admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:04:26 +00:00
parent 3ccf9564eb
commit 9081ef56ee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3699 additions and 3699 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

168
2001/0xxx/CVE-2001-0142.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0142", "ID": "CVE-2001-0142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010112 Trustix Security Advisory - diffutils squid", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html" "lang": "eng",
}, "value": "squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations."
{ }
"name" : "20010110 Immunix OS Security update for lots of temp file problems", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=97916374410647&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2001:003", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-019", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2001/dsa-019" ]
}, },
{ "references": {
"name" : "squid-email-symlink(5921)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5921" "name": "20010110 Immunix OS Security update for lots of temp file problems",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=97916374410647&w=2"
"name" : "2184", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2184" "name": "2184",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/2184"
} },
{
"name": "DSA-019",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-019"
},
{
"name": "squid-email-symlink(5921)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5921"
},
{
"name": "MDKSA-2001:003",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3"
},
{
"name": "20010112 Trustix Security Advisory - diffutils squid",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html"
}
]
}
} }

198
2001/0xxx/CVE-2001-0169.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0169", "ID": "CVE-2001-0169",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDKSA-2001:012", "description_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2" "lang": "eng",
}, "value": "When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib."
{ }
"name" : "SuSE-SA:2001:01", ]
"refsource" : "SUSE", },
"url" : "http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CSSA-2001-007", "description": [
"refsource" : "CALDERA", {
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2001:002", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2001-002.html" ]
}, },
{ "references": {
"name" : "DSA-039", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2001/dsa-039" "name": "SuSE-SA:2001:01",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html"
"name" : "TLSA2000021-2", },
"refsource" : "TURBO", {
"url" : "http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html" "name": "DSA-039",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2001/dsa-039"
"name" : "20010121 Trustix Security Advisory - glibc", },
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/157650" "name": "linux-glibc-preload-overwrite(5971)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5971"
"name" : "2223", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2223" "name": "2223",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/2223"
"name" : "linux-glibc-preload-overwrite(5971)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5971" "name": "20010121 Trustix Security Advisory - glibc",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/157650"
} },
{
"name": "MDKSA-2001:012",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2"
},
{
"name": "RHSA-2001:002",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-002.html"
},
{
"name": "TLSA2000021-2",
"refsource": "TURBO",
"url": "http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html"
},
{
"name": "CSSA-2001-007",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt"
}
]
}
} }

158
2001/0xxx/CVE-2001-0413.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0413", "ID": "CVE-2001-0413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010404 BinTec X4000 Access Router DoS Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=98644414226344&w=2" "lang": "eng",
}, "value": "BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang."
{ }
"name" : "20010406 X4000 DoS: Details and workaround", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=98659862317070&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20010410 BinTec Router DoS: Workaround and Details", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20010409 BINTEC X1200", ]
"refsource" : "BUGTRAQ", }
"url" : "http://marc.info/?l=bugtraq&m=98697054804197&w=2" ]
}, },
{ "references": {
"name" : "bintec-x4000-nmap-dos(6323)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6323" "name": "20010409 BINTEC X1200",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=98697054804197&w=2"
} },
{
"name": "20010404 BinTec X4000 Access Router DoS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98644414226344&w=2"
},
{
"name": "bintec-x4000-nmap-dos(6323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6323"
},
{
"name": "20010410 BinTec Router DoS: Workaround and Details",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html"
},
{
"name": "20010406 X4000 DoS: Details and workaround",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98659862317070&w=2"
}
]
}
} }

128
2001/0xxx/CVE-2001-0785.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0785", "ID": "CVE-2001-0785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010618 Multiple Vulnerabilities In AMLServer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html" "lang": "eng",
}, "value": "Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack."
{ }
"name" : "2883", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2883" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2883"
},
{
"name": "20010618 Multiple Vulnerabilities In AMLServer",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html"
}
]
}
} }

138
2001/1xxx/CVE-2001-1295.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1295", "ID": "CVE-2001-1295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes" "lang": "eng",
}, "value": "Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command."
{ }
"name" : "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html", ]
"refsource" : "MISC", },
"url" : "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cerberus-ftp-directory-traversal(7004)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7004.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes",
"refsource": "CONFIRM",
"url": "http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes"
},
{
"name": "cerberus-ftp-directory-traversal(7004)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7004.php"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5SP0M0055W.html"
}
]
}
} }

