admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:34:28 +00:00
parent b9afb41c85
commit 9213397d22
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3472 additions and 3472 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2002/1xxx/CVE-2002-1171.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1171",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1171",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2002/1xxx/CVE-2002-1555.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a \"public\" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml"
},
{
"name" : "6081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6081"
},
{
"name" : "cisco-ons-snmp-public(10507)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10507.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a \"public\" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-ons-snmp-public(10507)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10507.php"
},
{
"name": "6081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6081"
},
{
"name": "20021031 Cisco ONS15454 and Cisco ONS15327 Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml"
}
]
}
}

140
2002/1xxx/CVE-2002-1641.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nextgenss.com/vna/ora-webcache.txt",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/vna/ora-webcache.txt"
},
{
"name" : "4856",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4856"
},
{
"name" : "VU#291555",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/291555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#291555",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/291555"
},
{
"name": "4856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4856"
},
{
"name": "http://www.nextgenss.com/vna/ora-webcache.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/vna/ora-webcache.txt"
}
]
}
}

140
2002/1xxx/CVE-2002-1870.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1870",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1870",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020903 Re: SWS Web Server v0.1.0 Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html"
},
{
"name" : "5660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5660"
},
{
"name" : "sws-webserver-recv-overwrite(10072)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10072.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle when the recv function call fails, which may allow remote attackers to overwrite program data or perform actions on an uninitialized heap, leading to a denial of service and possibly code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sws-webserver-recv-overwrite(10072)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10072.php"
},
{
"name": "5660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5660"
},
{
"name": "20020903 Re: SWS Web Server v0.1.0 Exploit",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0047.html"
}
]
}
}

160
2002/1xxx/CVE-2002-1878.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020608 Security holes in LokwaBB and W-Agora",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html"
},
{
"name" : "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt",
"refsource" : "MISC",
"url" : "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt"
},
{
"name" : "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563",
"refsource" : "CONFIRM",
"url" : "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563"
},
{
"name" : "4977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4977"
},
{
"name" : "wagora-file-include(9317)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9317.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563",
"refsource": "CONFIRM",
"url": "http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563"
},
{
"name": "4977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4977"
},
{
"name": "wagora-file-include(9317)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9317.php"
},
{
"name": "20020608 Security holes in LokwaBB and W-Agora",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html"
},
{
"name": "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/W-Agora.txt"
}
]
}
}

140
2002/1xxx/CVE-2002-1992.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161"
},
{
"name" : "5121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5121"
},
{
"name" : "coldfusion-mx-jrundll-bo(9460)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9460.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coldfusion-mx-jrundll-bo(9460)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9460.php"
},
{
"name": "5121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5121"
},
{
"name": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/v1/handlers/index.cfm?ID=23161"
}
]
}
}

120
2003/0xxx/CVE-2003-0481.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to insert arbitrary web script, as demonstrated using the msg parameter to file_select.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030623 [KSA-001] Multiple vulnerabilities in Tutos",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105638743109781&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0635.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0635",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0635",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105492852131747&w=2"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before Support Pack 1, with unknown impact, possibly related to unauthorized access to (1) NCPIP.NLM and (2) JSTCP.NLM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2966435.htm"
},
{
"name": "20030606 NOVL-2003-2966205 - iChain 2.2 Field Patch 1a",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105492852131747&w=2"
}
]
}
}

300
2003/0xxx/CVE-2003-0693.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030916 OpenSSH Buffer Management Bug Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106373247528528&w=2"
},
{
"name" : "http://www.openssh.com/txt/buffer.adv",
"refsource" : "CONFIRM",
"url" : "http://www.openssh.com/txt/buffer.adv"
},
{
"name" : "20030915 openssh remote exploit",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"name" : "20030916 The lowdown on SSH vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"name" : "20030915 new ssh exploit?",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"name" : "RHSA-2003:279",
"refsource" : "REDHAT",
"url" : "http://marc.info/?l=bugtraq&m=106373546332230&w=2"
},
{
"name" : "RHSA-2003:280",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name" : "MDKSA-2003:090",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name" : "DSA-382",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-382"
},
{
"name" : "DSA-383",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-383"
},
{
"name" : "1000620",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"name" : "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106374466212309&w=2"
},
{
"name" : "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106381409220492&w=2"
},
{
"name" : "2003-0033",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=106381396120332&w=2"
},
{
"name" : "CA-2003-24",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"name" : "VU#333628",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/333628"
},
{
"name" : "oval:org.mitre.oval:def:2719",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"name" : "openssh-packet-bo(13191)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"name" : "oval:org.mitre.oval:def:447",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A \"buffer management error\" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1000620",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000620.1-1"
},
{
"name": "20030915 new ssh exploit?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010103.html"
},
{
"name": "20030917 [OpenPKG-SA-2003.040] OpenPKG Security Advisory (openssh)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106381409220492&w=2"
},
{
"name": "openssh-packet-bo(13191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13191"
},
{
"name": "DSA-383",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-383"
},
{
"name": "20030916 [slackware-security] OpenSSH Security Advisory (SSA:2003-259-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106374466212309&w=2"
},
{
"name": "http://www.openssh.com/txt/buffer.adv",
"refsource": "CONFIRM",
"url": "http://www.openssh.com/txt/buffer.adv"
},
{
"name": "RHSA-2003:280",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-280.html"
},
{
"name": "CA-2003-24",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-24.html"
},
{
"name": "20030915 openssh remote exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010135.html"
},
{
"name": "oval:org.mitre.oval:def:2719",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2719"
},
{
"name": "2003-0033",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=106381396120332&w=2"
},
{
"name": "20030916 The lowdown on SSH vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-September/010146.html"
},
{
"name": "DSA-382",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-382"
},
{
"name": "20030916 OpenSSH Buffer Management Bug Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106373247528528&w=2"
},
{
"name": "MDKSA-2003:090",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:090"
},
{
"name": "oval:org.mitre.oval:def:447",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A447"
},
{
"name": "RHSA-2003:279",
"refsource": "REDHAT",
"url": "http://marc.info/?l=bugtraq&m=106373546332230&w=2"
},
{
"name": "VU#333628",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/333628"
}
]
}
}

140
2003/1xxx/CVE-2003-1060.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57406",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1"
},
{
"name" : "8929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8929"
},
{
"name" : "solaris-nfs-ufs-dos(13547)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-nfs-ufs-dos(13547)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13547"
},
{
"name": "8929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8929"
},
{
"name": "57406",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57406-1"
}
]
}
}

160
2003/1xxx/CVE-2003-1077.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "51300",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1"
},
{
"name" : "7032",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7032"
},
{
"name" : "1006233",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1006233"
},
{
"name" : "8234",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8234/"
},
{
"name" : "solaris-ufs-logging-dos(11481)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service (UFS file system hang)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1006233",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006233"
},
{
"name": "7032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7032"
},
{
"name": "51300",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-51300-1"
},
{
"name": "8234",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8234/"
},
{
"name": "solaris-ufs-logging-dos(11481)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11481"
}
]
}
}

140
2004/2xxx/CVE-2004-2584.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (\"%00\"). NOTE: it is not clear whether this issue poses a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt",
"refsource" : "MISC",
"url" : "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt"
},
{
"name" : "http://www.zone-h.org/advisories/read/id=4098",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=4098"
},
{
"name" : "smartermail-frmaddfolder-file-manipulation(15392)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15392"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte (\"%00\"). NOTE: it is not clear whether this issue poses a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "smartermail-frmaddfolder-file-manipulation(15392)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15392"
},
{
"name": "http://www.zone-h.org/advisories/read/id=4098",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=4098"
},
{
"name": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt",
"refsource": "MISC",
"url": "http://members.lycos.co.uk/r34ct/main/smarter_mail%203.1/smarter_mail.txt"
}
]
}
}

