforge.net/",
"refsource": "CONFIRM",
"url": "http://ganglia.sourceforge.net/"
}
]
}
}

160
2003/1xxx/CVE-2003-1317.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1317", "ID": "CVE-2003-1317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8506", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/8506" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "2480", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/2480" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1007592", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1007592" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9622", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/9622" ]
}, },
{ "references": {
"name" : "endonesia-mod-xss(13041)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041" "name": "9622",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/9622"
} },
} {
"name": "2480",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2480"
},
{
"name": "8506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8506"
},
{
"name": "1007592",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1007592"
},
{
"name": "endonesia-mod-xss(13041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041"
}
]
}
}

180
2003/1xxx/CVE-2003-1326.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1326", "ID": "CVE-2003-1326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS03-004", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004" "lang": "eng",
}, "value": "Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka \"Improper Cross Domain Security Validation with dialog box.\""
{ }
"name" : "N-038", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/n-038.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6779", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6779" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ie-dialog-zone-bypass(11258)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/11258.php" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:126", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126" "name": "6779",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6779"
"name" : "oval:org.mitre.oval:def:178", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178" "name": "oval:org.mitre.oval:def:126",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126"
"name" : "oval:org.mitre.oval:def:49", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49" "name": "ie-dialog-zone-bypass(11258)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/11258.php"
} },
} {
"name": "N-038",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-038.shtml"
},
{
"name": "oval:org.mitre.oval:def:49",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49"
},
{
"name": "oval:org.mitre.oval:def:178",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178"
},
{
"name": "MS03-004",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004"
}
]
}
}

130
2003/1xxx/CVE-2003-1502.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1502", "ID": "CVE-2003-1502",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031015 Mod-Throttle [was: client attacks server - XSS]", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html" "lang": "eng",
}, "value": "mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges."
{ }
"name" : "8822", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8822" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031015 Mod-Throttle [was: client attacks server - XSS]",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012043.html"
},
{
"name": "8822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8822"
}
]
}
}

180
2004/2xxx/CVE-2004-2554.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2554", "ID": "CVE-2004-2554",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm" "lang": "eng",
}, "value": "Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges."
{ }
"name" : "O-090", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/o-090.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9441", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9441" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4120", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/4120" ]
}, },
{ "references": {
"name" : "1008755", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1008755" "name": "O-090",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-090.shtml"
"name" : "11014", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11014" "name": "1008755",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1008755"
"name" : "ncf-tray-icon-gain-privileges(15367)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15367" "name": "ncf-tray-icon-gain-privileges(15367)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15367"
} },
} {
"name": "11014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11014"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10090585.htm"
},
{
"name": "4120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4120"
},
{
"name": "9441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9441"
}
]
}
}

140
2012/0xxx/CVE-2012-0299.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0299", "ID": "CVE-2012-0299",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00" "lang": "eng",
}, "value": "The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors."
{ }
"name" : "53443", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/53443" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "symantec-web-unspec-command-exec(75730)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75730" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "symantec-web-unspec-command-exec(75730)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75730"
},
{
"name": "53443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53443"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120517_00"
}
]
}
}