148
2001/1xxx/CVE-2001-1452.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1452", "ID": "CVE-2001-1452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "Q241352", "description_data": [
"refsource" : "MSKB", {
"url" : "http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352" "lang": "eng",
}, "value": "By default, DNS servers on Windows NT 4.0 and Windows 2000 Server cache glue records received from non-delegated name servers, which allows remote attackers to poison the DNS cache via spoofed DNS responses."
{ }
"name" : "VU#109475", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/109475" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6791", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6791" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nt-ms-dns-cachepollution(3675)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3675" ]
} },
] "references": {
} "reference_data": [
{
"name": "nt-ms-dns-cachepollution(3675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3675"
},
{
"name": "6791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6791"
},
{
"name": "VU#109475",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/109475"
},
{
"name": "Q241352",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=KB;en-us;q241352"
}
]
}
} }

178
2006/2xxx/CVE-2006-2087.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2087", "ID": "CVE-2006-2087",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html" "lang": "eng",
}, "value": "The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote attackers to cause a denial of service (application hang or erroneous behavior) via an attachment with an MS-DOS device filename."
{ }
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#89344424", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/jp/JVN%2389344424/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1539", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1539" ]
}, },
{ "references": {
"name" : "24969", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/24969" "name": "hitachi-groupmax-client-dos(26099)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26099"
"name" : "19840", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19840" "name": "JVN#89344424",
}, "refsource": "JVN",
{ "url": "http://jvn.jp/jp/JVN%2389344424/index.html"
"name" : "hitachi-groupmax-client-dos(26099)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26099" "name": "19840",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/19840"
} },
{
"name": "24969",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24969"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/01-e.html"
},
{
"name": "ADV-2006-1539",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1539"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-006_e/index-e.html"
}
]
}
} }

148
2006/2xxx/CVE-2006-2131.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2131", "ID": "CVE-2006-2131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://evuln.com/vulns/131/summary.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://evuln.com/vulns/131/summary.html" "lang": "eng",
}, "value": "include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions."
{ }
"name" : "ADV-2006-1603", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1603" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19899", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19899" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "advancedpoll-header-spoofing(26154)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://evuln.com/vulns/131/summary.html",
"refsource": "MISC",
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"name": "19899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19899"
},
{
"name": "advancedpoll-header-spoofing(26154)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26154"
},
{
"name": "ADV-2006-1603",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1603"
}
]
}
} }

178
2006/2xxx/CVE-2006-2928.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2928", "ID": "CVE-2006-2928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060608 cms-bandits 2.5, Remote command execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/436430/100/0/threaded" "lang": "eng",
}, "value": "Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter in (1) dialogs/img.php and (2) dialogs/td.php."
{ }
"name" : "ADV-2006-2211", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/2211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "26241", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/26241" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "26242", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/26242" ]
}, },
{ "references": {
"name" : "20507", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20507" "name": "ADV-2006-2211",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2211"
"name" : "1068", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1068" "name": "20060608 cms-bandits 2.5, Remote command execution",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/436430/100/0/threaded"
"name" : "cmsbandits-spawroot-file-include(27001)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27001" "name": "26241",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/26241"
} },
{
"name": "26242",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26242"
},
{
"name": "cmsbandits-spawroot-file-include(27001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27001"
},
{
"name": "1068",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1068"
},
{
"name": "20507",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20507"
}
]
}
} }

148
2008/5xxx/CVE-2008-5380.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5380", "ID": "CVE-2008-5380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html" "lang": "eng",
}, "value": "gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite arbitrary files via a symlink attack on an (a) /tmp/geo#####, a (b) /tmp/geocaching.loc, a (c) /tmp/geo#####.*, or a (d) /tmp/geo.* temporary file, related to the (1) geo-code and (2) geo-nearest scripts, different vectors than CVE-2008-4959."
{ }
"name" : "FEDORA-2009-1366", ]
"refsource" : "FEDORA", },
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33825", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33825" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31694", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31694" ]
} },
] "references": {
} "reference_data": [
{
"name": "FEDORA-2009-1366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00187.html"
},
{
"name": "31694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31694"
},
{
"name": "33825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33825"
},
{
"name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html"
}
]
}
} }

