admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:03:23 +00:00
parent 56e98ade2c
commit 9f4027283e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3616 additions and 3616 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

228
2002/0xxx/CVE-2002-0073.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0073", "ID": "CVE-2002-0073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html" "lang": "eng",
}, "value": "The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters."
{ }
"name" : "20020417 Microsoft FTP Service STAT Globbing DoS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=101901273810598&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.digitaloffense.net/msftpd/advisory.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.digitaloffense.net/msftpd/advisory.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS02-018", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" ]
}, },
{ "references": {
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", "reference_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" "name": "iis-ftp-session-status-dos(8801)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/8801.php"
"name" : "CA-2002-09", },
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2002-09.html" "name": "20020417 Microsoft FTP Service STAT Globbing DoS",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=101901273810598&w=2"
"name" : "VU#412203", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/412203" "name": "VU#412203",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/412203"
"name" : "4482", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4482" "name": "20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html"
"name" : "3328", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3328" "name": "oval:org.mitre.oval:def:24",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24"
"name" : "oval:org.mitre.oval:def:24", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24" "name": "3328",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/3328"
"name" : "oval:org.mitre.oval:def:35", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35" "name": "MS02-018",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
"name" : "iis-ftp-session-status-dos(8801)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8801.php" "name": "oval:org.mitre.oval:def:35",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35"
} },
{
"name": "4482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4482"
},
{
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "http://www.digitaloffense.net/msftpd/advisory.txt",
"refsource": "MISC",
"url": "http://www.digitaloffense.net/msftpd/advisory.txt"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
}
]
}
} }

138
2002/1xxx/CVE-2002-1043.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1043", "ID": "CVE-2002-1043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject (\"\\t\\t\")."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020711 Popcorn vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html" "lang": "eng",
}, "value": "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject (\"\\t\\t\")."
{ }
"name" : "popcorn-mail-dos(9547)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9547.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5212", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5212" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "popcorn-mail-dos(9547)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9547.php"
},
{
"name": "20020711 Popcorn vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html"
},
{
"name": "5212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5212"
}
]
}
} }

158
2002/1xxx/CVE-2002-1518.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1518", "ID": "CVE-2002-1518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020903-01-P", "description_data": [
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P" "lang": "eng",
}, "value": "mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories."
{ }
"name" : "N-004", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/n-004.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5893", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5893" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8580", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/8580" ]
}, },
{ "references": {
"name" : "irix-mv-directory-insecure(10276)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10276.php" "name": "N-004",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/n-004.shtml"
} },
{
"name": "irix-mv-directory-insecure(10276)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10276.php"
},
{
"name": "5893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5893"
},
{
"name": "8580",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8580"
},
{
"name": "20020903-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P"
}
]
}
} }

148
2002/1xxx/CVE-2002-1609.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1609", "ID": "CVE-2002-1609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "SSRT2275", "description_data": [
"refsource" : "HP", {
"url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" "lang": "eng",
}, "value": "Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to gain privileges."
{ }
"name" : "SSRT0796U", ]
"refsource" : "HP", },
"url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#602009", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/602009" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "tru64-multiple-binaries-bo(10016)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016" ]
} },
] "references": {
} "reference_data": [
{
"name": "SSRT2275",
"refsource": "HP",
"url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name": "SSRT0796U",
"refsource": "HP",
"url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name": "VU#602009",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/602009"
},
{
"name": "tru64-multiple-binaries-bo(10016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016"
}
]
}
} }

338
2003/0xxx/CVE-2003-0096.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0096", "ID": "CVE-2003-0096",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104549743326864&w=2" "lang": "eng",
}, "value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
{ }
"name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)", ]
"refsource" : "VULNWATCH", }
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html" ]
}, },
{ "references": {
"name" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/advisories/ora-bfilebo.txt" "name": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
"name" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt", },
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt" "name": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt",
}, "refsource": "MISC",
{ "url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
"name" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt", },
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/advisories/ora-tzofstbo.txt" "name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf" "name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
"name" : "VU#840666", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/840666" "name": "VU#743954",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/743954"
"name" : "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104549782327321&w=2" "name": "6850",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6850"
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf" "name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104549743326864&w=2"
"name" : "VU#743954", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/743954" "name": "oracle-bfilename-directory-bo(11325)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/11325.php"
"name" : "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104550346303295&w=2" "name": "VU#840666",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/840666"
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf" "name": "CA-2003-05",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2003-05.html"
"name" : "VU#663786", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/663786" "name": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
"name" : "CA-2003-05", },
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-05.html" "name": "N-046",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
"name" : "N-046", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-046.shtml" "name": "oracle-totimestamptz-bo(11327)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/11327.php"
"name" : "6847", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6847" "name": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
"name" : "6848", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6848" "name": "http://www.nextgenss.com/advisories/ora-bfilebo.txt",
}, "refsource": "MISC",
{ "url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
"name" : "6850", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6850" "name": "6847",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6847"
"name" : "oracle-bfilename-directory-bo(11325)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11325.php" "name": "oracle-tzoffset-bo(11326)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/11326.php"
"name" : "oracle-tzoffset-bo(11326)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11326.php" "name": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt",
}, "refsource": "MISC",
{ "url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
"name" : "oracle-totimestamptz-bo(11327)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/11327.php" "name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
} "refsource": "VULNWATCH",
] "url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
} },
{
"name": "6848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104550346303295&w=2"
},
{
"name": "VU#663786",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104549782327321&w=2"
}
]
}
} }

32
2003/0xxx/CVE-2003-0884.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0884", "ID": "CVE-2003-0884",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2003/1xxx/CVE-2003-1112.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1112", "ID": "CVE-2003-1112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/" "lang": "eng",
}, "value": "The Session Initiation Protocol (SIP) implementation in Ingate Firewall and Ingate SIParator before 3.1.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS c07-sip test suite."
{ }
"name" : "CA-2003-06", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2003-06.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#528719", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/528719" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6904", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6904" ]
}, },
{ "references": {
"name" : "sip-invite(11379)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379" "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/",
} "refsource": "MISC",
] "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/"
} },
{
"name": "VU#528719",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/528719"
},
{
"name": "CA-2003-06",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-06.html"
},
{
"name": "6904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6904"
},
{
"name": "sip-invite(11379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11379"
}
]
}
} }

178
2003/1xxx/CVE-2003-1157.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1157", "ID": "CVE-2003-1157",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/343040" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFrame XP Server 1.0 allows remote attackers to inject arbitrary web script or HTML via the NFuse_Message parameter."
{ }
"name" : "8939", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8939" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27948", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27948" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2762", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/2762" ]
}, },
{ "references": {
"name" : "10127", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10127" "name": "10127",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/10127"
"name" : "metaframe-error-message-xss(13569)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569" "name": "8939",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/8939"
"name" : "citrix-webmanager-login-xss(40782)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782" "name": "20031031 IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/343040"
} },
{
"name": "2762",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2762"
},
{
"name": "citrix-webmanager-login-xss(40782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40782"
},
{
"name": "metaframe-error-message-xss(13569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13569"
},
{
"name": "27948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27948"
}
]
}
} }

168
2004/2xxx/CVE-2004-2113.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2113", "ID": "CVE-2004-2113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040126 Directory traversal and XSS in BremsServer 1.2.4", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107513747107031&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL."
{ }
"name" : "9491", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9491" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3754", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3754" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1008853", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1008853" ]
}, },
{ "references": {
"name" : "10731", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10731" "name": "9491",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/9491"
"name" : "bremsserver-xss(14953)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14953" "name": "20040126 Directory traversal and XSS in BremsServer 1.2.4",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=107513747107031&w=2"
} },
{
"name": "3754",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3754"
},
{
"name": "10731",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10731"
},
{
"name": "bremsserver-xss(14953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14953"
},
{
"name": "1008853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1008853"
}
]
}
} }

158
2004/2xxx/CVE-2004-2339.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2339", "ID": "CVE-2004-2339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040218 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/354392" "lang": "eng",
}, "value": "** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed."
{ }
"name" : "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1009128", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1009128" ]
}, },
{ "references": {
"name" : "win-kernel-gain-privileges(15263)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263" "name": "1009128",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1009128"
} },
{
"name": "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0529.html"
},
{
"name": "20040218 Multiple WinXP kernel vulns can give user mode programs kernel mode privileges",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/354392"
},
{
"name": "20040219 RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-02/0530.html"
},
{
"name": "win-kernel-gain-privileges(15263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15263"
}
]
}
} }

128
2012/0xxx/CVE-2012-0032.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0032", "ID": "CVE-2012-0032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=772514", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=772514" "lang": "eng",
}, "value": "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials."
{ }
"name" : "RHSA-2012:0406", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0406.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:0406",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=772514",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514"
}
]
}
} }

128
2012/0xxx/CVE-2012-0095.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0095", "ID": "CVE-2012-0095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

148
2012/0xxx/CVE-2012-0529.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0529", "ID": "CVE-2012-0529",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1026954", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026954" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48882", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48882" ]
} },
] "references": {
} "reference_data": [
{
"name": "48882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48882"
},
{
"name": "1026954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026954"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

148
2012/0xxx/CVE-2012-0776.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-0776", "ID": "CVE-2012-0776",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html" "lang": "eng",
}, "value": "The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors."
{ }
"name" : "TA12-101B", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15270", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15270" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026908", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026908" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html"
},
{
"name": "TA12-101B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html"
},
{
"name": "oval:org.mitre.oval:def:15270",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15270"
},
{
"name": "1026908",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026908"
}
]
}
} }

188
2012/0xxx/CVE-2012-0802.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0802", "ID": "CVE-2012-0802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/01/23/5" "lang": "eng",
}, "value": "Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to \"serious errors in the usage of snprintf()/vsnprintf()\" in which the return values may be larger than the size of the buffer."
{ }
"name" : "[spamdyke-release] 20120115 New version: spamdyke 4.3.0", ]
"refsource" : "MLIST", },
"url" : "http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.spamdyke.org/documentation/Changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.spamdyke.org/documentation/Changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201203-01", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-201203-01.xml" ]
}, },
{ "references": {
"name" : "51440", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51440" "name": "47548",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47548"
"name" : "78351", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/78351" "name": "[oss-security] 20120123 Re: CVE request: spamdyke buffer overflow vulnerability",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/01/23/5"
"name" : "47548", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47548" "name": "51440",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51440"
"name" : "48257", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48257" "name": "78351",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/78351"
} },
{
"name": "[spamdyke-release] 20120115 New version: spamdyke 4.3.0",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/spamdyke-release@spamdyke.org/msg00014.html"
},
{
"name": "48257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48257"
},
{
"name": "http://www.spamdyke.org/documentation/Changelog.txt",
"refsource": "CONFIRM",
"url": "http://www.spamdyke.org/documentation/Changelog.txt"
},
{
"name": "GLSA-201203-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201203-01.xml"
}
]
}
} }

188
2012/0xxx/CVE-2012-0813.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0813", "ID": "CVE-2012-0813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/01/26/13" "lang": "eng",
}, "value": "Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information."
{ }
"name" : "[oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/01/26/14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682", "description": [
"refsource" : "MISC", {
"url" : "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417", ]
"refsource" : "MISC", }
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417" ]
}, },
{ "references": {
"name" : "https://launchpad.net/wicd/+announcement/9570", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/wicd/+announcement/9570" "name": "https://launchpad.net/wicd/+announcement/9570",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/wicd/+announcement/9570"
"name" : "GLSA-201206-08", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201206-08.xml" "name": "[oss-security] 20120126 Re: CVE request: wicd writes sensitive information in log files (password, passphrase...)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/01/26/14"
"name" : "51703", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51703" "name": "51703",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51703"
"name" : "49657", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49657" "name": "49657",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/49657"
} },
{
"name": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682",
"refsource": "MISC",
"url": "http://bazaar.launchpad.net/~wicd-devel/wicd/experimental/revision/682"
},
{
"name": "[oss-security] 20120126 CVE request: wicd writes sensitive information in log files (password, passphrase...)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/26/13"
},
{
"name": "GLSA-201206-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201206-08.xml"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652417"
}
]
}
} }

228
2012/1xxx/CVE-2012-1033.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1033", "ID": "CVE-2012-1033",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.isc.org/software/bind/advisories/cve-2012-1033", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.isc.org/software/bind/advisories/cve-2012-1033" "lang": "eng",
}, "value": "The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a \"ghost domain names\" attack."
{ }
"name" : "HPSBUX02835", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=135638082529878&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100763", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135638082529878&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:0717", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0717.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:0863", "reference_data": [
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15136456" "name": "HPSBUX02835",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135638082529878&w=2"
"name" : "openSUSE-SU-2012:0864", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15136477" "name": "isc-bind-update-sec-bypass(73053)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73053"
"name" : "VU#542123", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/542123" "name": "https://www.isc.org/software/bind/advisories/cve-2012-1033",
}, "refsource": "CONFIRM",
{ "url": "https://www.isc.org/software/bind/advisories/cve-2012-1033"
"name" : "51898", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51898" "name": "1026647",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026647"
"name" : "78916", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78916" "name": "47884",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/47884"
"name" : "1026647", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026647" "name": "SSRT100763",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135638082529878&w=2"
"name" : "47884", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47884" "name": "openSUSE-SU-2012:0864",
}, "refsource": "SUSE",
{ "url": "https://hermes.opensuse.org/messages/15136477"
"name" : "isc-bind-update-sec-bypass(73053)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73053" "name": "78916",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/78916"
} },
{
"name": "RHSA-2012:0717",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0717.html"
},
{
"name": "VU#542123",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/542123"
},
{
"name": "openSUSE-SU-2012:0863",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15136456"
},
{
"name": "51898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51898"
}
]
}
} }

32
2012/1xxx/CVE-2012-1287.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1287", "ID": "CVE-2012-1287",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2012/1xxx/CVE-2012-1760.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-1760", "ID": "CVE-2012-1760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54529", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54529" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "83918", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/83918" ]
}, },
{ "references": {
"name" : "1027267", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027267" "name": "1027267",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027267"
"name" : "siebelcrm-uiframe-dos(77036)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77036" "name": "54529",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/54529"
} },
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "siebelcrm-uiframe-dos(77036)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77036"
},
{
"name": "83918",
"refsource": "OSVDB",
"url": "http://osvdb.org/83918"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

118
2012/4xxx/CVE-2012-4971.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4971", "ID": "CVE-2012-4971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html" "lang": "eng",
} "value": "Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_id parameter to editrequestuser.asp; the (3) sys_request_id parameter to enduseractions.asp; the (4) sys_request_id or (5) confirm parameter to enduserreopenrequeststatus.asp; the (6) searchsql, (7) back, or (8) status parameter to enduserrequests.asp; the (9) sys_userpwd parameter to validateenduserlogin.asp; the (10) sys_userpwd parameter to validateuserlogin.asp; the (11) sql parameter to editenduseruser.asp; the (12) sql parameter to manageenduserrequestclasses.asp; the (13) sql parameter to resetpwdenduser.asp; the (14) sql parameter to disableloginenduser.asp; the (15) sql parameter to deleteenduseruser.asp; the (16) sql parameter to manageendusers.asp; or the (17) site parameter to statsrequestagereport.asp."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/helpbox-sql-injection.html"
}
]
}
} }

32
2012/5xxx/CVE-2012-5027.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5027", "ID": "CVE-2012-5027",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

518
2012/5xxx/CVE-2012-5073.json
View File

@ -1,262 +1,262 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-5073", "ID": "CVE-2012-5073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", ]
"refsource" : "CONFIRM", }
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" ]
}, },
{ "references": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037" "name": "51313",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51313"
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786", },
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786" "name": "SUSE-SU-2012:1398",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html" "name": "GLSA-201406-32",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name" : "GLSA-201406-32", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml" "name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html"
"name" : "HPSBUX02832", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" "name": "RHSA-2012:1466",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
"name" : "SSRT101042", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2" "name": "RHSA-2012:1386",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1386.html"
"name" : "HPSBOV02833", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" "name": "51315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51315"
"name" : "SSRT101043", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2" "name": "51438",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51438"
"name" : "RHSA-2012:1385", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1385.html" "name": "51141",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51141"
"name" : "RHSA-2012:1386", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1386.html" "name": "SSRT101043",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
"name" : "RHSA-2012:1391", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html" "name": "SUSE-SU-2012:1490",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html"
"name" : "RHSA-2012:1392", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
"name" : "RHSA-2012:1465", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html" "name": "openSUSE-SU-2012:1423",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html"
"name" : "RHSA-2012:1466", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "RHSA-2012:1467", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html" "name": "RHSA-2012:1391",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "51029",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51029"
"name" : "SUSE-SU-2012:1490", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00011.html" "name": "HPSBOV02833",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
"name" : "openSUSE-SU-2012:1423", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00023.html" "name": "javaruntimeenvironment-lib-cve20125073(79432)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79432"
"name" : "SUSE-SU-2012:1398", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html" "name": "51166",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51166"
"name" : "SUSE-SU-2012:1595", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html" "name": "51390",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51390"
"name" : "SUSE-SU-2012:1489", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html" "name": "RHSA-2012:1392",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html"
"name" : "56080", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56080" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
"name" : "oval:org.mitre.oval:def:16466", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16466" "name": "SUSE-SU-2012:1489",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html"
"name" : "51028", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51028" "name": "SUSE-SU-2012:1595",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html"
"name" : "51029", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51029" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
"name" : "51141", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51141" "name": "51327",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51327"
"name" : "51313", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51313" "name": "56080",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56080"
"name" : "51315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51315" "name": "oval:org.mitre.oval:def:16466",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16466"
"name" : "51326", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51326" "name": "RHSA-2012:1467",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
"name" : "51327", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51327" "name": "RHSA-2012:1465",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
"name" : "51328", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51328" "name": "51328",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51328"
"name" : "51390", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51390" "name": "SSRT101042",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
"name" : "51393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51393" "name": "51028",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51028"
"name" : "51438", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51438" "name": "RHSA-2013:1456",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name" : "51166", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51166" "name": "51393",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51393"
"name" : "javaruntimeenvironment-lib-cve20125073(79432)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79432" "name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
} },
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
},
{
"name": "RHSA-2012:1385",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1385.html"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name": "HPSBUX02832",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
}
]
}
} }

32
2012/5xxx/CVE-2012-5735.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5735", "ID": "CVE-2012-5735",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

146
2017/1002xxx/CVE-2017-1002005.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2017-03-08", "DATE_ASSIGNED": "2017-03-08",
"ID" : "CVE-2017-1002005", "ID": "CVE-2017-1002005",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z" "UPDATED": "2017-08-10T14:41Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DTracker", "product_name": "DTracker",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "1.5" "version_value": "1.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ITFlux" "vendor_name": "ITFlux"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.vapidlabs.com/advisory.php?v=183", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.vapidlabs.com/advisory.php?v=183" "lang": "eng",
}, "value": "Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/delete.php user input isn't sanitized via the contact_id variable before adding it to the end of an SQL query."
{ }
"name" : "https://wordpress.org/plugins/dtracker/", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/dtracker/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96781", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96781" "lang": "eng",
} "value": "SQL Injection"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "96781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96781"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=183",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=183"
},
{
"name": "https://wordpress.org/plugins/dtracker/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/dtracker/"
}
]
}
} }

128
2017/3xxx/CVE-2017-3134.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@fortinet.com", "ASSIGNER": "psirt@fortinet.com",
"ID" : "CVE-2017-3134", "ID": "CVE-2017-3134",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Fortinet FortiWLC-SD", "product_name": "Fortinet FortiWLC-SD",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "FortiWLC-SD versions 8.2.4 and below" "version_value": "FortiWLC-SD versions 8.2.4 and below"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Fortinet, Inc." "vendor_name": "Fortinet, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://fortiguard.com/psirt/FG-IR-17-097", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://fortiguard.com/psirt/FG-IR-17-097" "lang": "eng",
}, "value": "An escalation of privilege vulnerability in Fortinet FortiWLC-SD versions 8.2.4 and below allows attacker to gain root access via the CLI command 'copy running-config'."
{ }
"name" : "97603", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97603" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Escalation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-097",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-097"
},
{
"name": "97603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97603"
}
]
}
} }

32
2017/3xxx/CVE-2017-3710.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3710", "ID": "CVE-2017-3710",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/3xxx/CVE-2017-3963.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-3963", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-3963",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

158
2017/6xxx/CVE-2017-6355.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6355", "ID": "CVE-2017-6355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170227 CVE-2017-6355 Virglrenderer: integer overflow while creating shader object", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/02/27/3" "lang": "eng",
}, "value": "Integer overflow in the vrend_create_shader function in vrend_renderer.c in virglrenderer before 0.6.0 allows local guest OS users to cause a denial of service (process crash) via crafted pkt_length and offlen values, which trigger an out-of-bounds access."
{ }
"name" : "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0", ]
"refsource" : "MLIST", },
"url" : "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6", "description": [
"refsource" : "CONFIRM", {
"url" : "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201707-06", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201707-06" ]
}, },
{ "references": {
"name" : "96460", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96460" "name": "96460",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/96460"
} },
{
"name": "GLSA-201707-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-06"
},
{
"name": "[virglrenderer-devel] 20170210 [ANNOUNCE] virglrenderer 0.6.0",
"refsource": "MLIST",
"url": "https://lists.freedesktop.org/archives/virglrenderer-devel/2017-February/000145.html"
},
{
"name": "[oss-security] 20170227 CVE-2017-6355 Virglrenderer: integer overflow while creating shader object",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/27/3"
},
{
"name": "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6"
}
]
}
} }