450
2012/0xxx/CVE-2012-0461.json
View File

@ -1,227 +1,227 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0461", "ID": "CVE-2012-0461",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657588", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=657588" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=730425", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=730425" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2433", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2433" ]
}, },
{ "references": {
"name" : "DSA-2458", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2458" "name": "openSUSE-SU-2012:0417",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
"name" : "MDVSA-2012:031", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" "name": "48402",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48402"
"name" : "MDVSA-2012:032", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" "name": "MDVSA-2012:031",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
"name" : "RHSA-2012:0387", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" "name": "48624",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48624"
"name" : "RHSA-2012:0388", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" "name": "SUSE-SU-2012:0424",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
"name" : "openSUSE-SU-2012:0417", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" "name": "USN-1400-5",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-5"
"name" : "SUSE-SU-2012:0424", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" "name": "48414",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48414"
"name" : "SUSE-SU-2012:0425", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" "name": "48359",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48359"
"name" : "USN-1400-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-3" "name": "48823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48823"
"name" : "USN-1400-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-4" "name": "USN-1401-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1401-1"
"name" : "USN-1400-5", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-5" "name": "USN-1400-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-4"
"name" : "USN-1400-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-2" "name": "48629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48629"
"name" : "USN-1401-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1401-1" "name": "USN-1400-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-3"
"name" : "USN-1400-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-1" "name": "RHSA-2012:0387",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
"name" : "oval:org.mitre.oval:def:15009", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009" "name": "48496",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48496"
"name" : "1026804", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026804" "name": "SUSE-SU-2012:0425",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
"name" : "1026801", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026801" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=730425",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=730425"
"name" : "1026803", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026803" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-19.html"
"name" : "48629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48629" "name": "USN-1400-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-2"
"name" : "48513", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48513" "name": "DSA-2458",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2458"
"name" : "48495", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48495" "name": "48920",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48920"
"name" : "48496", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48496" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=657588",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=657588"
"name" : "48553", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48553" "name": "DSA-2433",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2433"
"name" : "48561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48561" "name": "MDVSA-2012:032",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
"name" : "48624", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48624" "name": "1026803",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026803"
"name" : "48823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48823" "name": "48495",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48495"
"name" : "48920", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48920" "name": "48553",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48553"
"name" : "48402", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48402" "name": "USN-1400-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-1"
"name" : "48359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48359" "name": "48561",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48561"
"name" : "48414", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48414" "name": "RHSA-2012:0388",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
} },
} {
"name": "1026801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026801"
},
{
"name": "oval:org.mitre.oval:def:15009",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15009"
},
{
"name": "1026804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026804"
},
{
"name": "48513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48513"
}
]
}
}

220
2012/0xxx/CVE-2012-0604.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0604", "ID": "CVE-2012-0604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
{ }
"name" : "APPLE-SA-2012-03-07-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-03-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52365" ]
}, },
{ "references": {
"name" : "79926", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79926" "name": "52365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52365"
"name" : "oval:org.mitre.oval:def:17486", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17486" "name": "oval:org.mitre.oval:def:17486",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17486"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "APPLE-SA-2012-03-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "apple-webkit-cve20120604-code-execution(73823)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73823"
"name" : "apple-webkit-cve20120604-code-execution(73823)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73823" "name": "48274",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48274"
} },
} {
"name": "79926",
"refsource": "OSVDB",
"url": "http://osvdb.org/79926"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

170
2012/1xxx/CVE-2012-1039.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1039", "ID": "CVE-2012-1039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120229 Multiple XSS in Dotclear", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php."
{ }
"name" : "https://www.htbridge.ch/advisory/HTB23074", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.ch/advisory/HTB23074" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52221", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52221" ]
}, },
{ "references": {
"name" : "48209", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48209" "name": "https://www.htbridge.ch/advisory/HTB23074",
}, "refsource": "MISC",
{ "url": "https://www.htbridge.ch/advisory/HTB23074"
"name" : "dotclear-multiple-xss(73565)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73565" "name": "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2",
} "refsource": "CONFIRM",
] "url": "http://dotclear.org/blog/post/2012/02/11/Dotclear-2.4.2"
} },
} {
"name": "dotclear-multiple-xss(73565)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73565"
},
{
"name": "52221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52221"
},
{
"name": "20120229 Multiple XSS in Dotclear",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0183.html"
},
{
"name": "48209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48209"
}
]
}
}

34
2012/1xxx/CVE-2012-1553.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1553", "ID": "CVE-2012-1553",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2012/1xxx/CVE-2012-1706.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1706", "ID": "CVE-2012-1706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Logging."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53116", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026953", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026953" ]
} },
] "references": {
} "reference_data": [
} {
"name": "53116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53116"
},
{
"name": "1026953",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026953"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/1xxx/CVE-2012-1863.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1863", "ID": "CVE-2012-1863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-050", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka \"SharePoint Reflected List Parameter Vulnerability.\""
{ }
"name" : "TA12-192A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15689", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA12-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"name": "MS12-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050"
},
{
"name": "oval:org.mitre.oval:def:15689",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15689"
}
]
}
}