180
2004/2xxx/CVE-2004-2754.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2754",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040119 Yabb SE SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/350244"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105",
"refsource" : "MISC",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105"
},
{
"name" : "http://www.yabbse.org/community/index.php?thread=27122",
"refsource" : "MISC",
"url" : "http://www.yabbse.org/community/index.php?thread=27122"
},
{
"name" : "9449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9449"
},
{
"name" : "3618",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3618"
},
{
"name" : "1008764",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1008764"
},
{
"name" : "3371",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040119 Yabb SE SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/350244"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=210608&group_id=57105"
},
{
"name": "3618",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3618"
},
{
"name": "9449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9449"
},
{
"name": "3371",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3371"
},
{
"name": "1008764",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008764"
},
{
"name": "http://www.yabbse.org/community/index.php?thread=27122",
"refsource": "MISC",
"url": "http://www.yabbse.org/community/index.php?thread=27122"
}
]
}
}

150
2008/2xxx/CVE-2008-2990.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2990",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2990",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5915",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5915"
},
{
"name" : "29904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29904"
},
{
"name" : "3967",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3967"
},
{
"name" : "facileforms-facileformsframe-file-include(43290)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "facileforms-facileformsframe-file-include(43290)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43290"
},
{
"name": "29904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29904"
},
{
"name": "3967",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3967"
},
{
"name": "5915",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5915"
}
]
}
}

34
2012/0xxx/CVE-2012-0349.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0349",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0349",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/0xxx/CVE-2012-0480.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0480",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0480",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/0xxx/CVE-2012-0860.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=790730",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=790730"
},
{
"name" : "RHSA-2012:1506",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name" : "RHSA-2012:1508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1508.html"
},
{
"name" : "56825",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56825"
},
{
"name" : "1027838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027838"
},
{
"name" : "enterprise-rhev-priv-esc(80543)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when adding a host, allow local users to gain privileges via a Trojan horse (1) deployUtil.py or (2) vds_bootstrap.py Python module in /tmp/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1508.html"
},
{
"name": "56825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56825"
},
{
"name": "RHSA-2012:1506",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name": "enterprise-rhev-priv-esc(80543)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80543"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=790730",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=790730"
},
{
"name": "1027838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027838"
}
]
}
}

150
2012/1xxx/CVE-2012-1681.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1026940",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026940"
},
{
"name" : "48809",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel/sockfs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "1026940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026940"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "48809",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48809"
}
]
}
}

210
2012/1xxx/CVE-2012-1722.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"name" : "HPSBUX02805",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name" : "SSRT100919",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "RHSA-2012:0734",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
},
{
"name" : "SUSE-SU-2012:1231",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"name" : "SUSE-SU-2012:1265",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
},
{
"name" : "53953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53953"
},
{
"name" : "oval:org.mitre.oval:def:16214",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, and 6 update 32 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1721."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1265",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00035.html"
},
{
"name": "53953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53953"
},
{
"name": "SUSE-SU-2012:1231",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00032.html"
},
{
"name": "RHSA-2012:0734",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0734.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html"
},
{
"name": "SSRT100919",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "oval:org.mitre.oval:def:16214",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16214"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "HPSBUX02805",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134496371727681&w=2"
}
]
}
}

150
2012/1xxx/CVE-2012-1797.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518"
},
{
"name" : "IC79518",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
},
{
"name" : "oval:org.mitre.oval:def:14922",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
},
{
"name" : "db2-nodes-unspecified(74326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518"
},
{
"name": "db2-nodes-unspecified(74326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74326"
},
{
"name": "oval:org.mitre.oval:def:14922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922"
},
{
"name": "IC79518",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518"
}
]
}
}

140
2012/1xxx/CVE-2012-1894.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Office for Mac 2011 uses world-writable permissions for the \"Applications/Microsoft Office 2011/\" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka \"Office for Mac Improper Folder Permissions Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-1894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-051"
},
{
"name" : "TA12-192A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"name" : "oval:org.mitre.oval:def:15602",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15602"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office for Mac 2011 uses world-writable permissions for the \"Applications/Microsoft Office 2011/\" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka \"Office for Mac Improper Folder Permissions Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-192A.html"
},
{
"name": "MS12-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-051"
},
{
"name": "oval:org.mitre.oval:def:15602",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15602"
}
]
}
}

140
2012/1xxx/CVE-2012-1901.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18609",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18609"
},
{
"name" : "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html"
},
{
"name" : "48451",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48451"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS 3.2.1 and earlier allow remote attackers to (1) hijack the authentication of users for requests that change account settings via a request to index.php/profile-edit-save or (2) hijack the authentication of administrators for requests that add a new page via a request to admin/pages-new-save."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html",
"refsource": "MISC",
"url": "http://ivanobinetti.blogspot.com/2012/03/flexcms-multiple-csrf-vulnerabilities.html"
},
{
"name": "18609",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18609"
},
{
"name": "48451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48451"
}
]
}
}

190
2012/1xxx/CVE-2012-1941.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750066",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=750066"
},
{
"name" : "MDVSA-2012:088",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name" : "RHSA-2012:0710",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
},
{
"name" : "RHSA-2012:0715",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
},
{
"name" : "SUSE-SU-2012:0746",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name" : "openSUSE-SU-2012:0760",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name" : "oval:org.mitre.oval:def:16985",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the nsHTMLReflowState::CalculateHypotheticalBox function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code by resizing a window displaying absolutely positioned and relatively positioned elements in nested columns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name": "RHSA-2012:0710",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=750066",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=750066"
},
{
"name": "oval:org.mitre.oval:def:16985",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16985"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html"
},
{
"name": "SUSE-SU-2012:0746",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0760",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name": "RHSA-2012:0715",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
}
]
}
}

130
2012/4xxx/CVE-2012-4347.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
},
{
"name" : "56789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56789"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56789"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120827_00"
}
]
}
}

200
2012/4xxx/CVE-2012-4425.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "21323",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/21323"
},
{
"name" : "[oss-security] 20120912 libdbus CVE-2012-3524 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/12/6"
},
{
"name" : "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/14/2"
},
{
"name" : "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/17/2"
},
{
"name" : "[scm-commits] 20120914 [spice-gtk/f18] Add patch fixing CVE 2012-4425",
"refsource" : "MLIST",
"url" : "http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051"
},
{
"name" : "[spice-devel] 20120914 [spice-gtk] usb-acl-helper: Clear environment",
"refsource" : "MLIST",
"url" : "http://www.spinics.net/lists/spice-devel/msg01940.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=857283",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=857283"
},
{
"name" : "RHSA-2012:1284",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1284.html"
},
{
"name" : "55555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:1284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1284.html"
},
{
"name": "[oss-security] 20120912 libdbus CVE-2012-3524 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/12/6"
},
{
"name": "[spice-devel] 20120914 [spice-gtk] usb-acl-helper: Clear environment",
"refsource": "MLIST",
"url": "http://www.spinics.net/lists/spice-devel/msg01940.html"
},
{
"name": "[oss-security] 20120917 Re: libdbus CVE-2012-3524 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/17/2"
},
{
"name": "[scm-commits] 20120914 [spice-gtk/f18] Add patch fixing CVE 2012-4425",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.linux.redhat.fedora.extras.cvs/853051"
},
{
"name": "21323",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/21323"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=857283",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=857283"
},
{
"name": "[oss-security] 20120914 Re: libdbus CVE-2012-3524 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/14/2"
},
{
"name": "55555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55555"
}
]
}
}

170
2012/4xxx/CVE-2012-4615.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-4615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html"
},
{
"name" : "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html"
},
{
"name" : "56682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56682"
},
{
"name" : "87878",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/87878"
},
{
"name" : "1027812",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027812"
},
{
"name" : "51408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51408"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a hardcoded encryption key for the storage of credentials, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "87878",
"refsource": "OSVDB",
"url": "http://osvdb.org/87878"
},
{
"name": "1027812",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027812"
},
{
"name": "51408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51408"
},
{
"name": "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html"
},
{
"name": "56682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56682"
},
{
"name": "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/118358/EMC-Smarts-Network-Configuration-Manager-Bypass.html"
}
]
}
}

140
2012/5xxx/CVE-2012-5390.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html",
"refsource" : "CONFIRM",
"url" : "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"name" : "57328",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57328"
},
{
"name" : "51862",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51862"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The standard universe shadow (condor_shadow.std) component in Condor 7.7.3 through 7.7.6, 7.8.0 before 7.8.5, and 7.9.0 does no properly check privileges, which allows remote attackers to gain privileges via a crafted standard universe job."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html",
"refsource": "CONFIRM",
"url": "http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html"
},
{
"name": "57328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57328"
},
{
"name": "51862",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51862"
}
]
}
}

34
2012/5xxx/CVE-2012-5439.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5439",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5439",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2012/5xxx/CVE-2012-5468.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121204 CVE-2012-5468: bogofilter-SA-2012-01",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/03/13"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=883358",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=883358"
},
{
"name" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01",
"refsource" : "CONFIRM",
"url" : "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01"
},
{
"name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973",
"refsource" : "CONFIRM",
"url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973"
},
{
"name" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975",
"refsource" : "CONFIRM",
"url" : "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975"
},
{
"name" : "DSA-2585",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2585"
},
{
"name" : "MDVSA-2013:064",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:064"
},
{
"name" : "56804",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56804"
},
{
"name" : "51334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51334"
},
{
"name" : "51521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51521"
},
{
"name" : "bogofilter-bogolexer-base64-dos(80524)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in iconvert.c in the bogolexer component in Bogofilter before 1.2.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an email containing a base64 string that is decoded to incomplete multibyte characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:064",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:064"
},
{
"name": "[oss-security] 20121204 CVE-2012-5468: bogofilter-SA-2012-01",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/03/13"
},
{
"name": "51521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51521"
},
{
"name": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01",
"refsource": "CONFIRM",
"url": "http://bogofilter.sourceforge.net/security/bogofilter-SA-2012-01"
},
{
"name": "56804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56804"
},
{
"name": "DSA-2585",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2585"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=883358",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=883358"
},
{
"name": "51334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51334"
},
{
"name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973",
"refsource": "CONFIRM",
"url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6973"
},
{
"name": "bogofilter-bogolexer-base64-dos(80524)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80524"
},
{
"name": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975",
"refsource": "CONFIRM",
"url": "http://bogofilter.svn.sourceforge.net/viewvc/bogofilter?view=revision&revision=6975"
}
]
}
}

160
2017/3xxx/CVE-2017-3100.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 26.0.0.131 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 26.0.0.131 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 26.0.0.131 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 26.0.0.131 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html"
},
{
"name" : "GLSA-201707-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-15"
},
{
"name" : "RHSA-2017:1731",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1731"
},
{
"name" : "99523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99523"
},
{
"name" : "1038845",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038845"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038845",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038845"
},
{
"name": "99523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99523"
},
{
"name": "RHSA-2017:1731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1731"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-21.html"
},
{
"name": "GLSA-201707-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-15"
}
]
}
}

140
2017/3xxx/CVE-2017-3102.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Connect 9.6.1 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Connect 9.6.1 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Connect 9.6.1 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Connect 9.6.1 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/connect/apsb17-22.html"
},
{
"name" : "99517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99517"
},
{
"name" : "1038846",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99517"
},
{
"name": "https://helpx.adobe.com/security/products/connect/apsb17-22.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/connect/apsb17-22.html"
},
{
"name": "1038846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038846"
}
]
}
}

140
2017/3xxx/CVE-2017-3849.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS and IOS XE",
"version" : {
"version_data" : [
{
"version_value" : "Cisco IOS and IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20 Denial of Service Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS and IOS XE",
"version": {
"version_data": [
{
"version_value": "Cisco IOS and IOS XE"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"
},
{
"name" : "96972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96972"
},
{
"name" : "1038064",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038064"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Autonomic Networking Infrastructure (ANI) registrar feature of Cisco IOS Software (possibly 15.2 through 15.6) and Cisco IOS XE Software (possibly 3.7 through 3.18, and 16) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to incomplete input validation on certain crafted packets. An attacker could exploit this vulnerability by sending a crafted autonomic network channel discovery packet to a device that has all the following characteristics: (1) running a Cisco IOS Software or Cisco IOS XE Software release that supports the ANI feature; (2) configured as an autonomic registrar; (3) has a whitelist configured. An exploit could allow the attacker to cause the affected device to reload. Note: Autonomic networking should be configured with a whitelist. Do not remove the whitelist as a workaround. Cisco Bug IDs: CSCvc42717."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170320-ani"
},
{
"name": "96972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96972"
},
{
"name": "1038064",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038064"
}
]
}
}

140
2017/6xxx/CVE-2017-6184.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
"refsource" : "CONFIRM",
"url" : "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
},
{
"name" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2",
"refsource" : "CONFIRM",
"url" : "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
},
{
"name" : "97261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the machine's interface responsible for generating reports was vulnerable to remote command injection via the token parameter, aka NSWA-1303."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html",
"refsource": "CONFIRM",
"url": "http://wsa.sophos.com/rn/swa/concepts/ReleaseNotes_4.3.1.2.html"
},
{
"name": "97261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97261"
},
{
"name": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2",
"refsource": "CONFIRM",
"url": "https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-1-2"
}
]
}
}

130
2017/6xxx/CVE-2017-6578.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin",
"refsource" : "MISC",
"url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin"
},
{
"name" : "96783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96783"
},
{
"name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin",
"refsource": "MISC",
"url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin"
}
]
}
}

120
2017/7xxx/CVE-2017-7723.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wordpress.org/plugins/easy-wp-smtp/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/easy-wp-smtp/#developers"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/easy-wp-smtp/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/easy-wp-smtp/#developers"
}
]
}
}

150
2017/8xxx/CVE-2017-8342.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/861514",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/861514"
},
{
"name" : "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst",
"refsource" : "CONFIRM",
"url" : "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst"
},
{
"name" : "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d",
"refsource" : "CONFIRM",
"url" : "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d"
},
{
"name" : "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b",
"refsource" : "CONFIRM",
"url" : "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst",
"refsource": "CONFIRM",
"url": "https://github.com/Kozea/Radicale/blob/1.1.2/NEWS.rst"
},
{
"name": "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d",
"refsource": "CONFIRM",
"url": "https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d"
},
{
"name": "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b",
"refsource": "CONFIRM",
"url": "https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b"
},
{
"name": "https://bugs.debian.org/861514",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/861514"
}
]
}
}

140
2017/8xxx/CVE-2017-8522.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft browsers",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft browsers",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522"
},
{
"name" : "98926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98926"
},
{
"name" : "1038673",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038673"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engines fail to render when handling objects in memory in Microsoft browsers, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-8517 and CVE-2017-8524."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8522"
},
{
"name": "98926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98926"
},
{
"name": "1038673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038673"
}
]
}
}

34
2017/8xxx/CVE-2017-8997.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8997",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8997",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/10xxx/CVE-2018-10121.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/monstra-cms/monstra/issues/437",
"refsource" : "MISC",
"url" : "https://github.com/monstra-cms/monstra/issues/437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/monstra-cms/monstra/issues/437",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/437"
}
]
}
}

34
2018/10xxx/CVE-2018-10242.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10242",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10242",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/10xxx/CVE-2018-10884.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-10884",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ansible-tower",
"version" : {
"version_data" : [
{
"version_value" : "3.1.8"
},
{
"version_value" : "3.2.6"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10884",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ansible-tower",
"version": {
"version_data": [
{
"version_value": "3.1.8"
},
{
"version_value": "3.2.6"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884"
},
{
"name" : "105136",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the authtoken cookie."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105136"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10884"
}
]
}
}

164
2018/10xxx/CVE-2018-10893.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2018-10893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "spice-client",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Red Hat"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-10893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "spice-client",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-190"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.6/CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type",
"refsource" : "MLIST",
"url" : "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893"
}
]
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10893"
},
{
"name": "[spice-devel] 20180703 [PATCH spice-common v3] lz: Avoid buffer reading overflow checking for image type",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html"
}
]
}
}

170
2018/13xxx/CVE-2018-13099.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=200179",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=200179"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a",
"refsource" : "MISC",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a"
},
{
"name" : "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/"
},
{
"name" : "DSA-4308",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4308"
},
{
"name" : "104680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in fs/f2fs/inline.c in the Linux kernel through 4.17.3. A denial of service (out-of-bounds memory access and BUG) can occur for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
},
{
"name": "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/linux-f2fs/mailman/message/36356878/"
},
{
"name": "104680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104680"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a",
"refsource": "MISC",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=f2fs-dev&id=cc60e90f9bfab8d6a7fb826937e824333c3bf94a"
},
{
"name": "DSA-4308",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4308"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=200179",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=200179"
}
]
}
}

120
2018/13xxx/CVE-2018-13122.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13122",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Self-Evident/OneFileCMS/issues/49",
"refsource" : "MISC",
"url" : "https://github.com/Self-Evident/OneFileCMS/issues/49"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "onefilecms.php in OneFileCMS through 2017-10-08 might allow attackers to delete arbitrary files via the Delete File(s) screen, as demonstrated by a ?i=var/www/html/&f=123.php&p=edit&p=deletefile URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Self-Evident/OneFileCMS/issues/49",
"refsource": "MISC",
"url": "https://github.com/Self-Evident/OneFileCMS/issues/49"
}
]
}
}

150
2018/13xxx/CVE-2018-13153.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13153",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1195",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1195"
},
{
"name" : "USN-3711-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3711-1/"
},
{
"name" : "104687",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104687"
},
{
"name" : "1041219",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041219"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.8-4, there is a memory leak in the XMagickCommand function in MagickCore/animate.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1195",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1195"
},
{
"name": "1041219",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041219"
},
{
"name": "USN-3711-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3711-1/"
},
{
"name": "104687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104687"
}
]
}
}

120
2018/17xxx/CVE-2018-17142.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a \"panic: runtime error\" in parseCurrentToken in parse.go during an html.Parse call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/golang/go/issues/27702",
"refsource" : "MISC",
"url" : "https://github.com/golang/go/issues/27702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a \"panic: runtime error\" in parseCurrentToken in parse.go during an html.Parse call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/golang/go/issues/27702",
"refsource": "MISC",
"url": "https://github.com/golang/go/issues/27702"
}
]
}
}

34
2018/17xxx/CVE-2018-17272.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17272",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-17272",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

120
2018/17xxx/CVE-2018-17366.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitee.com/mingSoft/MCMS/issues/IM1DA",
"refsource" : "MISC",
"url" : "https://gitee.com/mingSoft/MCMS/issues/IM1DA"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in MCMS 4.6.5. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitee.com/mingSoft/MCMS/issues/IM1DA",
"refsource": "MISC",
"url": "https://gitee.com/mingSoft/MCMS/issues/IM1DA"
}
]
}
}

34
2018/17xxx/CVE-2018-17483.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17483",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17483",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17541.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17541",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17541",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/20xxx/CVE-2018-20689.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20689",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20689",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/20xxx/CVE-2018-20712.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629",
"refsource" : "MISC",
"url" : "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629"
},
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24043",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=24043"
},
{
"name" : "106563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer over-read exists in the function d_expression_1 in cp-demangle.c in GNU libiberty, as distributed in GNU Binutils 2.31.1. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by c++filt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629",
"refsource": "MISC",
"url": "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=24043"
},
{
"name": "106563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106563"
}
]
}
}

140
2018/9xxx/CVE-2018-9185.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2018-9185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fortinet FortiOS",
"version" : {
"version_data" : [
{
"version_value" : "FortiOS 6.0.0 and below"
}
]
}
}
]
},
"vendor_name" : "Fortinet"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2018-9185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiOS",
"version": {
"version_data": [
{
"version_value": "FortiOS 6.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/advisory/FG-IR-18-027",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/advisory/FG-IR-18-027"
},
{
"name" : "104535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104535"
},
{
"name" : "1041186",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041186"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Fortinet FortiOS 6.0.0 and below versions reveals user's web portal login credentials in a Javascript file sent to client-side when pages bookmarked in web portal use the Single Sign-On feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104535"
},
{
"name": "1041186",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041186"
},
{
"name": "https://fortiguard.com/advisory/FG-IR-18-027",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-027"
}
]
}
}

34
2018/9xxx/CVE-2018-9677.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9677",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9677",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}