admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:53:14 +00:00
parent 127b517cb5
commit 9492230dd0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3654 additions and 3654 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0032.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0032", "ID": "CVE-2001-0032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001208 format string in ssl dump", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/149917" "lang": "eng",
}, "value": "Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL."
{ }
"name" : "2096", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2096" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ssldump-format-strings(5717)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5717" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "ssldump-format-strings(5717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5717"
},
{
"name": "2096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2096"
},
{
"name": "20001208 format string in ssl dump",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/149917"
}
]
}
}

160
2001/0xxx/CVE-2001-0062.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0062", "ID": "CVE-2001-0062",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-00:77", "description_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc" "lang": "eng",
}, "value": "procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang."
{ }
"name" : "2131", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2131" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "procfs-mmap-dos(6107)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6107" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1698", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/1698" ]
}, },
{ "references": {
"name" : "6082", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6082" "name": "6082",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/6082"
} },
} {
"name": "1698",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1698"
},
{
"name": "procfs-mmap-dos(6107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6107"
},
{
"name": "2131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2131"
},
{
"name": "FreeBSD-SA-00:77",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc"
}
]
}
}

140
2001/0xxx/CVE-2001-0578.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0578", "ID": "CVE-2001-0578",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010327 SCO 5.0.6 issues (lpforms) ", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html" "lang": "eng",
}, "value": "Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command."
{ }
"name" : "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes", ]
"refsource" : "BUGTRAQ", },
"url" : "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sco-openserver-lpforms-bo(6293)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6293" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "sco-openserver-lpforms-bo(6293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6293"
},
{
"name": "20010412 SSE072B: SCO OpenServer revision of buffer overflow fixes",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html"
},
{
"refsource": "BUGTRAQ",
"name": "20010327 SCO 5.0.6 issues (lpforms)",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html"
}
]
}
}

150
2001/0xxx/CVE-2001-0840.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0840", "ID": "CVE-2001-0840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT0766", "description_data": [
"refsource" : "COMPAQ", {
"url" : "http://www.compaq.com/products/servers/management/mgtsw-advisory.html" "lang": "eng",
}, "value": "Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI."
{ }
"name" : "VU#908611", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/908611" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3482", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3482" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "compaq-insightmanager-xe-bo(7411)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7411.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "VU#908611",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/908611"
},
{
"name": "SSRT0766",
"refsource": "COMPAQ",
"url": "http://www.compaq.com/products/servers/management/mgtsw-advisory.html"
},
{
"name": "compaq-insightmanager-xe-bo(7411)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7411.php"
},
{
"name": "3482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3482"
}
]
}
}

140
2001/0xxx/CVE-2001-0918.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0918", "ID": "CVE-2001-0918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SuSE-SA:2001:041", "description_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2001_041_susehelp_txt.html" "lang": "eng",
}, "value": "Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely."
{ }
"name" : "susehelp-cgi-command-execution(7583)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7583" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3576", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3576" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "SuSE-SA:2001:041",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2001_041_susehelp_txt.html"
},
{
"name": "3576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3576"
},
{
"name": "susehelp-cgi-command-execution(7583)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7583"
}
]
}
}

140
2001/1xxx/CVE-2001-1293.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1293", "ID": "CVE-2001-1293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010926 3Com(r) HomeConnect(r) Cable Modem Denial of Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0217.html" "lang": "eng",
}, "value": "Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request."
{ }
"name" : "VU#500027", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/500027" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3366", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3366" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20010926 3Com(r) HomeConnect(r) Cable Modem Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0217.html"
},
{
"name": "3366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3366"
},
{
"name": "VU#500027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/500027"
}
]
}
}

170
2001/1xxx/CVE-2001-1419.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1419", "ID": "CVE-2001-1419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of \"<!--\" HTML comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011002 AIM 0day DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html" "lang": "eng",
}, "value": "AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of \"<!--\" HTML comments."
{ }
"name" : "20011230 Windows AIM Client Exploits", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/247707" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kb.cert.org/vuls/id/JARL-56TPTN", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/JARL-56TPTN" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#507771", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/507771" ]
}, },
{ "references": {
"name" : "3398", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3398" "name": "VU#507771",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/507771"
"name" : "aim-html-comments-dos(7233)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233" "name": "aim-html-comments-dos(7233)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7233"
} },
} {
"name": "http://www.kb.cert.org/vuls/id/JARL-56TPTN",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JARL-56TPTN"
},
{
"name": "3398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3398"
},
{
"name": "20011230 Windows AIM Client Exploits",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/247707"
},
{
"name": "20011002 AIM 0day DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-10/0014.html"
}
]
}
}