200
2012/4xxx/CVE-2012-4552.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4552", "ID": "CVE-2012-4552",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121029 Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/29/9" "lang": "eng",
}, "value": "Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, as demonstrated by a .ase file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871187", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871187" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-17465", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-17482", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html" ]
}, },
{ "references": {
"name" : "FEDORA-2012-17517", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html" "name": "87001",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/87001"
"name" : "openSUSE-SU-2012:1506", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html" "name": "51340",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51340"
"name" : "openSUSE-SU-2013:0146", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html" "name": "[oss-security] 20121029 Re: CVE Request: PLIB 1.8.5 ssg/ssgParser.cxx Buffer Overflow",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/10/29/9"
"name" : "87001", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/87001" "name": "FEDORA-2012-17465",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091937.html"
"name" : "51340", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51340" "name": "FEDORA-2012-17517",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091964.html"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=871187",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=871187"
},
{
"name": "openSUSE-SU-2012:1506",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00015.html"
},
{
"name": "FEDORA-2012-17482",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/091932.html"
}
]
}
}

150
2012/4xxx/CVE-2012-4733.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4733", "ID": "CVE-2012-4733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20130522 RT 4.0.13 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" "lang": "eng",
}, "value": "Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the DeleteTicket and \"custom lifecycle transition\" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors."
{ }
"name" : "[rt-announce] 20130522 Security vulnerabilities in RT", ]
"refsource" : "MLIST", },
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "93611", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/93611" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53522", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/53522" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[rt-announce] 20130522 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
},
{
"name": "93611",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93611"
},
{
"name": "[rt-announce] 20130522 RT 4.0.13 released",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}

130
2012/4xxx/CVE-2012-4824.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4824", "ID": "CVE-2012-4824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html" "lang": "eng",
}, "value": "Open redirect vulnerability in servlet/traveler in IBM Lotus Notes Traveler 8.5.3 before 8.5.3.3 Interim Fix 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirectURL parameter."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612229", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21612229" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121001 BF, XSS, CSRF and Redirector vulnerabilities in IBM Lotus Notes Traveler",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-10/0001.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21612229",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21612229"
}
]
}
}

34
2012/4xxx/CVE-2012-4979.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4979", "ID": "CVE-2012-4979",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2012/5xxx/CVE-2012-5676.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-5676", "ID": "CVE-2012-5676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-27.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and before 11.1.115.34 on Android 4.x; Adobe AIR before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X; and Adobe AIR SDK before 3.5.0.880 on Windows and before 3.5.0.890 on Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
{ }
"name" : "openSUSE-SU-2013:0139", ]
"refsource" : "SUSE", },
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:0368", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0368",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00033.html"
},
{
"name": "openSUSE-SU-2013:0139",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00014.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-27.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-27.html"
}
]
}
}

132
2017/2xxx/CVE-2017-2726.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-2726", "ID": "CVE-2017-2726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "P10 Plus,P10", "product_name": "P10 Plus,P10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions" "version_value": "Eariler than VKY-AL00C00B123 verisons,Earlier than VTR-AL00C00B123 versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en" "lang": "eng",
}, "value": "Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer overflow in the next system reboot, causing continuous system reboot or arbitrary code execution."
{ }
"name" : "97696", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97696" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97696"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170405-01-smartphone-en"
}
]
}
}

132
2017/2xxx/CVE-2017-2814.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-07-11T00:00:00", "DATE_PUBLIC": "2017-07-11T00:00:00",
"ID" : "CVE-2017-2814", "ID": "CVE-2017-2814",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Poppler", "product_name": "Poppler",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.53.0" "version_value": "0.53.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Poppler" "vendor_name": "Poppler"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311" "lang": "eng",
}, "value": "An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurred, resulting in heap corruption which can lead to code execution. An attacker controlled PDF file can be used to trigger this vulnerability."
{ }
"name" : "99497", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99497" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "heap overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0311"
},
{
"name": "99497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99497"
}
]
}
}

170
2017/3xxx/CVE-2017-3077.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3077", "ID": "CVE-2017-3077",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Flash Player 25.0.0.171 and earlier.", "product_name": "Adobe Flash Player 25.0.0.171 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Flash Player 25.0.0.171 and earlier." "version_value": "Adobe Flash Player 25.0.0.171 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42248", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42248/" "lang": "eng",
}, "value": "Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201707-15", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201707-15" "lang": "eng",
}, "value": "Memory Corruption"
{ }
"name" : "RHSA-2017:1439", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:1439" ]
}, },
{ "references": {
"name" : "99025", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99025" "name": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html",
}, "refsource": "CONFIRM",
{ "url": "https://helpx.adobe.com/security/products/flash-player/apsb17-17.html"
"name" : "1038655", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038655" "name": "99025",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/99025"
} },
} {
"name": "1038655",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038655"
},
{
"name": "42248",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42248/"
},
{
"name": "RHSA-2017:1439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1439"
},
{
"name": "GLSA-201707-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-15"
}
]
}
}

152
2017/3xxx/CVE-2017-3321.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3321", "ID": "CVE-2017-3321",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Cluster", "product_name": "MySQL Cluster",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2.19 and earlier" "version_value": "7.2.19 and earlier"
}, },
{ {
"version_value" : "7.3.8 and earlier" "version_value": "7.3.8 and earlier"
}, },
{ {
"version_value" : "7.4.5 and earlier" "version_value": "7.4.5 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General). Supported versions that are affected are 7.2.19 and earlier, 7.3.8 and earlier and 7.4.5 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 3.7 (Availability impacts)."
{ }
"name" : "95562", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95562" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037640", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037640" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "95562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95562"
},
{
"name": "1037640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

166
2017/3xxx/CVE-2017-3479.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3479", "ID": "CVE-2017-3479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FLEXCUBE Private Banking", "product_name": "FLEXCUBE Private Banking",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "2.0.0" "version_value": "2.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "2.0.1" "version_value": "2.0.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "2.2.0.1" "version_value": "2.2.0.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.0.1" "version_value": "12.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking. CVSS 3.0 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L)."
{ }
"name" : "97805", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97805" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038304", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038304" "lang": "eng",
} "value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Private Banking."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97805",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97805"
}
]
}
}

160
2017/6xxx/CVE-2017-6469.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6469", "ID": "CVE-2017-6469",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346" "lang": "eng",
}, "value": "In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS dissector crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-ldss.c by ensuring that memory is allocated for a certain data structure."
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7", ]
"refsource" : "CONFIRM", },
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.wireshark.org/security/wnpa-sec-2017-03.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2017-03.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3811", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3811" ]
}, },
{ "references": {
"name" : "96577", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96577" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7",
} "refsource": "CONFIRM",
] "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7"
} },
} {
"name": "https://www.wireshark.org/security/wnpa-sec-2017-03.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-03.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346"
},
{
"name": "96577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96577"
},
{
"name": "DSA-3811",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3811"
}
]
}
}