198
2008/5xxx/CVE-2008-5731.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5731", "ID": "CVE-2008-5731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a \"Driver Collapse.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081223 PGP Desktop 9.0.6 Denial Of Service - ZeroDay", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499572/100/0/threaded" "lang": "eng",
}, "value": "The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP Desktop 9.0.6 build 6060 and 9.9.0 build 397 allows local users to cause a denial of service (system crash) and possibly gain privileges via a certain METHOD_BUFFERED IOCTL request that overwrites portions of memory, related to a \"Driver Collapse.\" NOTE: some of these details are obtained from third party information."
{ }
"name" : "7556", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/7556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php", ]
"refsource" : "MISC", }
"url" : "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php" ]
}, },
{ "references": {
"name" : "32991", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32991" "name": "1021493",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021493"
"name" : "50914", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50914" "name": "20081223 PGP Desktop 9.0.6 Denial Of Service - ZeroDay",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/499572/100/0/threaded"
"name" : "1021493", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021493" "name": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php",
}, "refsource": "MISC",
{ "url": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service_POC.php"
"name" : "33310", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33310" "name": "33310",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33310"
"name" : "4811", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4811" "name": "7556",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/7556"
} },
{
"name": "32991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32991"
},
{
"name": "4811",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4811"
},
{
"name": "50914",
"refsource": "OSVDB",
"url": "http://osvdb.org/50914"
},
{
"name": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php",
"refsource": "MISC",
"url": "http://www.evilfingers.com/advisory/PGPDesktop_9_0_6_Denial_Of_Service.php"
}
]
}
} }

148
2008/5xxx/CVE-2008-5762.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5762", "ID": "CVE-2008-5762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7444", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7444" "lang": "eng",
}, "value": "Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for slog_users.txt."
{ }
"name" : "50712", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/50712" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33110", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33110" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4847", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4847" ]
} },
] "references": {
} "reference_data": [
{
"name": "7444",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7444"
},
{
"name": "50712",
"refsource": "OSVDB",
"url": "http://osvdb.org/50712"
},
{
"name": "33110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33110"
},
{
"name": "4847",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4847"
}
]
}
} }

32
2011/2xxx/CVE-2011-2056.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2056", "ID": "CVE-2011-2056",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2011/2xxx/CVE-2011-2162.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2162", "ID": "CVE-2011-2162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues \"originally discovered by Google Chrome developers.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDVSA-2011:059", "description_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact and attack vectors, related to issues \"originally discovered by Google Chrome developers.\""
{ }
"name" : "MDVSA-2011:060", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2011:061", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2011:062", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062" ]
}, },
{ "references": {
"name" : "MDVSA-2011:088", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088" "name": "MDVSA-2011:088",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:088"
"name" : "MDVSA-2011:089", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089" "name": "MDVSA-2011:061",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:061"
} },
{
"name": "MDVSA-2011:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:062"
},
{
"name": "MDVSA-2011:089",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:089"
},
{
"name": "MDVSA-2011:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:059"
},
{
"name": "MDVSA-2011:060",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:060"
}
]
}
} }

208
2011/2xxx/CVE-2011-2196.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2196", "ID": "CVE-2011-2196",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=712283", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=712283" "lang": "eng",
}, "value": "jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly restrict use of Expression Language (EL) statements in FacesMessages during page exception handling, which allows remote attackers to execute arbitrary Java code via a crafted URL to an application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1484."
{ }
"name" : "RHSA-2011:0945", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0945.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2011:0946", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0946.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2011:0947", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0947.html" ]
}, },
{ "references": {
"name" : "RHSA-2011:0948", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0948.html" "name": "48716",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48716"
"name" : "RHSA-2011:0949", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0949.html" "name": "RHSA-2011:0946",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0946.html"
"name" : "RHSA-2011:0950", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0950.html" "name": "RHSA-2011:0948",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0948.html"
"name" : "RHSA-2011:0951", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0951.html" "name": "RHSA-2011:0949",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0949.html"
"name" : "RHSA-2011:0952", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-0952.html" "name": "RHSA-2011:0951",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2011-0951.html"
"name" : "48716", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48716" "name": "RHSA-2011:0945",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-0945.html"
} },
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=712283",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712283"
},
{
"name": "RHSA-2011:0950",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0950.html"
},
{
"name": "RHSA-2011:0947",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0947.html"
},
{
"name": "RHSA-2011:0952",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0952.html"
}
]
}
} }

148
2011/2xxx/CVE-2011-2443.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2011-2443", "ID": "CVE-2011-2443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "17918", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/17918/" "lang": "eng",
}, "value": "Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted (1) .grd or (2) .abr file, a related issue to CVE-2010-1296."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.adobe.com/support/security/advisories/apsa11-03.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/advisories/apsa11-03.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8410", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/8410" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5049.php"
},
{
"name": "8410",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8410"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa11-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa11-03.html"
},
{
"name": "17918",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/17918/"
}
]
}
} }

178
2011/2xxx/CVE-2011-2887.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2887", "ID": "CVE-2011-2887",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements" "lang": "eng",
}, "value": "IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document."
{ }
"name" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21505448", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21505448" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm", ]
"refsource" : "CONFIRM", }
"url" : "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm" ]
}, },
{ "references": {
"name" : "48936", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48936" "name": "lotus-symphony-document-dos(68889)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68889"
"name" : "74163", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/74163" "name": "48936",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48936"
"name" : "lotus-symphony-document-dos(68889)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68889" "name": "http://www.ibm.com/support/docview.wss?uid=swg21505448",
} "refsource": "CONFIRM",
] "url": "http://www.ibm.com/support/docview.wss?uid=swg21505448"
} },
{
"name": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/software/lotus/symphony/buzz.nsf/web_DisPlayPlugin?open&unid=9717F6F587AAA939852578D300404BCF&category=announcements"
},
{
"name": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/jct03001c/software/lotus/symphony/idcontents/releasenotes/en/readme_embedded_in_fixpack3_long.htm"
},
{
"name": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/software/lotus/symphony/idcontents/releasenotes/en/readme_fixpack3_standalone_long.htm"
},
{
"name": "74163",
"refsource": "OSVDB",
"url": "http://osvdb.org/74163"
}
]
}
} }

168
2011/3xxx/CVE-2011-3009.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3009", "ID": "CVE-2011-3009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/07/20/1" "lang": "eng",
}, "value": "Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900."
{ }
"name" : "http://redmine.ruby-lang.org/issues/show/4338", ]
"refsource" : "MISC", },
"url" : "http://redmine.ruby-lang.org/issues/show/4338" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2011:1581", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2011-1581.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:0070", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0070.html" ]
}, },
{ "references": {
"name" : "49126", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49126" "name": "49126",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/49126"
"name" : "ruby-random-number-weak-security(69157)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157" "name": "RHSA-2011:1581",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2011-1581.html"
} },
{
"name": "ruby-random-number-weak-security(69157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69157"
},
{
"name": "RHSA-2012:0070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0070.html"
},
{
"name": "http://redmine.ruby-lang.org/issues/show/4338",
"refsource": "MISC",
"url": "http://redmine.ruby-lang.org/issues/show/4338"
},
{
"name": "[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/20/1"
}
]
}
} }

198
2011/3xxx/CVE-2011-3343.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-3343", "ID": "CVE-2011-3343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110902 CVE request for OpenTTD", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/09/02/4" "lang": "eng",
}, "value": "Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted dimensions in a BMP file."
{ }
"name" : "[oss-security] 20110906 Re: CVE request for OpenTTD", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/09/06/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.openttd.org/task/4746", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.openttd.org/task/4746" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.openttd.org/task/4747", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.openttd.org/task/4747" ]
}, },
{ "references": {
"name" : "http://security.openttd.org/en/CVE-2011-3343", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://security.openttd.org/en/CVE-2011-3343" "name": "http://security.openttd.org/en/CVE-2011-3343",
}, "refsource": "CONFIRM",
{ "url": "http://security.openttd.org/en/CVE-2011-3343"
"name" : "DSA-2386", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2386" "name": "FEDORA-2011-12975",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html"
"name" : "FEDORA-2011-12975", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html" "name": "46075",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/46075"
"name" : "49439", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49439" "name": "DSA-2386",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2386"
"name" : "46075", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/46075" "name": "http://bugs.openttd.org/task/4746",
} "refsource": "CONFIRM",
] "url": "http://bugs.openttd.org/task/4746"
} },
{
"name": "[oss-security] 20110902 CVE request for OpenTTD",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/02/4"
},
{
"name": "http://bugs.openttd.org/task/4747",
"refsource": "CONFIRM",
"url": "http://bugs.openttd.org/task/4747"
},
{
"name": "49439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49439"
},
{
"name": "[oss-security] 20110906 Re: CVE request for OpenTTD",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/09/06/2"
}
]
}
} }

158
2011/3xxx/CVE-2011-3411.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2011-3411", "ID": "CVE-2011-3411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka \"Publisher Invalid Pointer Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS11-091", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091" "lang": "eng",
}, "value": "Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka \"Publisher Invalid Pointer Vulnerability.\""
{ }
"name" : "TA11-347A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA11-347A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#361441", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/361441" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14346", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14346" ]
}, },
{ "references": {
"name" : "1026414", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026414" "name": "oval:org.mitre.oval:def:14346",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14346"
} },
{
"name": "TA11-347A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA11-347A.html"
},
{
"name": "VU#361441",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/361441"
},
{
"name": "1026414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026414"
},
{
"name": "MS11-091",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-091"
}
]
}
} }

138
2011/4xxx/CVE-2011-4297.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-4297", "ID": "CVE-2011-4297",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/11/14/1" "lang": "eng",
}, "value": "comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://moodle.org/mod/forum/discuss.php?d=182740", "description": [
"refsource" : "CONFIRM", {
"url" : "http://moodle.org/mod/forum/discuss.php?d=182740" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/11/14/1"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=182740",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=182740"
}
]
}
} }

118
2013/0xxx/CVE-2013-0113.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-0113", "ID": "CVE-2013-0113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#248449", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/248449" "lang": "eng",
} "value": "Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#248449",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248449"
}
]
}
} }

188
2013/0xxx/CVE-2013-0334.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0334", "ID": "CVE-2013-0334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html" "lang": "eng",
}, "value": "Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source."
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2014-11630", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2014-11649", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html" ]
}, },
{ "references": {
"name" : "FEDORA-2014-11677", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html" "name": "GLSA-201609-02",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201609-02"
"name" : "GLSA-201609-02", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201609-02" "name": "FEDORA-2014-11649",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140609.html"
"name" : "openSUSE-SU-2015:0628", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html" "name": "FEDORA-2014-11630",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140654.html"
"name" : "70099", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/70099" "name": "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html",
} "refsource": "CONFIRM",
] "url": "http://bundler.io/blog/2014/08/14/bundler-may-install-gems-from-a-different-source-than-expected-cve-2013-0334.html"
} },
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2014-11677",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-October/140655.html"
},
{
"name": "openSUSE-SU-2015:0628",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00092.html"
},
{
"name": "70099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70099"
}
]
}
} }

32
2013/0xxx/CVE-2013-0497.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0497", "ID": "CVE-2013-0497",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2013/1xxx/CVE-2013-1532.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-1532", "ID": "CVE-2013-1532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema."
{ }
"name" : "GLSA-201308-06", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:150", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0772", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0772.html" ]
}, },
{ "references": {
"name" : "53372", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53372" "name": "53372",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/53372"
} },
{
"name": "GLSA-201308-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "RHSA-2013:0772",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0772.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

32
2013/4xxx/CVE-2013-4176.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4176", "ID": "CVE-2013-4176",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2013/4xxx/CVE-2013-4585.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4585", "ID": "CVE-2013-4585",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2013/5xxx/CVE-2013-5210.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5210", "ID": "CVE-2013-5210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://supportforums.adtran.com/docs/DOC-6414", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://supportforums.adtran.com/docs/DOC-6414" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf",
"refsource": "CONFIRM",
"url": "https://supportforums.adtran.com/servlet/JiveServlet/downloadBody/6414-102-3-7862/NetVanta%207000%20Series%20Products%20AOS%20R10.8.1%20Release%20Notes.pdf"
},
{
"name": "https://supportforums.adtran.com/docs/DOC-6414",
"refsource": "CONFIRM",
"url": "https://supportforums.adtran.com/docs/DOC-6414"
}
]
}
} }

128
2013/5xxx/CVE-2013-5221.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5221", "ID": "CVE-2013-5221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41497", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.esri.com/en/knowledgebase/techarticles/detail/41497" "lang": "eng",
}, "value": "The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges."
{ }
"name" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009", ]
"refsource" : "CONFIRM", },
"url" : "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.esri.com/en/knowledgebase/techarticles/detail/41497",
"refsource": "CONFIRM",
"url": "http://support.esri.com/en/knowledgebase/techarticles/detail/41497"
},
{
"name": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009",
"refsource": "CONFIRM",
"url": "http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009"
}
]
}
} }

288
2013/5xxx/CVE-2013-5223.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5223", "ID": "CVE-2013-5223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Nov/76" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl."
{ }
"name" : "http://packetstormsecurity.com/files/123976", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/123976" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002", "description": [
"refsource" : "CONFIRM", {
"url" : "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99603", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/99603" ]
}, },
{ "references": {
"name" : "99604", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99604" "name": "99611",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99611"
"name" : "99605", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99605" "name": "99609",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99609"
"name" : "99606", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99606" "name": "dlink-cve20135223-xss(88723)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723"
"name" : "99607", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99607" "name": "dlink-cve20135223-multiple-xss(88724)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724"
"name" : "99608", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99608" "name": "99605",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99605"
"name" : "99609", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99609" "name": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002",
}, "refsource": "CONFIRM",
{ "url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10002"
"name" : "99610", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99610" "name": "99607",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99607"
"name" : "99611", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99611" "name": "99608",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99608"
"name" : "99612", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99612" "name": "99606",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99606"
"name" : "99613", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99613" "name": "99610",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99610"
"name" : "99615", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99615" "name": "99604",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99604"
"name" : "99616", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/99616" "name": "99615",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/99615"
"name" : "dlink-cve20135223-multiple-xss(88724)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88724" "name": "20131110 D-Link Router 2760N (DSL-2760U-BN) Multiple XSS",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Nov/76"
"name" : "dlink-cve20135223-xss(88723)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88723" "name": "99603",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/99603"
} },
{
"name": "99612",
"refsource": "OSVDB",
"url": "http://osvdb.org/99612"
},
{
"name": "99616",
"refsource": "OSVDB",
"url": "http://osvdb.org/99616"
},
{
"name": "http://packetstormsecurity.com/files/123976",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123976"
},
{
"name": "99613",
"refsource": "OSVDB",
"url": "http://osvdb.org/99613"
}
]
}
} }

32
2013/5xxx/CVE-2013-5687.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5687", "ID": "CVE-2013-5687",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2013/5xxx/CVE-2013-5793.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-5793", "ID": "CVE-2013-5793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2013-5786."
{ }
"name" : "GLSA-201409-04", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201409-04.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "63116", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63116" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029184", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029184" ]
} },
] "references": {
} "reference_data": [
{
"name": "63116",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63116"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
},
{
"name": "1029184",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029184"
},
{
"name": "GLSA-201409-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201409-04.xml"
}
]
}
} }

32
2014/2xxx/CVE-2014-2696.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2696", "ID": "CVE-2014-2696",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2017/0xxx/CVE-2017-0040.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0040", "ID": "CVE-2017-0040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer", "product_name": "Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "The scripting engine in Microsoft Internet Explorer 9 through 11" "version_value": "The scripting engine in Microsoft Internet Explorer 9 through 11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf" "lang": "eng",
}, "value": "The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Scripting Engine Memory Corruption Vulnerability.\" This vulnerability is different from that described in CVE-2017-0130."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96094", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96094" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1038008", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1038008" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/files/documents/advisory/reversesegment.pdf"
},
{
"name": "96094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96094"
},
{
"name": "1038008",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038008"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0040"
}
]
}
} }

174
2017/0xxx/CVE-2017-0489.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0489", "ID": "CVE-2017-0489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107."
{ }
"name" : "96792", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96792" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "96792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96792"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
}
]
}
} }

142
2017/1000xxx/CVE-2017-1000421.json
View File

@ -1,74 +1,74 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000421", "ID": "CVE-2017-1000421",
"REQUESTER" : "junxzm@hotmail.com", "REQUESTER": "junxzm@hotmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Gifsicle (Gifview)", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.89 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Eddie Kohler" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-After-Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html" "lang": "eng",
}, "value": "Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution"
{ }
"name" : "https://github.com/kohler/gifsicle/issues/114", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/kohler/gifsicle/issues/114" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4084", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4084" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1233-1] gifsicle security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00006.html"
},
{
"name": "DSA-4084",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4084"
},
{
"name": "https://github.com/kohler/gifsicle/issues/114",
"refsource": "CONFIRM",
"url": "https://github.com/kohler/gifsicle/issues/114"
}
]
}
} }

122
2017/1000xxx/CVE-2017-1000453.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000453", "ID": "CVE-2017-1000453",
"REQUESTER" : "m.daniel.legall@gmail.com", "REQUESTER": "m.daniel.legall@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CMS Made Simple", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1.6, 2.2" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "CMS Made Simple" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Server Side Template Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/" "lang": "eng",
} "value": "CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/",
"refsource": "MISC",
"url": "https://www.cmsmadesimple.org/2017/06/Announcing-CMSMS-2-2-1-Hearts-Desire/"
}
]
}
} }

120
2017/12xxx/CVE-2017-12096.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00", "DATE_PUBLIC": "2017-10-31T00:00:00",
"ID" : "CVE-2017-12096", "ID": "CVE-2017-12096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Circle", "product_name": "Circle",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware 2.0.1" "version_value": "firmware 2.0.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Circle Media" "vendor_name": "Circle Media"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed \"deauth\" packets to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "access point deauthorization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448" "lang": "eng",
} "value": "An exploitable vulnerability exists in the WiFi management of Circle with Disney. A crafted Access Point with the same name as the legitimate one can be used to make Circle connect to an untrusted network. An attacker needs to setup an Access Point reachable by the device and to send a series of spoofed \"deauth\" packets to trigger this vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "access point deauthorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0448"
}
]
}
} }

148
2017/12xxx/CVE-2017-12168.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-12168", "ID": "CVE-2017-12168",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux kernel before 4.9", "product_name": "Linux kernel before 4.9",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Linux kernel before 4.9" "version_value": "Linux kernel before 4.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "assert failure CWE-617"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9" "lang": "eng",
}, "value": "The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the Linux kernel before 4.8.11 allows privileged KVM guest OS users to cause a denial of service (assertion failure and host OS crash) by accessing the Performance Monitors Cycle Count Register (PMCCNTR)."
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492984", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1492984" "lang": "eng",
}, "value": "assert failure CWE-617"
{ }
"name" : "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/9e3f7a29694049edd728e2400ab57ad7553e5aa9"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.11"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9e3f7a29694049edd728e2400ab57ad7553e5aa9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492984"
}
]
}
} }

138
2017/12xxx/CVE-2017-12551.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2017-12551", "ID": "CVE-2017-12551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" "lang": "eng",
}, "value": "A local arbitrary execution of commands vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
{ }
"name" : "101029", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101029" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039437", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039437" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1039437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039437"
},
{
"name": "101029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101029"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us"
}
]
}
} }

32
2017/12xxx/CVE-2017-12578.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12578", "ID": "CVE-2017-12578",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/12xxx/CVE-2017-12676.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12676", "ID": "CVE-2017-12676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/618", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/618" "lang": "eng",
}, "value": "In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service."
{ }
"name" : "100225", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100225" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/618",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/618"
},
{
"name": "100225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100225"
}
]
}
} }

128
2017/16xxx/CVE-2017-16357.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16357", "ID": "CVE-2017-16357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a" "lang": "eng",
}, "value": "In radare 2.0.1, a memory corruption vulnerability exists in store_versioninfo_gnu_verdef() and store_versioninfo_gnu_verneed() in libr/bin/format/elf/elf.c, as demonstrated by an invalid free. This error is due to improper sh_size validation when allocating memory."
{ }
"name" : "https://github.com/radare/radare2/issues/8742", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/radare/radare2/issues/8742" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/issues/8742",
"refsource": "CONFIRM",
"url": "https://github.com/radare/radare2/issues/8742"
},
{
"name": "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a",
"refsource": "CONFIRM",
"url": "https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a"
}
]
}
} }

32
2017/16xxx/CVE-2017-16509.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16509", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16509",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

128
2017/16xxx/CVE-2017-16777.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16777", "ID": "CVE-2017-16777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43219", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43219/" "lang": "eng",
}, "value": "If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root."
{ }
"name" : "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html", ]
"refsource" : "MISC", },
"url" : "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html",
"refsource": "MISC",
"url": "https://m4.rkw.io/blog/cve201716777-local-root-privesc-in-hashicorp-vagrantvmwarefusion-503.html"
},
{
"name": "43219",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43219/"
}
]
}
} }

138
2017/16xxx/CVE-2017-16928.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16928", "ID": "CVE-2017-16928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43925", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43925/" "lang": "eng",
}, "value": "The arq_updater binary in Arq 5.10 and earlier for Mac allows local users to write to arbitrary files and consequently gain root privileges via a crafted update URL, as demonstrated by file:///tmp/blah/Arq.zip."
{ }
"name" : "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html", "description": [
"refsource" : "MISC", {
"url" : "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "43925",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43925/"
},
{
"name": "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146158/Arq-5.10-Local-Privilege-Escalation.html"
},
{
"name": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html",
"refsource": "MISC",
"url": "https://m4.rkw.io/blog/two-local-root-privesc-bugs-in-arq-backup--510.html"
}
]
}
} }

296
2017/4xxx/CVE-2017-4028.json
View File

@ -1,151 +1,151 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@mcafee.com", "ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC" : "2017-05-12T17:00:00.000Z", "DATE_PUBLIC": "2017-05-12T17:00:00.000Z",
"ID" : "CVE-2017-4028", "ID": "CVE-2017-4028",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability" "TITLE": "SB10193 - consumer and corporate products - Maliciously misconfigured registry vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "McAfee Anti-Virus Plus (AVP)", "product_name": "McAfee Anti-Virus Plus (AVP)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "170329", "version_name": "170329",
"version_value" : "29 Mar 2017" "version_value": "29 Mar 2017"
} }
] ]
} }
}, },
{ {
"product_name" : "McAfee Endpoint Security (ENS)", "product_name": "McAfee Endpoint Security (ENS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "10.2", "version_name": "10.2",
"version_value" : "10.2 DAT V3 DAT 2932.0" "version_value": "10.2 DAT V3 DAT 2932.0"
} }
] ]
} }
}, },
{ {
"product_name" : "McAfee Host Intrusion Prevention (Host IPS)", "product_name": "McAfee Host Intrusion Prevention (Host IPS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "8.0", "version_name": "8.0",
"version_value" : "8.0 Patch 9 Hotfix 1188590" "version_value": "8.0 Patch 9 Hotfix 1188590"
} }
] ]
} }
}, },
{ {
"product_name" : "McAfee Internet Security (MIS)", "product_name": "McAfee Internet Security (MIS)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "170329", "version_name": "170329",
"version_value" : "29 Mar 2017" "version_value": "29 Mar 2017"
} }
] ]
} }
}, },
{ {
"product_name" : "McAfee Total Protection (MTP)", "product_name": "McAfee Total Protection (MTP)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "170329", "version_name": "170329",
"version_value" : "29 Mar 2017" "version_value": "29 Mar 2017"
} }
] ]
} }
}, },
{ {
"product_name" : "McAfee Virus Scan Enterprise (VSE)", "product_name": "McAfee Virus Scan Enterprise (VSE)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "8.8", "version_name": "8.8",
"version_value" : "8.8 Patch 8/9 Hotfix 1187884" "version_value": "8.8 Patch 8/9 Hotfix 1187884"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "McAfee" "vendor_name": "McAfee"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Maliciously misconfigured registry vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10193", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10193" "lang": "eng",
}, "value": "Maliciously misconfigured registry vulnerability in all Microsoft Windows products in McAfee consumer and corporate products allows an administrator to inject arbitrary code into a debugged McAfee process via manipulation of registry parameters."
{ }
"name" : "97958", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97958" "impact": {
} "cvss": {
] "attackComplexity": "HIGH",
}, "attackVector": "LOCAL",
"source" : { "availabilityImpact": "NONE",
"advisory" : "SB10193", "baseScore": 5,
"discovery" : "EXTERNAL" "baseSeverity": "MEDIUM",
} "confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Maliciously misconfigured registry vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10193"
},
{
"name": "97958",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97958"
}
]
},
"source": {
"advisory": "SB10193",
"discovery": "EXTERNAL"
}
} }

32
2017/4xxx/CVE-2017-4167.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4167", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4167",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4305.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4305", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4305",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4694.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4694", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4694",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2018/18xxx/CVE-2018-18054.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18054", "ID": "CVE-2018-18054",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/18xxx/CVE-2018-18101.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18101", "ID": "CVE-2018-18101",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2018/18xxx/CVE-2018-18337.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-18337", "ID": "CVE-2018-18337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "71.0.3578.80" "version_value": "71.0.3578.80"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/886753", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/886753" "lang": "eng",
}, "value": "Incorrect handling of stylesheets leading to a use after free in Blink in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4352", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4352" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "RHSA-2018:3803", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" ]
}, },
{ "references": {
"name" : "106084", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/886753",
} "refsource": "MISC",
] "url": "https://crbug.com/886753"
} },
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
} }

32
2018/5xxx/CVE-2018-5573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5573", "ID": "CVE-2018-5573",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/5xxx/CVE-2018-5639.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5639", "ID": "CVE-2018-5639",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/5xxx/CVE-2018-5686.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5686", "ID": "CVE-2018-5686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698860", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698860" "lang": "eng",
}, "value": "In MuPDF 1.12.0, there is an infinite loop vulnerability and application hang in the pdf_parse_array function (pdf/pdf-parse.c) because EOF is not considered. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted pdf file."
{ }
"name" : "DSA-4334", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4334" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201811-15", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-15" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698860",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698860"
},
{
"name": "GLSA-201811-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-15"
},
{
"name": "DSA-4334",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4334"
}
]
}
} }

120
2018/5xxx/CVE-2018-5824.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2018-5824", "ID": "CVE-2018-5824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing HTT_T2H_MSG_TYPE_RX_FLUSH or HTT_T2H_MSG_TYPE_RX_PN_IND messages, a buffer overflow can occur if the tid value obtained from the firmware is out of range."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
} }

118
2018/5xxx/CVE-2018-5970.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5970", "ID": "CVE-2018-5970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44116", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://exploit-db.com/exploits/44116" "lang": "eng",
} "value": "SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44116",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44116"
}
]
}
} }