140
2001/1xxx/CVE-2001-1457.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1457", "ID": "CVE-2001-1457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010331 Remote buffer overflow in CrazyWWWBoard.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/173050" "lang": "eng",
}, "value": "Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTP_USER_AGENT CGI environment variable."
{ }
"name" : "VU#229955", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/229955" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "crazywwwboard-httpuseragent-bo(10110)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10110" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20010331 Remote buffer overflow in CrazyWWWBoard.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/173050"
},
{
"name": "crazywwwboard-httpuseragent-bo(10110)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10110"
},
{
"name": "VU#229955",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/229955"
}
]
}
}

180
2006/2xxx/CVE-2006-2774.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2774", "ID": "CVE-2006-2774",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060531 QontentOneCMS v1.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435409/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in search.php in QontentOne CMS allows remote attackers to inject arbitrary web script or HTML via the search_phrase parameter."
{ }
"name" : "20060530 QontentOneCMS v1.0", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2006-05/0685.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18209", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18209" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2080", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2080" ]
}, },
{ "references": {
"name" : "1016195", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016195" "name": "20060531 QontentOneCMS v1.0",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435409/100/0/threaded"
"name" : "20392", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20392" "name": "1016195",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016195"
"name" : "qontentone-search-xss(26835)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26835" "name": "ADV-2006-2080",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/2080"
} },
} {
"name": "qontentone-search-xss(26835)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26835"
},
{
"name": "20060530 QontentOneCMS v1.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0685.html"
},
{
"name": "18209",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18209"
},
{
"name": "20392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20392"
}
]
}
}

160
2006/2xxx/CVE-2006-2873.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2873", "ID": "CVE-2006-2873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/enigmahaber-4.2-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/enigmahaber-4.2-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber 4.2 allows remote attackers to inject arbitrary web script or HTML via the il parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "18226", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18226" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2191", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2191" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20454", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/20454" ]
}, },
{ "references": {
"name" : "enigmahaber-hava-xss(26989)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26989" "name": "enigmahaber-hava-xss(26989)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26989"
} },
} {
"name": "20454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20454"
},
{
"name": "18226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18226"
},
{
"name": "ADV-2006-2191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2191"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/enigmahaber-4.2-xss.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/enigmahaber-4.2-xss.txt"
}
]
}
}

150
2008/5xxx/CVE-2008-5066.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5066", "ID": "CVE-2008-5066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6859", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6859" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in upload/admin/frontpage_right.php in Agares Media ThemeSiteScript 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter."
{ }
"name" : "31959", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31959" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4592", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4592" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2959", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2959" ]
} },
] "references": {
} "reference_data": [
} {
"name": "6859",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6859"
},
{
"name": "ADV-2008-2959",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2959"
},
{
"name": "31959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31959"
},
{
"name": "4592",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4592"
}
]
}
}