210
2017/7xxx/CVE-2017-7890.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7890", "ID": "CVE-2017-7890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://php.net/ChangeLog-5.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP before 5.6.31 and 7.x before 7.1.7, does not zero colorMap arrays before use. A specially crafted GIF image could use the uninitialized tables to read ~700 bytes from the top of the stack, potentially disclosing sensitive information."
{ }
"name" : "http://php.net/ChangeLog-7.php", ]
"refsource" : "CONFIRM", },
"url" : "http://php.net/ChangeLog-7.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.php.net/bug.php?id=74435", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.php.net/bug.php?id=74435" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038" ]
}, },
{ "references": {
"name" : "https://www.tenable.com/security/tns-2017-12", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.tenable.com/security/tns-2017-12" "name": "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/patch-display.php?bug=74435&patch=fix-74435-php-7.0&revision=1497970038"
"name" : "https://security.netapp.com/advisory/ntap-20180112-0001/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20180112-0001/" "name": "https://www.tenable.com/security/tns-2017-12",
}, "refsource": "CONFIRM",
{ "url": "https://www.tenable.com/security/tns-2017-12"
"name" : "DSA-3938", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3938" "name": "DSA-3938",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3938"
"name" : "RHSA-2018:0406", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0406" "name": "RHSA-2018:1296",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1296"
"name" : "RHSA-2018:1296", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1296" "name": "http://php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://php.net/ChangeLog-5.php"
"name" : "99492", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99492" "name": "https://security.netapp.com/advisory/ntap-20180112-0001/",
} "refsource": "CONFIRM",
] "url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
} },
} {
"name": "99492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99492"
},
{
"name": "http://php.net/ChangeLog-7.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-7.php"
},
{
"name": "RHSA-2018:0406",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0406"
},
{
"name": "https://bugs.php.net/bug.php?id=74435",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=74435"
}
]
}
}

142
2017/8xxx/CVE-2017-8260.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-07-01T00:00:00", "DATE_PUBLIC": "2017-07-01T00:00:00",
"ID" : "CVE-2017-8260", "ID": "CVE-2017-8260",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "All Qualcomm products", "product_name": "All Qualcomm products",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in Camera"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c" "lang": "eng",
}, "value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later."
{ }
"name" : "https://source.android.com/security/bulletin/2017-07-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/2017-07-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99465", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99465" "lang": "eng",
} "value": "Improper Input Validation in Camera"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "99465",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99465"
},
{
"name": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c",
"refsource": "MISC",
"url": "https://github.com/ScottyBauer/Android_Kernel_CVE_POCs/blob/master/CVE-2017-8260.c"
}
]
}
}

160
2018/10xxx/CVE-2018-10472.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10472", "ID": "CVE-2018-10472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html" "lang": "eng",
}, "value": "An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS users (in certain configurations) to read arbitrary dom0 files via QMP live insertion of a CDROM, in conjunction with specifying the target file as the backing file of a snapshot."
{ }
"name" : "https://xenbits.xen.org/xsa/advisory-258.html", ]
"refsource" : "CONFIRM", },
"url" : "https://xenbits.xen.org/xsa/advisory-258.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4201", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4201" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201810-06", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201810-06" ]
}, },
{ "references": {
"name" : "104002", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104002" "name": "GLSA-201810-06",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201810-06"
} },
} {
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1559-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00021.html"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-258.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-258.html"
},
{
"name": "104002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104002"
},
{
"name": "DSA-4201",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4201"
}
]
}
}

130
2018/10xxx/CVE-2018-10476.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-10476", "ID": "CVE-2018-10476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-386", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-386" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D Model Node structures. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5395."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-386",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-386"
}
]
}
}

120
2018/10xxx/CVE-2018-10652.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10652", "ID": "CVE-2018-10652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.citrix.com/article/CTX234879", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.citrix.com/article/CTX234879" "lang": "eng",
} "value": "There is a Sensitive Data Leakage issue in Citrix XenMobile Server 10.7 before RP3."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX234879",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234879"
}
]
}
}

34
2018/14xxx/CVE-2018-14168.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14168", "ID": "CVE-2018-14168",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17224.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17224", "ID": "CVE-2018-17224",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17257.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-17257", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-17257",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17460.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17460", "ID": "CVE-2018-17460",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/17xxx/CVE-2018-17511.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17511", "ID": "CVE-2018-17511",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/17xxx/CVE-2018-17974.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17974", "ID": "CVE-2018-17974",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay" "lang": "eng",
}, "value": "An issue was discovered in Tcpreplay 4.3.0 beta1. A heap-based buffer over-read was triggered in the function dlt_en10mb_encode() of the file plugins/dlt_en10mb/en10mb.c, due to inappropriate values in the function memmove(). The length (pktlen + ctx -> l2len) can be larger than source value (packet + ctx->l2len) because the function fails to ensure the length of a packet is valid. This leads to Denial of Service."
{ }
"name" : "https://github.com/appneta/tcpreplay/issues/486", ]
"refsource" : "MISC", },
"url" : "https://github.com/appneta/tcpreplay/issues/486" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/appneta/tcpreplay/issues/486",
"refsource": "MISC",
"url": "https://github.com/appneta/tcpreplay/issues/486"
},
{
"name": "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay",
"refsource": "MISC",
"url": "https://github.com/SegfaultMasters/covering360/tree/master/tcpreplay"
}
]
}
}

34
2018/20xxx/CVE-2018-20183.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20183", "ID": "CVE-2018-20183",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/20xxx/CVE-2018-20216.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20216", "ID": "CVE-2018-20216",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/12/19/2" "lang": "eng",
}, "value": "QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled)."
{ }
"name" : "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines", ]
"refsource" : "MLIST", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106291", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106291" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20181219 CVE-2018-20216 QEMU: pvrdma: infinite loop in pvrdma_qp_send/recv",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/12/19/2"
},
{
"name": "[qemu-devel] 20181213 Re: [PATCH v2 6/6] pvrdma: check return value from pvrdma_idx_ring_has_ routines",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03052.html"
},
{
"name": "106291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106291"
}
]
}
}

34
2018/20xxx/CVE-2018-20256.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20256", "ID": "CVE-2018-20256",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20632.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20632", "ID": "CVE-2018-20632",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20705.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20705", "ID": "CVE-2018-20705",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

144
2018/9xxx/CVE-2018-9072.json
View File

@ -1,74 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@lenovo.com", "ASSIGNER": "psirt@lenovo.com",
"ID" : "CVE-2018-9072", "ID": "CVE-2018-9072",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "LXCI for VMware" "TITLE": "LXCI for VMware"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LXCI for VMware", "product_name": "LXCI for VMware",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "5.5" "version_value": "5.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Lenovo" "vendor_name": "Lenovo"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.lenovo.com/us/en/solutions/LEN-23800", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.lenovo.com/us/en/solutions/LEN-23800" "lang": "eng",
} "value": "In versions prior to 5.5, LXCI for VMware allows an authenticated user to download any system file due to insufficient input sanitization during file downloads."
] }
}, ]
"solution" : [ },
{ "problemtype": {
"lang" : "eng", "problemtype_data": [
"value" : "Update LXCI for VMware to version 5.5 or higher." {
} "description": [
], {
"source" : { "lang": "eng",
"advisory" : "LEN-23800", "value": "Privilege escalation"
"discovery" : "INTERNAL" }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.lenovo.com/us/en/solutions/LEN-23800",
"refsource": "CONFIRM",
"url": "https://support.lenovo.com/us/en/solutions/LEN-23800"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Update LXCI for VMware to version 5.5 or higher."
}
],
"source": {
"advisory": "LEN-23800",
"discovery": "INTERNAL"
}
}

34
2018/9xxx/CVE-2018-9379.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9379", "ID": "CVE-2018-9379",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9424.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9424", "ID": "CVE-2018-9424",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/9xxx/CVE-2018-9446.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-9446", "ID": "CVE-2018-9446",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-08-01" "lang": "eng",
}, "value": "In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946."
{ }
"name" : "1041432", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}

120
2018/9xxx/CVE-2018-9576.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9576", "ID": "CVE-2018-9576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-9" "version_value": "Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
} "value": "In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-116715245."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
}

120
2018/9xxx/CVE-2018-9991.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9991", "ID": "CVE-2018-9991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63" "lang": "eng",
} "value": "Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63",
"refsource": "MISC",
"url": "https://gist.github.com/prafagr/98e625d2da82c5b9a7d75e6c3e947a63"
}
]
}
}