138
2017/6xxx/CVE-2017-6626.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6626", "ID": "CVE-2017-6626",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Finesse for Cisco Unified Contact Center Enterprise", "product_name": "Cisco Finesse for Cisco Unified Contact Center Enterprise",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Finesse for Cisco Unified Contact Center Enterprise" "version_value": "Cisco Finesse for Cisco Unified Contact Center Enterprise"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-200"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce" "lang": "eng",
}, "value": "A vulnerability in the Cisco Finesse Notification Service for Cisco Unified Contact Center Enterprise (UCCE) 11.5(1) and 11.6(1) could allow an unauthenticated, remote attacker to retrieve information from agents using the Finesse Desktop. The vulnerability is due to the existence of a user account that has an undocumented, hard-coded password. An attacker could exploit this vulnerability by using the hard-coded credentials to subscribe to the Finesse Notification Service, which would allow the attacker to receive notifications when an agent signs in or out of the Finesse Desktop, when information about an agent changes, or when an agent's state changes. Cisco Bug IDs: CSCvc08314."
{ }
"name" : "98291", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98291" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038396", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038396" "lang": "eng",
} "value": "CWE-200"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-finesse-ucce"
},
{
"name": "98291",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98291"
},
{
"name": "1038396",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038396"
}
]
}
} }

138
2017/6xxx/CVE-2017-6955.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6955", "ID": "CVE-2017-6955",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855" "lang": "eng",
}, "value": "An issue was discovered in by-email/by-email.php in the Invite Anyone plugin before 1.3.15 for WordPress. A user is able to change the subject and the body of the invitation mail that should be immutable, which facilitates a social engineering attack."
{ }
"name" : "https://wordpress.org/plugins/invite-anyone/changelog/", ]
"refsource" : "CONFIRM", },
"url" : "https://wordpress.org/plugins/invite-anyone/changelog/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96965", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96965" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "96965",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96965"
},
{
"name": "https://wordpress.org/plugins/invite-anyone/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/invite-anyone/changelog/"
},
{
"name": "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855",
"refsource": "CONFIRM",
"url": "https://github.com/boonebgorges/invite-anyone/compare/2ed5266ad3ae40f8db39adf06f450bbad56e2eac...boonebgorges:6121de08df86c5005b657dd67e48aa02c7982855"
}
]
}
} }

128
2017/7xxx/CVE-2017-7132.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7132", "ID": "CVE-2017-7132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208221", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory consumption) via a crafted Office document."
{ }
"name" : "1039710", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039710" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "1039710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039710"
}
]
}
} }

148
2017/7xxx/CVE-2017-7246.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7246", "ID": "CVE-2017-7246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/" "lang": "eng",
}, "value": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file."
{ }
"name" : "GLSA-201710-25", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201710-25" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:2486", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2486" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97067", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97067" ]
} },
] "references": {
} "reference_data": [
{
"name": "97067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97067"
},
{
"name": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "GLSA-201710-25",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-25"
}
]
}
} }

188
2017/7xxx/CVE-2017-7375.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7375", "ID": "CVE-2017-7375",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa" "lang": "eng",
}, "value": "A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable)."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462203", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1462203" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://source.android.com/security/bulletin/2017-06-01", ]
"refsource" : "CONFIRM", }
"url" : "https://source.android.com/security/bulletin/2017-06-01" ]
}, },
{ "references": {
"name" : "DSA-3952", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-3952" "name": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa",
}, "refsource": "CONFIRM",
{ "url": "https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa"
"name" : "GLSA-201711-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201711-01" "name": "https://source.android.com/security/bulletin/2017-06-01",
}, "refsource": "CONFIRM",
{ "url": "https://source.android.com/security/bulletin/2017-06-01"
"name" : "98877", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98877" "name": "DSA-3952",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-3952"
"name" : "1038623", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038623" "name": "98877",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/98877"
} },
{
"name": "GLSA-201711-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-01"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462203"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
} }

118
2017/7xxx/CVE-2017-7576.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7576", "ID": "CVE-2017-7576",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.iancaling.com/post/159276197313/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.iancaling.com/post/159276197313/" "lang": "eng",
} "value": "DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting to the device via TELNET. This is fixed in recent versions including 1.4.8."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.iancaling.com/post/159276197313/",
"refsource": "MISC",
"url": "http://blog.iancaling.com/post/159276197313/"
}
]
}
} }

148
2017/7xxx/CVE-2017-7607.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7607", "ID": "CVE-2017-7607",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c" "lang": "eng",
}, "value": "The handle_gnu_hash function in readelf.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
{ }
"name" : "GLSA-201710-10", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201710-10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3670-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3670-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "98608", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/98608" ]
} },
] "references": {
} "reference_data": [
{
"name": "USN-3670-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3670-1/"
},
{
"name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c"
},
{
"name": "GLSA-201710-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-10"
},
{
"name": "98608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98608"
}
]
}
} }

118
2017/8xxx/CVE-2017-8401.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8401", "ID": "CVE-2017-8401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/matthiaskramm/swftools/issues/14", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/matthiaskramm/swftools/issues/14" "lang": "eng",
} "value": "In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/matthiaskramm/swftools/issues/14",
"refsource": "CONFIRM",
"url": "https://github.com/matthiaskramm/swftools/issues/14"
}
]
}
} }

130
2017/8xxx/CVE-2017-8962.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-10-27T00:00:00", "DATE_PUBLIC": "2017-10-27T00:00:00",
"ID" : "CVE-2017-8962", "ID": "CVE-2017-8962",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intelligent Management Center (iMC) PLAT", "product_name": "Intelligent Management Center (iMC) PLAT",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.3 E0504P2" "version_value": "7.3 E0504P2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Deserialization of Untrusted Data"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us" "lang": "eng",
}, "value": "A Deserialization of Untrusted Data vulnerability in Hewlett Packard Enterprise Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found."
{ }
"name" : "1039684", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1039684" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03787en_us"
},
{
"name": "1039684",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039684"
}
]
}
} }

128
2018/10xxx/CVE-2018-10018.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10018", "ID": "CVE-2018-10018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GDASPAMLib.AntiSpam ActiveX control ASK\\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45017", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45017/" "lang": "eng",
}, "value": "The GDASPAMLib.AntiSpam ActiveX control ASK\\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument."
{ }
"name" : "20180712 G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2018/Jul/55" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45017",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45017/"
},
{
"name": "20180712 G DATA TOTAL SECURITY v25.4.0.3 Activex Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/55"
}
]
}
} }

32
2018/10xxx/CVE-2018-10091.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10091", "ID": "CVE-2018-10091",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2018/10xxx/CVE-2018-10102.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10102", "ID": "CVE-2018-10102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html" "lang": "eng",
}, "value": "Before WordPress 4.9.5, the version string was not escaped in the get_the_generator function, and could lead to XSS in a generator tag."
{ }
"name" : "https://wpvulndb.com/vulnerabilities/9055", ]
"refsource" : "MISC", },
"url" : "https://wpvulndb.com/vulnerabilities/9055" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codex.wordpress.org/Version_4.9.5", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codex.wordpress.org/Version_4.9.5" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://core.trac.wordpress.org/changeset/42893", ]
"refsource" : "CONFIRM", }
"url" : "https://core.trac.wordpress.org/changeset/42893" ]
}, },
{ "references": {
"name" : "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d" "name": "103775",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/103775"
"name" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/", },
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/" "name": "https://wpvulndb.com/vulnerabilities/9055",
}, "refsource": "MISC",
{ "url": "https://wpvulndb.com/vulnerabilities/9055"
"name" : "DSA-4193", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4193" "name": "1040836",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040836"
"name" : "103775", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103775" "name": "DSA-4193",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4193"
"name" : "1040836", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040836" "name": "https://core.trac.wordpress.org/changeset/42893",
} "refsource": "CONFIRM",
] "url": "https://core.trac.wordpress.org/changeset/42893"
} },
{
"name": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/"
},
{
"name": "[debian-lts-announce] 20180427 [SECURITY] [DLA 1366-1] wordpress security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00031.html"
},
{
"name": "https://codex.wordpress.org/Version_4.9.5",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.9.5"
},
{
"name": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d"
}
]
}
} }

182
2018/10xxx/CVE-2018-10908.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sfowler@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-10908", "ID": "CVE-2018-10908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "vdsm", "product_name": "vdsm",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.20.37" "version_value": "4.20.37"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
}, }
{ },
"description" : [ "data_format": "MITRE",
{ "data_type": "CVE",
"lang" : "eng", "data_version": "4.0",
"value" : "CWE-770" "description": {
} "description_data": [
{
"lang": "eng",
"value": "It was found that vdsm before version 4.20.37 invokes qemu-img on untrusted inputs without limiting resources. By uploading a specially crafted image, an attacker could cause the qemu-img process to consume unbounded amounts of memory of CPU time, causing a denial of service condition that could potentially impact other users of the host."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
] ]
} ]
] },
}, "problemtype": {
"references" : { "problemtype_data": [
"reference_data" : [ {
{ "description": [
"name" : "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html", {
"refsource" : "MISC", "lang": "eng",
"url" : "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html" "value": "CWE-20"
}, }
{ ]
"name" : "https://gerrit.ovirt.org/#/c/93195/", },
"refsource" : "MISC", {
"url" : "https://gerrit.ovirt.org/#/c/93195/" "description": [
}, {
{ "lang": "eng",
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908", "value": "CWE-770"
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908" ]
}, }
{ ]
"name" : "RHEA-2018:2624", },
"refsource" : "REDHAT", "references": {
"url" : "https://access.redhat.com/errata/RHEA-2018:2624" "reference_data": [
} {
] "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908",
} "refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10908"
},
{
"name": "RHEA-2018:2624",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:2624"
},
{
"name": "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html",
"refsource": "MISC",
"url": "http://lists.nongnu.org/archive/html/qemu-block/2018-07/msg00488.html"
},
{
"name": "https://gerrit.ovirt.org/#/c/93195/",
"refsource": "MISC",
"url": "https://gerrit.ovirt.org/#/c/93195/"
}
]
}
} }

128
2018/13xxx/CVE-2018-13529.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13529", "ID": "CVE-2018-13529",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for BetterThanAdrien, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/BetterThanAdrien"
}
]
}
} }

128
2018/13xxx/CVE-2018-13545.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13545", "ID": "CVE-2018-13545",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for HashShield, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/HashShield"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}
} }

32
2018/17xxx/CVE-2018-17119.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17119", "ID": "CVE-2018-17119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/17xxx/CVE-2018-17365.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17365", "ID": "CVE-2018-17365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.51cto.com/13770310/2177226", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.51cto.com/13770310/2177226" "lang": "eng",
} "value": "SeaCMS 6.64 allows remote attackers to delete arbitrary files via the filedir parameter."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.51cto.com/13770310/2177226",
"refsource": "MISC",
"url": "http://blog.51cto.com/13770310/2177226"
}
]
}
} }

160
2018/17xxx/CVE-2018-17480.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-17480", "ID": "CVE-2018-17480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "71.0.3578.80" "version_value": "71.0.3578.80"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/905940", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/905940" "lang": "eng",
}, "value": "Execution of user supplied Javascript during array deserialization leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4352", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4352" "lang": "eng",
}, "value": "Out of bounds write"
{ }
"name" : "RHSA-2018:3803", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" ]
}, },
{ "references": {
"name" : "106084", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/905940",
} "refsource": "MISC",
] "url": "https://crbug.com/905940"
} },
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
} }

32
2018/17xxx/CVE-2018-17558.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17558", "ID": "CVE-2018-17558",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/17xxx/CVE-2018-17710.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17710", "ID": "CVE-2018-17710",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/20xxx/CVE-2018-20001.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20001", "ID": "CVE-2018-20001",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1141", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1141" "lang": "eng",
} "value": "In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1141",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1141"
}
]
}
} }

32
2018/20xxx/CVE-2018-20111.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-20111", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-20111",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20254.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20254", "ID": "CVE-2018-20254",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9197.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9197", "ID": "CVE-2018-9197",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9395.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9395", "ID": "CVE-2018-9395",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9440.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9440", "ID": "CVE-2018-9440",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/9xxx/CVE-2018-9459.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-9459", "ID": "CVE-2018-9459",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1" "version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-08-01" "lang": "eng",
}, "value": "In Attachment of Attachment.java and getFilePath of EmlAttachmentProvider.java, there is a possible Elevation of Privilege due to a path traversal error. This could lead to a remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-66230183."
{ }
"name" : "1041432", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
} }

32
2018/9xxx/CVE-2018-9902.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9902", "ID": "CVE-2018-9902",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }