admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:11:17 +00:00
parent 0d19010006
commit 9e9f7c0185
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3545 additions and 3545 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0135.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020118 Timbuktu 6.0.1 and Older DoS Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/251582"
},
{
"name" : "3918",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3918"
},
{
"name" : "timbuktu-multiple-conn-dos(7935)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7935.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a series of connections to one of the ports (1417 - 1420)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020118 Timbuktu 6.0.1 and Older DoS Advisory",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/251582"
},
{
"name": "timbuktu-multiple-conn-dos(7935)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7935.php"
},
{
"name": "3918",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3918"
}
]
}
}

170
2002/0xxx/CVE-2002-0166.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-125",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-125"
},
{
"name" : "FreeBSD-SN-02:02",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
},
{
"name" : "RHSA-2002:059",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-059.html"
},
{
"name" : "analog-logfile-css(8656)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8656.php"
},
{
"name" : "4389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4389"
},
{
"name" : "2059",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SN-02:02",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc"
},
{
"name": "RHSA-2002:059",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-059.html"
},
{
"name": "analog-logfile-css(8656)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8656.php"
},
{
"name": "2059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2059"
},
{
"name": "DSA-125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-125"
},
{
"name": "4389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4389"
}
]
}
}

130
2002/2xxx/CVE-2002-2046.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020313 X_holes",
"refsource" : "VULN-DEV",
"url" : "http://seclists.org/lists/vuln-dev/2002/Mar/0156.html"
},
{
"name" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt",
"refsource" : "MISC",
"url" : "http://www.ifrance.com/kitetoua/tuto/x_holes.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers to gain administrative privileges by stealing and replaying the md5_password cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020313 X_holes",
"refsource": "VULN-DEV",
"url": "http://seclists.org/lists/vuln-dev/2002/Mar/0156.html"
},
{
"name": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt",
"refsource": "MISC",
"url": "http://www.ifrance.com/kitetoua/tuto/x_holes.txt"
}
]
}
}

160
2005/0xxx/CVE-2005-0550.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0550",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka \"Object Management Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-0550",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS05-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-018"
},
{
"name" : "oval:org.mitre.oval:def:1271",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1271"
},
{
"name" : "oval:org.mitre.oval:def:2043",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2043"
},
{
"name" : "oval:org.mitre.oval:def:4397",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4397"
},
{
"name" : "oval:org.mitre.oval:def:4832",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4832"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka \"Object Management Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:2043",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2043"
},
{
"name": "oval:org.mitre.oval:def:4397",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4397"
},
{
"name": "oval:org.mitre.oval:def:4832",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4832"
},
{
"name": "MS05-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-018"
},
{
"name": "oval:org.mitre.oval:def:1271",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1271"
}
]
}
}

160
2005/0xxx/CVE-2005-0571.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0571",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0571",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050224 Multiple vulns in punBB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110927754230666&w=2"
},
{
"name" : "http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt"
},
{
"name" : "http://www.punbb.org/download/patch/punbb-1.2.1_to_1.2.2.patch",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/download/patch/punbb-1.2.1_to_1.2.2.patch"
},
{
"name" : "14394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14394"
},
{
"name" : "punbb-file-disclosure(19478)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt"
},
{
"name": "punbb-file-disclosure(19478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19478"
},
{
"name": "14394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14394"
},
{
"name": "20050224 Multiple vulns in punBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110927754230666&w=2"
},
{
"name": "http://www.punbb.org/download/patch/punbb-1.2.1_to_1.2.2.patch",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/download/patch/punbb-1.2.1_to_1.2.2.patch"
}
]
}
}

160
2005/0xxx/CVE-2005-0761.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2005:070",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2005-070.html"
},
{
"name" : "SUSE-SA:2005:017",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
},
{
"name" : "12876",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12876"
},
{
"name" : "oval:org.mitre.oval:def:11150",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11150"
},
{
"name" : "1013550",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-070.html"
},
{
"name": "oval:org.mitre.oval:def:11150",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11150"
},
{
"name": "1013550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013550"
},
{
"name": "12876",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12876"
},
{
"name": "SUSE-SA:2005:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
}
]
}
}

120
2005/0xxx/CVE-2005-0801.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050317 Another includer.cgi problem?",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111109052121557&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050317 Another includer.cgi problem?",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111109052121557&w=2"
}
]
}
}

140
2005/0xxx/CVE-2005-0869.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111161017209422&w=2"
},
{
"name" : "14690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14690/"
},
{
"name" : "phpsysinfo-path-disclosure(19808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpsysinfo-path-disclosure(19808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19808"
},
{
"name": "14690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14690/"
},
{
"name": "20050323 [SECURITYREASON.COM] phpSysInfo 2.3 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111161017209422&w=2"
}
]
}
}

160
2005/1xxx/CVE-2005-1114.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1114",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1114",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111343406309969&w=2"
},
{
"name" : "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource" : "MISC",
"url" : "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name" : "13155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13155"
},
{
"name" : "15931",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15931"
},
{
"name" : "phpbb-multiple-modules-sql-injection(20086)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13155"
},
{
"name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111343406309969&w=2"
},
{
"name": "15931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15931"
},
{
"name": "phpbb-multiple-modules-sql-injection(20086)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20086"
}
]
}
}

150
2005/1xxx/CVE-2005-1324.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2005-0378",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0378"
},
{
"name" : "15789",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15789"
},
{
"name" : "15084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15084"
},
{
"name" : "phpmyvisites-index-xss(20255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpmyvisites-index-xss(20255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20255"
},
{
"name": "15789",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15789"
},
{
"name": "15084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15084"
},
{
"name": "ADV-2005-0378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0378"
}
]
}
}

160
2009/0xxx/CVE-2009-0245.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://usagi-project.org/PRESS/archives/57",
"refsource" : "CONFIRM",
"url" : "http://usagi-project.org/PRESS/archives/57"
},
{
"name" : "JVN#36802959",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN36802959/index.html"
},
{
"name" : "JVNDB-2009-000001",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000001.html"
},
{
"name" : "33145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33145"
},
{
"name" : "33409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2009-000001",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000001.html"
},
{
"name": "http://usagi-project.org/PRESS/archives/57",
"refsource": "CONFIRM",
"url": "http://usagi-project.org/PRESS/archives/57"
},
{
"name": "33409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33409"
},
{
"name": "JVN#36802959",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN36802959/index.html"
},
{
"name": "33145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33145"
}
]
}
}

150
2009/0xxx/CVE-2009-0371.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7879",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7879"
},
{
"name" : "33457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33457"
},
{
"name" : "ADV-2009-0247",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0247"
},
{
"name" : "sitexs-type-file-include(48236)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33457"
},
{
"name": "7879",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7879"
},
{
"name": "sitexs-type-file-include(48236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48236"
},
{
"name": "ADV-2009-0247",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0247"
}
]
}
}

140
2009/0xxx/CVE-2009-0826.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7689",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7689"
},
{
"name" : "33384",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33384"
},
{
"name" : "bloghelper-commondb-info-disclosure(47799)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47799"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BlogHelper stores common_db.inc under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7689",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7689"
},
{
"name": "33384",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33384"
},
{
"name": "bloghelper-commondb-info-disclosure(47799)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47799"
}
]
}
}

160
2009/0xxx/CVE-2009-0894.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic",
"refsource" : "MISC",
"url" : "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic"
},
{
"name" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c",
"refsource" : "CONFIRM",
"url" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c"
},
{
"name" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81",
"refsource" : "CONFIRM",
"url" : "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81"
},
{
"name" : "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7",
"refsource" : "CONFIRM",
"url" : "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7"
},
{
"name" : "35158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the decoder_create function in the initialization functionality in xvidcore/src/decoder.c in Xvid before 1.2.2, as used by Windows Media Player and other applications, allows remote attackers to execute arbitrary code via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c",
"refsource": "CONFIRM",
"url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c"
},
{
"name": "35158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35158"
},
{
"name": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81",
"refsource": "CONFIRM",
"url": "http://cvs.xvid.org/cvs/viewvc.cgi/xvidcore/src/decoder.c?r1=1.80&r2=1.81"
},
{
"name": "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7",
"refsource": "CONFIRM",
"url": "http://www.xvid.org/News.64.0.html?&cHash=0170b4e439&tx_ttnews[backPid]=64&tx_ttnews[tt_news]=7"
},
{
"name": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic",
"refsource": "MISC",
"url": "https://www.it-isac.org/postings/cyber/alertdetail.php?id=4635&selyear=2009&menutype=menupublic"
}
]
}
}

190
2009/0xxx/CVE-2009-0895.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091124 Novell eDirectory Remote Code Execution",
"refsource" : "ISS",
"url" : "http://www.iss.net/threats/356.html"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=524344",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=524344"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=545887",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=545887"
},
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=7004912",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=7004912"
},
{
"name" : "37184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37184"
},
{
"name" : "37554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37554"
},
{
"name" : "ADV-2009-3379",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3379"
},
{
"name" : "application-control-request-overflow(50616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3379",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3379"
},
{
"name": "37184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37184"
},
{
"name": "application-control-request-overflow(50616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50616"
},
{
"name": "20091124 Novell eDirectory Remote Code Execution",
"refsource": "ISS",
"url": "http://www.iss.net/threats/356.html"
},
{
"name": "37554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37554"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7004912",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7004912"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=524344",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=524344"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=545887",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=545887"
}
]
}
}

210
2009/1xxx/CVE-2009-1267.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0062-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "34457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34457"
},
{
"name" : "oval:org.mitre.oval:def:6099",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6099"
},
{
"name" : "1022027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022027"
},
{
"name" : "34778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34778"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "wireshark-ldap-home-dos(49814)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-02.html"
},
{
"name": "1022027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022027"
},
{
"name": "wireshark-ldap-home-dos(49814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49814"
},
{
"name": "34778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34778"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "20090417 rPSA-2009-0062-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
},
{
"name": "34457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34457"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
},
{
"name": "oval:org.mitre.oval:def:6099",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6099"
}
]
}
}

160
2009/1xxx/CVE-2009-1806.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-933.ibm.com/support/fixcentral/firmware/readme?fixid=MH01181",
"refsource" : "CONFIRM",
"url" : "http://www-933.ibm.com/support/fixcentral/firmware/readme?fixid=MH01181"
},
{
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4671",
"refsource" : "CONFIRM",
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4671"
},
{
"name" : "MB03011",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1MB03011"
},
{
"name" : "35113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35113"
},
{
"name" : "hmc-ams-unspecified(50910)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MB03011",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1MB03011"
},
{
"name": "35113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35113"
},
{
"name": "hmc-ams-unspecified(50910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50910"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4671",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4671"
},
{
"name": "http://www-933.ibm.com/support/fixcentral/firmware/readme?fixid=MH01181",
"refsource": "CONFIRM",
"url": "http://www-933.ibm.com/support/fixcentral/firmware/readme?fixid=MH01181"
}
]
}
}

280
2009/1xxx/CVE-2009-1855.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090610 ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504229/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-042",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-042"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name" : "GLSA-200907-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name" : "RHSA-2009:1109",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "SUSE-SA:2009:035",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html"
},
{
"name" : "TA09-161A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name" : "35274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35274"
},
{
"name" : "35282",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35282"
},
{
"name" : "1022361",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022361"
},
{
"name" : "34580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34580"
},
{
"name" : "35496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35496"
},
{
"name" : "35655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35655"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "35734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35734"
},
{
"name" : "ADV-2009-1547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35274"
},
{
"name": "20090610 ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504229/100/0/threaded"
},
{
"name": "ADV-2009-1547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1547"
},
{
"name": "35655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35655"
},
{
"name": "TA09-161A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "RHSA-2009:1109",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name": "SUSE-SA:2009:035",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00000.html"
},
{
"name": "1022361",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022361"
},
{
"name": "35282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35282"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "34580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34580"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-042",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-042"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35496"
}
]
}
}

130
2009/4xxx/CVE-2009-4861.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/supportpro-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/supportpro-xss.txt"
},
{
"name" : "36242",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36242"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0908-exploits/supportpro-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/supportpro-xss.txt"
},
{
"name": "36242",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36242"
}
]
}
}

34
2012/2xxx/CVE-2012-2237.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2237",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2237",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/3xxx/CVE-2012-3094.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"name" : "cisco-anyconnect-vpn-info-disc(78916)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78916"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN downloader in the download_install component in Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495 on Linux accepts arbitrary X.509 server certificates without user interaction, which allows remote attackers to obtain sensitive information via vectors involving an invalid certificate, aka Bug ID CSCua11967."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"name": "cisco-anyconnect-vpn-info-disc(78916)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78916"
}
]
}
}

150
2012/3xxx/CVE-2012-3258.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02813",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03490339"
},
{
"name" : "SSRT100712",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03490339"
},
{
"name" : "55594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55594"
},
{
"name" : "hp-oo-code-execution(78621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02813",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03490339"
},
{
"name": "hp-oo-code-execution(78621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78621"
},
{
"name": "55594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55594"
},
{
"name": "SSRT100712",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03490339"
}
]
}
}

180
2012/3xxx/CVE-2012-3752.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html"
},
{
"name" : "http://support.apple.com/kb/HT5581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5581"
},
{
"name" : "APPLE-SA-2012-11-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name" : "56557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56557"
},
{
"name" : "oval:org.mitre.oval:def:16121",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16121"
},
{
"name" : "51226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51226"
},
{
"name" : "quicktime-texml-file-bo(79899)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51226"
},
{
"name": "APPLE-SA-2012-11-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name": "56557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56557"
},
{
"name": "http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118359/Apple-QuickTime-7.7.2-TeXML-Style-Element-font-table-Field-Stack-Buffer-Overflow.html"
},
{
"name": "oval:org.mitre.oval:def:16121",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16121"
},
{
"name": "quicktime-texml-file-bo(79899)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79899"
},
{
"name": "http://support.apple.com/kb/HT5581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5581"
}
]
}
}

140
2012/4xxx/CVE-2012-4572.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2013:0833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name" : "RHSA-2013:0834",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0834.html"
},
{
"name" : "RHSA-2013:1437",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0833.html"
},
{
"name": "RHSA-2013:1437",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"
},
{
"name": "RHSA-2013:0834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0834.html"
}
]
}
}

130
2012/6xxx/CVE-2012-6396.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130110 Cisco Nexus 7000 Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6396"
},
{
"name" : "1028018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1028018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028018"
},
{
"name": "20130110 Cisco Nexus 7000 Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6396"
}
]
}
}

34
2012/6xxx/CVE-2012-6408.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6408",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6408",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

200
2012/6xxx/CVE-2012-6506.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18787",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18787"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop"
},
{
"name" : "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name" : "53278",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53278"
},
{
"name" : "81492",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81492"
},
{
"name" : "81493",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81493"
},
{
"name" : "48991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48991"
},
{
"name" : "zingiriwebshop-onecheckout-xss(75179)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179"
},
{
"name" : "zingiriwebshop-zinginc-xss(75178)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter in zing.inc.php or (2) notes parameter in fws/pages-front/onecheckout.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81493"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=537613%40zingiri-web-shop&new=537613%40zingiri-web-shop"
},
{
"name": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/zingiri-web-shop/changelog/"
},
{
"name": "53278",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53278"
},
{
"name": "48991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48991"
},
{
"name": "zingiriwebshop-onecheckout-xss(75179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75179"
},
{
"name": "zingiriwebshop-zinginc-xss(75178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75178"
},
{
"name": "18787",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18787"
},
{
"name": "81492",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81492"
}
]
}
}

160
2012/6xxx/CVE-2012-6563.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource" : "CONFIRM",
"url" : "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name" : "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource" : "CONFIRM",
"url" : "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name" : "53623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53623"
},
{
"name" : "49129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49129"
},
{
"name" : "elgg-multiple-security-bypass(75757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
"refsource": "CONFIRM",
"url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
},
{
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-multiple-security-bypass(75757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75757"
}
]
}
}

140
2012/6xxx/CVE-2012-6696.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150825 Re: CVE request: 2 issues in inspircd",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/26/1"
},
{
"name" : "https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89",
"refsource" : "CONFIRM",
"url" : "https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89"
},
{
"name" : "DSA-3226",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inspircd in Debian before 2.0.7 does not properly handle unsigned integers. NOTE: This vulnerability exists because of an incomplete fix to CVE-2012-1836."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150825 Re: CVE request: 2 issues in inspircd",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/26/1"
},
{
"name": "DSA-3226",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3226"
},
{
"name": "https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89",
"refsource": "CONFIRM",
"url": "https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89"
}
]
}
}

120
2015/5xxx/CVE-2015-5176.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2015:1543",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1543",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1543.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5454.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/132461/Nucleus-CMS-3.65-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132461/Nucleus-CMS-3.65-Cross-Site-Scripting.html"
},
{
"name" : "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf",
"refsource" : "MISC",
"url" : "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf"
},
{
"name" : "https://github.com/NucleusCMS/NucleusCMS/issues/83",
"refsource" : "CONFIRM",
"url" : "https://github.com/NucleusCMS/NucleusCMS/issues/83"
},
{
"name" : "75694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132461/Nucleus-CMS-3.65-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132461/Nucleus-CMS-3.65-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2015-5454/blob/master/nucleus.pdf"
},
{
"name": "75694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75694"
},
{
"name": "https://github.com/NucleusCMS/NucleusCMS/issues/83",
"refsource": "CONFIRM",
"url": "https://github.com/NucleusCMS/NucleusCMS/issues/83"
}
]
}
}

160
2017/2xxx/CVE-2017-2224.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Event Calendar WD",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 1.0.94"
}
]
}
}
]
},
"vendor_name" : "Web-Dorado"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Event Calendar WD",
"version": {
"version_data": [
{
"version_value": "prior to version 1.0.94"
}
]
}
}
]
},
"vendor_name": "Web-Dorado"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wpvulndb.com/vulnerabilities/8859",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8859"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/1671891/#file313",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset/1671891/#file313"
},
{
"name" : "https://wordpress.org/plugins/event-calendar-wd/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/event-calendar-wd/#developers"
},
{
"name" : "JVN#73550134",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN73550134/index.html"
},
{
"name" : "99155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/event-calendar-wd/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/event-calendar-wd/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8859",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8859"
},
{
"name": "99155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99155"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1671891/#file313",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1671891/#file313"
},
{
"name": "JVN#73550134",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN73550134/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2541.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

34
2017/2xxx/CVE-2017-2572.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2572",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2572",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

172
2017/2xxx/CVE-2017-2585.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-04-04T00:00:00",
"ID" : "CVE-2017-2585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "keycloak",
"version" : {
"version_data" : [
{
"version_value" : "2.5.1"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "None"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-04-04T00:00:00",
"ID": "CVE-2017-2585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "keycloak",
"version": {
"version_data": [
{
"version_value": "2.5.1"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412376",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1412376"
},
{
"name" : "RHSA-2017:0872",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0872"
},
{
"name" : "RHSA-2017:0873",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
"name" : "RHSA-2017:0876",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
"name" : "97393",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97393"
},
{
"name" : "1038180",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038180"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Red Hat Keycloak before version 2.5.1 has an implementation of HMAC verification for JWS tokens that uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "None"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:0876",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0876.html"
},
{
"name": "1038180",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038180"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1412376"
},
{
"name": "97393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97393"
},
{
"name": "RHSA-2017:0873",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0873"
},
{
"name": "RHSA-2017:0872",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0872"
}
]
}
}

132
2017/2xxx/CVE-2017-2736.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VCM5010",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier before V100R002C50SPC100"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VCM5010",
"version": {
"version_data": [
{
"version_value": "Versions earlier before V100R002C50SPC100"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
},
{
"name" : "97231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97231"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VCM5010 with software versions earlier before V100R002C50SPC100 has a command injection vulnerability. This is due to insufficient validation of user's input. An authenticated attacker could launch a command injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170329-01-vcm-en"
},
{
"name": "97231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97231"
}
]
}
}

140
2017/2xxx/CVE-2017-2943.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-2943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-2943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier.",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat Reader 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
},
{
"name" : "95345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95345"
},
{
"name" : "1037574",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037574"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability when processing tags in TIFF images. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95345"
},
{
"name": "1037574",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037574"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-01.html"
}
]
}
}

140
2018/11xxx/CVE-2018-11297.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Over-read in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c708606086490ca9b8fc1077f18782891a595ba9",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c708606086490ca9b8fc1077f18782891a595ba9"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01#qualcomm-components"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c708606086490ca9b8fc1077f18782891a595ba9",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c708606086490ca9b8fc1077f18782891a595ba9"
}
]
}
}

34
2018/11xxx/CVE-2018-11368.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/11xxx/CVE-2018-11406.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation",
"refsource" : "CONFIRM",
"url" : "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"
},
{
"name" : "DSA-4262",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4262"
},
{
"name" : "FEDORA-2018-96d770ddc9",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"
},
{
"name" : "FEDORA-2018-ba0b683c10",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"
},
{
"name" : "FEDORA-2018-eba0006df2",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Security component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. By default, a user's session is invalidated when the user is logged out. This behavior can be disabled through the invalidate_session option. In this case, CSRF tokens were not erased during logout which allowed for CSRF token fixation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2018-96d770ddc9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW/"
},
{
"name": "FEDORA-2018-ba0b683c10",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH/"
},
{
"name": "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation",
"refsource": "CONFIRM",
"url": "https://symfony.com/blog/cve-2018-11406-csrf-token-fixation"
},
{
"name": "FEDORA-2018-eba0006df2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV/"
},
{
"name": "DSA-4262",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4262"
}
]
}
}

120
2018/11xxx/CVE-2018-11615.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-11615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "npm mosca",
"version" : {
"version_data" : [
{
"version_value" : "2.8.1"
}
]
}
}
]
},
"vendor_name" : "npm"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20-Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-11615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "npm mosca",
"version": {
"version_data": [
{
"version_value": "2.8.1"
}
]
}
}
]
},
"vendor_name": "npm"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-583",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to deny service on vulnerable installations of npm mosca 2.8.1. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of topics. A crafted regular expression can cause the broker to crash. An attacker can leverage this vulnerability to deny access to the target system. Was ZDI-CAN-6306."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20-Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-583",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-583"
}
]
}
}

34
2018/14xxx/CVE-2018-14106.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14106",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14106",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14244.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-704",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-704"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the calculateNow method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6007."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-704",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-704"
}
]
}
}

34
2018/14xxx/CVE-2018-14323.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14323",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14323",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/15xxx/CVE-2018-15120.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45263",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45263/"
},
{
"name" : "[distributor-list] 20180820 A critical pango fix",
"refsource" : "MLIST",
"url" : "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
},
{
"name" : "http://173.193.139.3/xfce4-pdos.webm",
"refsource" : "MISC",
"url" : "http://173.193.139.3/xfce4-pdos.webm"
},
{
"name" : "https://github.com/GNOME/pango/blob/1.42.4/NEWS",
"refsource" : "CONFIRM",
"url" : "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
},
{
"name" : "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
"refsource" : "CONFIRM",
"url" : "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
},
{
"name" : "GLSA-201811-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-07"
},
{
"name" : "USN-3750-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3750-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45263",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45263/"
},
{
"name": "https://github.com/GNOME/pango/blob/1.42.4/NEWS",
"refsource": "CONFIRM",
"url": "https://github.com/GNOME/pango/blob/1.42.4/NEWS"
},
{
"name": "USN-3750-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3750-1/"
},
{
"name": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f",
"refsource": "CONFIRM",
"url": "https://github.com/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f"
},
{
"name": "GLSA-201811-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-07"
},
{
"name": "[distributor-list] 20180820 A critical pango fix",
"refsource": "MLIST",
"url": "https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html"
},
{
"name": "http://173.193.139.3/xfce4-pdos.webm",
"refsource": "MISC",
"url": "http://173.193.139.3/xfce4-pdos.webm"
}
]
}
}

160
2018/15xxx/CVE-2018-15592.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource" : "BUGTRAQ",
"url" : "https://seclists.org/bugtraq/2018/Oct/7"
},
{
"name" : "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Oct/1"
},
{
"name" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html"
},
{
"name" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html"
},
{
"name" : "https://community.ivanti.com/docs/DOC-69692",
"refsource" : "CONFIRM",
"url" : "https://community.ivanti.com/docs/DOC-69692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Ivanti Workspace Control before 10.3.10.0 and RES One Workspace. A local authenticated user can execute processes with elevated privileges via an unspecified attack vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.ivanti.com/docs/DOC-69692",
"refsource": "CONFIRM",
"url": "https://community.ivanti.com/docs/DOC-69692"
},
{
"name": "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149615/Ivanti-Workspace-Control-Named-Pipe-Privilege-Escalation.html"
},
{
"name": "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2018/Oct/7"
},
{
"name": "20181001 Ivanti Workspace Control local privilege escalation via Named Pipe",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Oct/1"
},
{
"name": "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html",
"refsource": "MISC",
"url": "https://www.securify.nl/en/advisory/SFY20180802/ivanti-workspace-control-local-privilege-escalation-via-named-pipe.html"
}
]
}
}

226
2018/15xxx/CVE-2018-15774.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-12-11T06:00:00.000Z",
"ID" : "CVE-2018-15774",
"STATE" : "PUBLIC",
"TITLE" : "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability "
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iDRAC ",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "iDRAC7",
"version_value" : "2.61.60.60"
},
{
"affected" : "<",
"version_name" : "iDRAC8",
"version_value" : "2.61.60.60"
},
{
"affected" : "<",
"version_name" : "iDRAC9",
"version_value" : "3.20.21.20"
},
{
"affected" : "<",
"version_name" : "iDRAC9",
"version_value" : "3.21.24.22"
},
{
"affected" : "<",
"version_name" : "iDRAC9",
"version_value" : "3.21.26.22"
},
{
"affected" : "<",
"version_name" : "iDRAC9 ",
"version_value" : "3.23.23.23 "
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 3.8,
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation vulnerability. "
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
"ID": "CVE-2018-15774",
"STATE": "PUBLIC",
"TITLE": "iDRAC7/iDRAC8/iDRAC9 - Privilege Escalation Vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC ",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "iDRAC7",
"version_value": "2.61.60.60"
},
{
"affected": "<",
"version_name": "iDRAC8",
"version_value": "2.61.60.60"
},
{
"affected": "<",
"version_name": "iDRAC9",
"version_value": "3.20.21.20"
},
{
"affected": "<",
"version_name": "iDRAC9",
"version_value": "3.21.24.22"
},
{
"affected": "<",
"version_name": "iDRAC9",
"version_value": "3.21.26.22"
},
{
"affected": "<",
"version_name": "iDRAC9 ",
"version_value": "3.23.23.23 "
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
"refsource" : "CONFIRM",
"url" : "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"name" : "106233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106233"
}
]
},
"source" : {
"discovery" : "EXTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 and iDRAC9 versions prior to 3.20.21.20, 3.21.24.22, 3.21.26.22, and 3.23.23.23 contain a privilege escalation vulnerability. An authenticated malicious iDRAC user with operator privileges could potentially exploit a permissions check flaw in the Redfish interface to gain administrator access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability. "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"name": "106233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106233"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}

34
2018/20xxx/CVE-2018-20073.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20073",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20073",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/8xxx/CVE-2018-8058.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md",
"refsource" : "MISC",
"url" : "https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via the pagedata parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md",
"refsource": "MISC",
"url": "https://github.com/ibey0nd/CVE/blob/master/CMS%20Made%20Simple%20Stored%20XSS%202.md"
}
]
}
}

170
2018/8xxx/CVE-2018-8324.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324"
},
{
"name" : "104650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104650"
},
{
"name" : "1041255",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka \"Microsoft Edge Information Disclosure Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8289, CVE-2018-8297, CVE-2018-8325."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041255"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8324"
},
{
"name": "104650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104650"
}
]
}
}

142
2018/8xxx/CVE-2018-8848.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-31T00:00:00",
"ID" : "CVE-2018-8848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "e-Alert Unit (non-medical device)",
"version" : {
"version_data" : [
{
"version_value" : "R2.1 and prior"
}
]
}
}
]
},
"vendor_name" : "Philips"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "INCORRECT DEFAULT PERMISSIONS CWE-276"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-31T00:00:00",
"ID": "CVE-2018-8848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "e-Alert Unit (non-medical device)",
"version": {
"version_data": [
{
"version_value": "R2.1 and prior"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
},
{
"name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource" : "CONFIRM",
"url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name" : "105194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INCORRECT DEFAULT PERMISSIONS CWE-276"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "CONFIRM",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105194"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
]
}
}