250
2008/5xxx/CVE-2008-5188.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5188", "ID": "CVE-2008-5188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081023 CVE request for ecryptfs", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/23/3" "lang": "eng",
}, "value": "The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process."
{ }
"name" : "[oss-security] 20081029 Re: CVE request for ecryptfs", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/10/29/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20081029 Re: CVE request for ecryptfs", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/29/7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53" ]
}, },
{ "references": {
"name" : "https://launchpad.net/bugs/287908", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/bugs/287908" "name": "[oss-security] 20081023 CVE request for ecryptfs",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/10/23/3"
"name" : "RHSA-2009:1307", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1307.html" "name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/10/29/7"
"name" : "49334", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49334" "name": "https://launchpad.net/bugs/287908",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/bugs/287908"
"name" : "50353", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50353" "name": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/mhalcrow/ecryptfs-utils.git;a=commit;h=06de99afd53f03fe07eda0ad9d61ac6d5d4d9f53"
"name" : "50354", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50354" "name": "50355",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/50355"
"name" : "50355", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50355" "name": "[oss-security] 20081029 Re: CVE request for ecryptfs",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2008/10/29/4"
"name" : "oval:org.mitre.oval:def:9607", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607" "name": "32382",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32382"
"name" : "32382", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32382" "name": "50354",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/50354"
"name" : "36552", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36552" "name": "ecryptfsutils-setupprivate-info-disclosure(46073)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073"
"name" : "ecryptfsutils-setupprivate-info-disclosure(46073)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46073" "name": "49334",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/49334"
} },
} {
"name": "RHSA-2009:1307",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1307.html"
},
{
"name": "36552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36552"
},
{
"name": "oval:org.mitre.oval:def:9607",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9607"
},
{
"name": "50353",
"refsource": "OSVDB",
"url": "http://osvdb.org/50353"
}
]
}
}

130
2008/5xxx/CVE-2008-5655.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5655", "ID": "CVE-2008-5655",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ADV-2008-3075", "description_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3075" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) delete_folder and (2) delete_link parameters to unspecified vectors, possibly to (a) plugins/bookmarker/bookmarker_backend.php or (b) ajaxp.php, different vectors than CVE-2008-5654. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "easybookmarker-multiple-sql-injection(47684)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47684" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "easybookmarker-multiple-sql-injection(47684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47684"
},
{
"name": "ADV-2008-3075",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3075"
}
]
}
}

160
2008/5xxx/CVE-2008-5727.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5727", "ID": "CVE-2008-5727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7559", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7559" "lang": "eng",
}, "value": "SQL injection vulnerability in modules/auth/password_recovery.php in AIST NetCat 3.12 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the query string."
{ }
"name" : "32990", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50965", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/50965" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4818", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4818" ]
}, },
{ "references": {
"name" : "netcat-passwordrecovery-sql-injection(47575)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47575" "name": "7559",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/7559"
} },
} {
"name": "32990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32990"
},
{
"name": "50965",
"refsource": "OSVDB",
"url": "http://osvdb.org/50965"
},
{
"name": "netcat-passwordrecovery-sql-injection(47575)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47575"
},
{
"name": "4818",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4818"
}
]
}
}

170
2008/5xxx/CVE-2008-5756.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5756", "ID": "CVE-2008-5756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7592", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7592" "lang": "eng",
}, "value": "Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file."
{ }
"name" : "33023", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-3519", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3519" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33327", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/33327" ]
}, },
{ "references": {
"name" : "4838", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4838" "name": "4838",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4838"
"name" : "hexworkshop-cmap-bo(47630)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47630" "name": "33327",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33327"
} },
} {
"name": "hexworkshop-cmap-bo(47630)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47630"
},
{
"name": "ADV-2008-3519",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3519"
},
{
"name": "7592",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7592"
},
{
"name": "33023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33023"
}
]
}
}

170
2008/5xxx/CVE-2008-5939.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5939", "ID": "CVE-2008-5939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7204", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7204" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure."
{ }
"name" : "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32436", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32436" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4940", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4940" ]
}, },
{ "references": {
"name" : "ADV-2008-3236", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3236" "name": "7204",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/7204"
"name" : "modx-index-id-xss(46796)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46796" "name": "ADV-2008-3236",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/3236"
} },
} {
"name": "4940",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4940"
},
{
"name": "modx-index-id-xss(46796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46796"
},
{
"name": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt",
"refsource": "CONFIRM",
"url": "http://svn.modxcms.com/svn/tattoo/tattoo/releases/0.9.6.3/install/changelog.txt"
},
{
"name": "32436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32436"
}
]
}
}

34
2011/2xxx/CVE-2011-2017.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-2017", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-2017",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

34
2011/2xxx/CVE-2011-2052.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2052", "ID": "CVE-2011-2052",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2011/2xxx/CVE-2011-2309.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2011-2309", "ID": "CVE-2011-2309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Health Sciences - Oracle Clinical, Remote Data Capture component in Oracle Industry Applications 4.6 and 4.6.2 allows remote attackers to affect integrity, related to RDC Help."
{ }
"name" : "46508", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/46508" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html"
},
{
"name": "46508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46508"
}
]
}
}

34
2011/3xxx/CVE-2011-3308.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3308", "ID": "CVE-2011-3308",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2011/3xxx/CVE-2011-3432.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2011-3432", "ID": "CVE-2011-3432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT4999", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4999" "lang": "eng",
}, "value": "The UIKit Alerts component in Apple iOS before 5 allows remote attackers to cause a denial of service (device hang) via a long tel: URL that triggers a large size for the acceptance dialog."
{ }
"name" : "APPLE-SA-2011-10-12-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76335", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/76335" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "appleios-utkit-dos(70561)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70561" ]
} },
] "references": {
} "reference_data": [
} {
"name": "APPLE-SA-2011-10-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2011//Oct/msg00001.html"
},
{
"name": "76335",
"refsource": "OSVDB",
"url": "http://osvdb.org/76335"
},
{
"name": "appleios-utkit-dos(70561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70561"
},
{
"name": "http://support.apple.com/kb/HT4999",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4999"
}
]
}
}

140
2011/3xxx/CVE-2011-3805.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3805", "ID": "CVE-2011-3805",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by include/language/zh/register_info.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/taskfreak-multi-mysql-0.6", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/taskfreak-multi-mysql-0.6" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/taskfreak-multi-mysql-0.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/taskfreak-multi-mysql-0.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
}

130
2013/0xxx/CVE-2013-0398.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0398", "ID": "CVE-2013-0398",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality via unknown vectors related to Utility/Remote Execution Server (in.rexecd)."
{ }
"name" : "oval:org.mitre.oval:def:19037", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19037" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19037",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19037"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
}
]
}
}

410
2013/0xxx/CVE-2013-0426.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-0426", "ID": "CVE-2013-0426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to incorrect \"access control checks\" in the logging API that allow remote attackers to bypass Java sandbox restrictions."
{ }
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346", ]
"refsource" : "CONFIRM", },
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de", ]
"refsource" : "CONFIRM", }
"url" : "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "MDVSA-2013:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"
"name" : "HPSBUX02864", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "SSRT101156",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "SSRT101156", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136570436423916&w=2" "name": "oval:org.mitre.oval:def:15888",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15888"
"name" : "HPSBMU02874", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "TA13-032A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA13-032A.html"
"name" : "HPSBUX02857", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "oval:org.mitre.oval:def:19484",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19484"
"name" : "SSRT101103", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136439120408139&w=2" "name": "RHSA-2013:0236",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0236.html"
"name" : "SSRT101184", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=136733161405818&w=2" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "MDVSA-2013:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:095" "name": "VU#858729",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/858729"
"name" : "RHSA-2013:0236", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0236.html" "name": "SUSE-SU-2013:0478",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html"
"name" : "RHSA-2013:0237", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0237.html" "name": "RHSA-2013:0237",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0237.html"
"name" : "RHSA-2013:0245", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0245.html" "name": "HPSBUX02857",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "RHSA-2013:0246", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0246.html" "name": "RHSA-2013:0247",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0247.html"
"name" : "RHSA-2013:0247", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0247.html" "name": "57711",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/57711"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "HPSBMU02874",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de",
}, "refsource": "CONFIRM",
{ "url": "http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce105dd2e4de"
"name" : "openSUSE-SU-2013:0312", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html" "name": "SSRT101103",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136439120408139&w=2"
"name" : "openSUSE-SU-2013:0377", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html" "name": "openSUSE-SU-2013:0312",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00014.html"
"name" : "SUSE-SU-2013:0478", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00034.html" "name": "openSUSE-SU-2013:0377",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00001.html"
"name" : "TA13-032A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-032A.html" "name": "RHSA-2013:0246",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0246.html"
"name" : "VU#858729", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/858729" "name": "oval:org.mitre.oval:def:19471",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19471"
"name" : "57711", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57711" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "oval:org.mitre.oval:def:15888", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15888" "name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346",
}, "refsource": "CONFIRM",
{ "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=907346"
"name" : "oval:org.mitre.oval:def:19261", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19261" "name": "oval:org.mitre.oval:def:19261",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19261"
"name" : "oval:org.mitre.oval:def:19471", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19471" "name": "HPSBUX02864",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=136570436423916&w=2"
"name" : "oval:org.mitre.oval:def:19484", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19484" "name": "RHSA-2013:0245",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0245.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpufeb2013-1841061.html"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea6-1.11/file/icedtea6-1.11.6/NEWS"
},
{
"name": "SSRT101184",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136733161405818&w=2"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0056"
}
]
}
}

150
2013/0xxx/CVE-2013-0883.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0883", "ID": "CVE-2013-0883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html" "lang": "eng",
}, "value": "Skia, as used in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to cause a denial of service (incorrect read operation) via unspecified vectors."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=142169", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=142169" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2013:0454", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16499", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16499" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/02/stable-channel-update_21.html"
},
{
"name": "oval:org.mitre.oval:def:16499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16499"
},
{
"name": "openSUSE-SU-2013:0454",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00045.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=142169",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=142169"
}
]
}
}

150
2013/0xxx/CVE-2013-0928.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2013-0928", "ID": "CVE-2013-0928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP \"run command\" operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html" "lang": "eng",
}, "value": "The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP \"run command\" operation."
{ }
"name" : "34756", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/34756" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-13-033/", "description": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-13-033/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57472", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/57472" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20130118 ESA-2013-008: EMC AlphaStor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0078.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-13-033/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-13-033/"
},
{
"name": "57472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57472"
},
{
"name": "34756",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/34756"
}
]
}
}

120
2013/0xxx/CVE-2013-0939.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2013-0939", "ID": "CVE-2013-0939",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html" "lang": "eng",
} "value": "EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 allow remote attackers to obtain sensitive information via vectors involving cross-origin frame navigation, related to a \"Cross Frame Scripting\" issue."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130509 ESA-2013-021: EMC Documentum Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0037.html"
}
]
}
}

190
2013/0xxx/CVE-2013-0998.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-0998", "ID": "CVE-2013-0998",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5766", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5766" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2013-05-16-1."
{ }
"name" : "http://support.apple.com/kb/HT5785", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5934", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5934" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-05-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2013-06-04-2", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html" "name": "http://support.apple.com/kb/HT5785",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5785"
"name" : "APPLE-SA-2013-09-18-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html" "name": "oval:org.mitre.oval:def:17300",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17300"
"name" : "oval:org.mitre.oval:def:17300", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17300" "name": "54886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54886"
"name" : "54886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54886" "name": "http://support.apple.com/kb/HT5934",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT5934"
} },
} {
"name": "APPLE-SA-2013-06-04-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT5766",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5766"
},
{
"name": "APPLE-SA-2013-05-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/May/msg00000.html"
},
{
"name": "APPLE-SA-2013-09-18-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html"
}
]
}
}

170
2013/1xxx/CVE-2013-1066.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2013-1066", "ID": "CVE-2013-1066",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://launchpad.net/ubuntu/+source/language-selector/0.110.1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/ubuntu/+source/language-selector/0.110.1" "lang": "eng",
}, "value": "language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and 0.79.x before 0.79.4 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a PolkitUnixProcess PolkitSubject race condition via a (1) setuid process or (2) pkexec process, a related issue to CVE-2013-4288."
{ }
"name" : "https://launchpad.net/ubuntu/+source/language-selector/0.79.4", ]
"refsource" : "CONFIRM", },
"url" : "https://launchpad.net/ubuntu/+source/language-selector/0.79.4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://launchpad.net/ubuntu/+source/language-selector/0.90.1", "description": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/ubuntu/+source/language-selector/0.90.1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-1958-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-1958-1" ]
}, },
{ "references": {
"name" : "54911", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54911" "name": "https://launchpad.net/ubuntu/+source/language-selector/0.90.1",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/ubuntu/+source/language-selector/0.90.1"
"name" : "languageselector-cve20131066-sec-bypass(87379)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87379" "name": "languageselector-cve20131066-sec-bypass(87379)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87379"
} },
} {
"name": "https://launchpad.net/ubuntu/+source/language-selector/0.110.1",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/language-selector/0.110.1"
},
{
"name": "USN-1958-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1958-1"
},
{
"name": "https://launchpad.net/ubuntu/+source/language-selector/0.79.4",
"refsource": "CONFIRM",
"url": "https://launchpad.net/ubuntu/+source/language-selector/0.79.4"
},
{
"name": "54911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54911"
}
]
}
}

130
2013/1xxx/CVE-2013-1068.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2013-1068", "ID": "CVE-2013-1068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "USN-2247-1", "description_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2247-1" "lang": "eng",
}, "value": "The OpenStack Nova (python-nova) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder (python-cinder) package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properly set the sudo configuration, which makes it easier for attackers to gain privileges by leveraging another vulnerability."
{ }
"name" : "USN-2248-1", ]
"refsource" : "UBUNTU", },
"url" : "http://ubuntu.com/usn/usn-2248-1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2248-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-2248-1"
},
{
"name": "USN-2247-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2247-1"
}
]
}
}

170
2013/1xxx/CVE-2013-1367.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-1367", "ID": "CVE-2013-1367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html" "lang": "eng",
}, "value": "Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0642, CVE-2013-0645, CVE-2013-1365, CVE-2013-1366, CVE-2013-1368, CVE-2013-1369, CVE-2013-1370, CVE-2013-1372, and CVE-2013-1373."
{ }
"name" : "RHSA-2013:0254", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0296", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0295", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0298", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html" "name": "SUSE-SU-2013:0296",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
"name" : "TA13-043A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html" "name": "RHSA-2013:0254",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
} },
} {
"name": "openSUSE-SU-2013:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name": "openSUSE-SU-2013:0298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name": "TA13-043A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
}
]
}
}

34
2013/1xxx/CVE-2013-1866.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1866", "ID": "CVE-2013-1866",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2013/4xxx/CVE-2013-4265.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4265", "ID": "CVE-2013-4265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a \"wrong return code\" and a resultant NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/08/21/11" "lang": "eng",
}, "value": "The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a \"wrong return code\" and a resultant NULL pointer dereference."
{ }
"name" : "http://www.ffmpeg.org/security.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ffmpeg.org/security.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201603-06", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201603-06" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20130821 Re: CVE Request: FFmpeg 2.0.1 multiple problems",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/08/21/11"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55"
}
]
}
}

160
2013/4xxx/CVE-2013-4465.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4465", "ID": "CVE-2013-4465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/10/23/6" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
{ }
"name" : "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/10/25/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/SimpleMachines/SMF2.1/issues/701", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/SimpleMachines/SMF2.1/issues/701" ]
}, },
{ "references": {
"name" : "63275", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63275" "name": "https://github.com/SimpleMachines/SMF2.1/issues/701",
} "refsource": "CONFIRM",
] "url": "https://github.com/SimpleMachines/SMF2.1/issues/701"
} },
} {
"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource": "CONFIRM",
"url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
},
{
"name": "63275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63275"
},
{
"name": "[oss-security] 20131024 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/3"
},
{
"name": "[oss-security] 20131022 Re: CVE Request: Simple Machines Forum (SMF) Remote file inclusion vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/6"
}
]
}
}

140
2013/4xxx/CVE-2013-4878.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4878", "ID": "CVE-2013-4878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130605 Plesk Apache Zeroday Remote Exploit", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Jun/21" "lang": "eng",
}, "value": "The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823."
{ }
"name" : "http://kb.parallels.com/116241", ]
"refsource" : "CONFIRM", },
"url" : "http://kb.parallels.com/116241" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#673343", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/673343" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20130605 Plesk Apache Zeroday Remote Exploit",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/21"
},
{
"name": "VU#673343",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/673343"
},
{
"name": "http://kb.parallels.com/116241",
"refsource": "CONFIRM",
"url": "http://kb.parallels.com/116241"
}
]
}
}

34
2013/5xxx/CVE-2013-5289.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5289", "ID": "CVE-2013-5289",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/5xxx/CVE-2013-5412.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5412", "ID": "CVE-2013-5412",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/5xxx/CVE-2013-5744.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5744", "ID": "CVE-2013-5744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131009 Cross-Site Scripting (XSS) in Feng Office", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter."
{ }
"name" : "https://www.htbridge.com/advisory/HTB23174", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.com/advisory/HTB23174" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23174",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23174"
},
{
"name": "20131009 Cross-Site Scripting (XSS) in Feng Office",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0031.html"
}
]
}
}

140
2017/0xxx/CVE-2017-0098.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0098", "ID": "CVE-2017-0098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hyper-V", "product_name": "Hyper-V",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016" "version_value": "Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka \"Hyper-V Denial of Service Vulnerability.\" This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098" "lang": "eng",
}, "value": "Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka \"Hyper-V Denial of Service Vulnerability.\" This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099."
{ }
"name" : "96642", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96642" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037999", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037999" "lang": "eng",
} "value": "Denial of Service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0098"
},
{
"name": "96642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96642"
},
{
"name": "1037999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037999"
}
]
}
}

146
2017/0xxx/CVE-2017-0451.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0451", "ID": "CVE-2017-0451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Kernel-3.10" "version_value": "Kernel-3.10"
}, },
{ {
"version_value" : "Kernel-3.18" "version_value": "Kernel-3.18"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-02-01.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-02-01.html" "lang": "eng",
}, "value": "An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31796345. References: QC-CR#1073129."
{ }
"name" : "96108", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96108" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037798", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037798" "lang": "eng",
} "value": "Information disclosure"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037798",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037798"
},
{
"name": "96108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96108"
},
{
"name": "https://source.android.com/security/bulletin/2017-02-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-02-01.html"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000078.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.328668", "DATE_ASSIGNED": "2017-05-06T20:43:28.328668",
"ID" : "CVE-2017-1000078", "ID": "CVE-2017-1000078",
"REQUESTER" : "mathias.morbitzer@aisec.fraunhofer.de", "REQUESTER": "mathias.morbitzer@aisec.fraunhofer.de",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ONOS", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.8, 1.9.0 and latest" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux foundation" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wiki.onosproject.org/display/ONOS/Security+advisories", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.onosproject.org/display/ONOS/Security+advisories" "lang": "eng",
} "value": "Linux foundation ONOS 1.9 is vulnerable to XSS in the device. registration"
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.onosproject.org/display/ONOS/Security+advisories",
"refsource": "CONFIRM",
"url": "https://wiki.onosproject.org/display/ONOS/Security+advisories"
}
]
}
}

124
2017/1000xxx/CVE-2017-1000087.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.309464", "DATE_ASSIGNED": "2017-08-22T17:29:33.309464",
"ID" : "CVE-2017-1000087", "ID": "CVE-2017-1000087",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins GitHub Branch Source Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0.7 and earlier; 2.2.0-beta-1 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins GitHub Branch Source Plugin" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2017-07-10/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2017-07-10/" "lang": "eng",
} "value": "GitHub Branch Source provides a list of applicable credential IDs to allow users configuring a job to select the one they'd like to use. This functionality did not check permissions, allowing any user with Overall/Read permission to get a list of valid credentials IDs. Those could be used as part of an attack to capture the credentials using another vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2017-07-10/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-07-10/"
}
]
}
}

34
2017/1000xxx/CVE-2017-1000440.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1000440", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1000440",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-14976. Reason: This candidate is a reservation duplicate of CVE-2017-14976. Notes: All CVE users should reference CVE-2017-14976 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

34
2017/12xxx/CVE-2017-12038.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12038", "ID": "CVE-2017-12038",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/12xxx/CVE-2017-12114.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00", "DATE_PUBLIC": "2018-01-09T00:00:00",
"ID" : "CVE-2017-12114", "ID": "CVE-2017-12114",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "CPP-Ethereum", "product_name": "CPP-Ethereum",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768" "version_value": "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authorization bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466" "lang": "eng",
}, "value": "An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability."
{ }
"name" : "102475", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102475" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "authorization bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0466"
},
{
"name": "102475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102475"
}
]
}
}

130
2017/12xxx/CVE-2017-12291.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12291", "ID": "CVE-2017-12291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Registered Envelope Service", "product_name": "Cisco Registered Envelope Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Registered Envelope Service" "version_value": "Cisco Registered Envelope Service"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res" "lang": "eng",
}, "value": "Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an undesired web page. The vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit these vulnerabilities by persuading a user to click a malicious link or by sending an HTTP request that could cause the affected service to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web interface of the affected system or allow the attacker to access sensitive browser-based information on the affected system. These types of exploits could also be used in phishing attacks that send users to malicious websites without their knowledge. Cisco Bug IDs: CSCve77195, CSCve90978, CSCvf42310, CSCvf42703, CSCvf42723, CSCvf46169, CSCvf49999."
{ }
"name" : "101863", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101863" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-res"
},
{
"name": "101863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101863"
}
]
}
}

120
2017/12xxx/CVE-2017-12473.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12473", "ID": "CVE-2017-12473",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with \"wrong L values.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/cn-uofbasel/ccn-lite/issues/139", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/cn-uofbasel/ccn-lite/issues/139" "lang": "eng",
} "value": "ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers to cause a denial of service (application crash) via vectors involving packets with \"wrong L values.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cn-uofbasel/ccn-lite/issues/139",
"refsource": "CONFIRM",
"url": "https://github.com/cn-uofbasel/ccn-lite/issues/139"
}
]
}
}

130
2017/12xxx/CVE-2017-12579.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12579", "ID": "CVE-2017-12579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43223", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43223/" "lang": "eng",
}, "value": "An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell."
{ }
"name" : "https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html", ]
"refsource" : "MISC", },
"url" : "https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html",
"refsource": "MISC",
"url": "https://m4.rkw.io/blog/cve201712579-local-root-privesc-in-hashicorp-vagrantvmwarefusion-4024.html"
},
{
"name": "43223",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43223/"
}
]
}
}

34
2017/13xxx/CVE-2017-13423.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13423", "ID": "CVE-2017-13423",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/13xxx/CVE-2017-13608.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13608", "ID": "CVE-2017-13608",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/16xxx/CVE-2017-16193.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16193", "ID": "CVE-2017-16193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "mfrs node module", "product_name": "mfrs node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/mfrs", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/mfrs" "lang": "eng",
}, "value": "mfrs is a static file server. mfrs is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/437", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/437" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/mfrs",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/mfrs"
},
{
"name": "https://nodesecurity.io/advisories/437",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/437"
}
]
}
}

132
2017/16xxx/CVE-2017-16215.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16215", "ID": "CVE-2017-16215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "sgqserve node module", "product_name": "sgqserve node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/sgqserve", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/sgqserve" "lang": "eng",
}, "value": "sgqserve is a simple file server. sgqserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the url."
{ }
"name" : "https://nodesecurity.io/advisories/419", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/419" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/419",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/419"
},
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/sgqserve",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/sgqserve"
}
]
}
}

130
2017/16xxx/CVE-2017-16579.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16579", "ID": "CVE-2017-16579",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.3.2.25013" "version_value": "8.3.2.25013"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-890", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-890" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG2000 images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5244."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-890",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-890"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2017/16xxx/CVE-2017-16706.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16706", "ID": "CVE-2017-16706",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/16xxx/CVE-2017-16923.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16923", "ID": "CVE-2017-16923",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the \"sub_A6E8 usbeject_process_entry\" function executes a system function with untrusted input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Iolop/Poc/tree/master/Router/Tenda", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Iolop/Poc/tree/master/Router/Tenda" "lang": "eng",
} "value": "Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to execute arbitrary OS commands via a crafted cgi-bin/luci/usbeject?dev_name= GET request from the LAN. This occurs because the \"sub_A6E8 usbeject_process_entry\" function executes a system function with untrusted input."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Iolop/Poc/tree/master/Router/Tenda",
"refsource": "MISC",
"url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda"
}
]
}
}

34
2017/4xxx/CVE-2017-4225.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4225", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4225",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4464.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4464", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4464",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/4xxx/CVE-2017-4837.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4837", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4837",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18060.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18060", "ID": "CVE-2018-18060",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18081.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18081", "ID": "CVE-2018-18081",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/18xxx/CVE-2018-18269.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18269", "ID": "CVE-2018-18269",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }