admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:53:28 +00:00
parent 5b8dc9caaf
commit afec2807c6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
70 changed files with 5382 additions and 5382 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0285.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0285", "ID": "CVE-2002-0285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Outlook Express 5.5 and 6.0 on Windows treats a carriage return (\"CR\") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020212 Outlook will see non-existing attachments", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101362077701164&w=2" "lang": "eng",
}, "value": "Outlook Express 5.5 and 6.0 on Windows treats a carriage return (\"CR\") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers."
{ }
"name" : "4092", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4092" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "outlook-express-return-bypass(8198)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8198.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "outlook-express-return-bypass(8198)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8198.php"
},
{
"name": "4092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4092"
},
{
"name": "20020212 Outlook will see non-existing attachments",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101362077701164&w=2"
}
]
}
}

140
2002/0xxx/CVE-2002-0405.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0405", "ID": "CVE-2002-0405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020527 Problems with various windows FTP servers", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/274279" "lang": "eng",
}, "value": "Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows remote attackers to cause a denial of service and possibly execute arbitrary code via a CWD command with a large number of . (dot) characters."
{ }
"name" : "broker-ftp-dot-bo(6673)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6673" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4864", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4864" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4864"
},
{
"name": "broker-ftp-dot-bo(6673)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6673"
},
{
"name": "20020527 Problems with various windows FTP servers",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274279"
}
]
}
}

140
2002/0xxx/CVE-2002-0754.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0754", "ID": "CVE-2002-0754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-02:07", "description_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc" "lang": "eng",
}, "value": "Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them."
{ }
"name" : "3919", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3919" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "kerberos5-k5su-elevate-privileges(7956)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7956.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-02:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc"
},
{
"name": "3919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3919"
},
{
"name": "kerberos5-k5su-elevate-privileges(7956)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7956.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0767.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0767", "ID": "CVE-2002-0767",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020613 simpleinit root exploit - file descriptor left open", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/276739" "lang": "eng",
}, "value": "simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges."
{ }
"name" : "5001", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5001" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "simpleinit-file-descriptor-open(9357)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9357.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "simpleinit-file-descriptor-open(9357)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9357.php"
},
{
"name": "5001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5001"
},
{
"name": "20020613 simpleinit root exploit - file descriptor left open",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276739"
}
]
}
}

290
2002/0xxx/CVE-2002-0838.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0838", "ID": "CVE-2002-0838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103305615613319&w=2" "lang": "eng",
}, "value": "Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier, (3) ggv 1.99.90 and earlier, (4) gnome-gv, and (5) kghostview in kdegraphics 2.2.2 and earlier, allows attackers to execute arbitrary code via a malformed (a) PDF or (b) PostScript file, which is processed by an unsafe call to sscanf."
{ }
"name" : "20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=103305778615625&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2002:207", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-207.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2002:212", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2002-212.html" ]
}, },
{ "references": {
"name" : "RHSA-2002:220", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-220.html" "name": "DSA-179",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-179"
"name" : "DSA-176", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-176" "name": "MDKSA-2002:069",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:069"
"name" : "DSA-179", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-179" "name": "http://www.kde.org/info/security/advisory-20021008-1.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kde.org/info/security/advisory-20021008-1.txt"
"name" : "DSA-182", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-182" "name": "CSSA-2002-053.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt"
"name" : "CSSA-2002-053.0", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-053.0.txt" "name": "DSA-182",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-182"
"name" : "CLA-2002:542", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542" "name": "CLA-2002:542",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000542"
"name" : "MDKSA-2002:069", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:069" "name": "20020926 iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103305615613319&w=2"
"name" : "MDKSA-2002:071", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2002:071" "name": "MDKSA-2002:071",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2002:071"
"name" : "20021017 GLSA: ggv", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103487806800388&w=2" "name": "5808",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5808"
"name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security", },
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security" "name": "DSA-176",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-176"
"name" : "http://www.kde.org/info/security/advisory-20021008-1.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.kde.org/info/security/advisory-20021008-1.txt" "name": "gv-sscanf-function-bo(10201)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/10201.php"
"name" : "VU#600777", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/600777" "name": "RHSA-2002:212",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-212.html"
"name" : "5808", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5808" "name": "RHSA-2002:220",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-220.html"
"name" : "gv-sscanf-function-bo(10201)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10201.php" "name": "RHSA-2002:207",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-207.html"
} },
} {
"name": "VU#600777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/600777"
},
{
"name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47780&zone_32=category:security"
},
{
"name": "20021017 GLSA: ggv",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103487806800388&w=2"
},
{
"name": "20020926 Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103305778615625&w=2"
}
]
}
}

290
2002/1xxx/CVE-2002-1219.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1219", "ID": "CVE-2002-1219",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8", "description_data": [
"refsource" : "ISS", {
"url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469" "lang": "eng",
}, "value": "Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR)."
{ }
"name" : "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=103713117612842&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.isc.org/products/BIND/bind-security.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.isc.org/products/BIND/bind-security.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2002-31", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2002-31.html" ]
}, },
{ "references": {
"name" : "VU#852283", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/852283" "name": "CA-2002-31",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-31.html"
"name" : "2002-11-21", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html" "name": "http://www.isc.org/products/BIND/bind-security.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.isc.org/products/BIND/bind-security.html"
"name" : "MDKSA-2002:077", },
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php" "name": "2002-11-21",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
"name" : "DSA-196", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-196" "name": "20021201-01-P",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P"
"name" : "CLA-2002:546", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546" "name": "6160",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6160"
"name" : "N-013", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-013.shtml" "name": "DSA-196",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-196"
"name" : "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)", },
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/300019" "name": "SSRT2408",
}, "refsource": "COMPAQ",
{ "url": "http://online.securityfocus.com/advisories/4999"
"name" : "SSRT2408", },
"refsource" : "COMPAQ", {
"url" : "http://online.securityfocus.com/advisories/4999" "name": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818",
}, "refsource": "CONFIRM",
{ "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818"
"name" : "20021201-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P" "name": "oval:org.mitre.oval:def:2539",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539"
"name" : "20021118 TSLSA-2002-0076 - bind", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103763574715133&w=2" "name": "20021118 TSLSA-2002-0076 - bind",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103763574715133&w=2"
"name" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818", },
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818" "name": "CLA-2002:546",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546"
"name" : "6160", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6160" "name": "20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)",
}, "refsource": "BUGTRAQ",
{ "url": "http://online.securityfocus.com/archive/1/300019"
"name" : "oval:org.mitre.oval:def:2539", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539" "name": "20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=103713117612842&w=2"
"name" : "bind-sig-rr-bo(10304)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10304" "name": "N-013",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/n-013.shtml"
} },
} {
"name": "VU#852283",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/852283"
},
{
"name": "bind-sig-rr-bo(10304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10304"
},
{
"name": "20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469"
},
{
"name": "MDKSA-2002:077",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php"
}
]
}
}

160
2002/1xxx/CVE-2002-1238.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1238", "ID": "CVE-2002-1238",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103679016031857&w=2" "lang": "eng",
}, "value": "Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/."
{ }
"name" : "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.idefense.com/advisory/11.08.02a.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/advisory/11.08.02a.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "6145", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/6145" ]
}, },
{ "references": {
"name" : "simple-server-file-access(10563)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10563" "name": "6145",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/6145"
} },
} {
"name": "simple-server-file-access(10563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10563"
},
{
"name": "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0065.html"
},
{
"name": "20021108 iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103679016031857&w=2"
},
{
"name": "http://www.idefense.com/advisory/11.08.02a.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/11.08.02a.txt"
}
]
}
}

150
2002/1xxx/CVE-2002-1600.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1600", "ID": "CVE-2002-1600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#181907", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/181907" "lang": "eng",
}, "value": "Directory traversal vulnerability in Mike Spice's My Classifieds (classifieds.cgi) before 1.3 allows remote attackers to overwrite arbitrary files via the category parameter."
{ }
"name" : "3855", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3855" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1003255", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1003255" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "myclassifieds-gain-privileges(7967)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7967.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "myclassifieds-gain-privileges(7967)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7967.php"
},
{
"name": "VU#181907",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/181907"
},
{
"name": "3855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3855"
},
{
"name": "1003255",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003255"
}
]
}
}

140
2002/1xxx/CVE-2002-1919.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1919", "ID": "CVE-2002-1919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020527 Re: VP-ASP shopping cart software.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html" "lang": "eng",
}, "value": "SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields."
{ }
"name" : "20020610 Re: VP-ASP shopping cart software.", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0061.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4861", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4861" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4861"
},
{
"name": "20020610 Re: VP-ASP shopping cart software.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0061.html"
},
{
"name": "20020527 Re: VP-ASP shopping cart software.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html"
}
]
}
}

140
2002/1xxx/CVE-2002-1980.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1980", "ID": "CVE-2002-1980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45707", "description_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45707" "lang": "eng",
}, "value": "Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors."
{ }
"name" : "5207", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5207" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "solaris-vold-bo(9545)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9545.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "solaris-vold-bo(9545)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9545.php"
},
{
"name": "45707",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F45707"
},
{
"name": "5207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5207"
}
]
}
}

140
2002/2xxx/CVE-2002-2020.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2020", "ID": "CVE-2002-2020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020617 External access to Netgear RP114 \"firewall\"", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html" "lang": "eng",
}, "value": "Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed."
{ }
"name" : "5036", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5036" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netgear-default-external-access(9371)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9371.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "5036",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5036"
},
{
"name": "20020617 External access to Netgear RP114 \"firewall\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html"
},
{
"name": "netgear-default-external-access(9371)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9371.php"
}
]
}
}

160
2002/2xxx/CVE-2002-2078.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2078", "ID": "CVE-2002-2078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FTGate Office 1.05 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long POP3 APOP USER command."
{ }
"name" : "http://www.security.nnov.ru/advisories/ftgate.asp", ]
"refsource" : "MISC", },
"url" : "http://www.security.nnov.ru/advisories/ftgate.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ftgate.com/knwldgbs/hotfix.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.ftgate.com/knwldgbs/hotfix.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4427", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/4427" ]
}, },
{ "references": {
"name" : "ftgate-apop-bo(8749)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8749.php" "name": "http://www.security.nnov.ru/advisories/ftgate.asp",
} "refsource": "MISC",
] "url": "http://www.security.nnov.ru/advisories/ftgate.asp"
} },
} {
"name": "4427",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4427"
},
{
"name": "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html"
},
{
"name": "ftgate-apop-bo(8749)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8749.php"
},
{
"name": "http://www.ftgate.com/knwldgbs/hotfix.htm",
"refsource": "CONFIRM",
"url": "http://www.ftgate.com/knwldgbs/hotfix.htm"
}
]
}
}

140
2002/2xxx/CVE-2002-2402.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2402", "ID": "CVE-2002-2402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SURECOM broadband router EP-4501 uses a default SNMP read community string of \"public\" and a default SNMP read/write community string of \"secret,\" which allows remote attackers to read and modify router configuration information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021113 Default SNMP community in Surecom Broadband Router", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103722782812519&w=2" "lang": "eng",
}, "value": "SURECOM broadband router EP-4501 uses a default SNMP read community string of \"public\" and a default SNMP read/write community string of \"secret,\" which allows remote attackers to read and modify router configuration information."
{ }
"name" : "6176", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6176" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "surecom-default-snmp-string(10621)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10621.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6176"
},
{
"name": "surecom-default-snmp-string(10621)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10621.php"
},
{
"name": "20021113 Default SNMP community in Surecom Broadband Router",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103722782812519&w=2"
}
]
}
}

150
2005/1xxx/CVE-2005-1018.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1018", "ID": "CVE-2005-1018",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050411 Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=232&type=vulnerabilities" "lang": "eng",
}, "value": "Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field."
{ }
"name" : "20050414 Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=111351851802682&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050217 RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/390760" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "13102", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/13102" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050414 Computer Associates BrightStor ARCserve Backup and BrightStor Enterprise Backup UniversalAgent buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111351851802682&w=2"
},
{
"name": "13102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13102"
},
{
"name": "20050217 RE: BrightStor ARCserve Backup buffer overflow PoC (fixes available)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/390760"
},
{
"name": "20050411 Computer Associates BrightStor ARCserve Backup UniversalAgent Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=232&type=vulnerabilities"
}
]
}
}

180
2005/1xxx/CVE-2005-1565.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1565", "ID": "CVE-2005-1565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111592031902962&w=2" "lang": "eng",
}, "value": "Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=287436", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=287436" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLSA-2005:1040", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "13605", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/13605" ]
}, },
{ "references": {
"name" : "ADV-2005-0533", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0533" "name": "CLSA-2005:1040",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001040"
"name" : "16427", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16427" "name": "20050512 Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=111592031902962&w=2"
"name" : "15338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15338" "name": "ADV-2005-0533",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/0533"
} },
} {
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=287436",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=287436"
},
{
"name": "15338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15338"
},
{
"name": "16427",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16427"
},
{
"name": "13605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13605"
}
]
}
}

130
2005/1xxx/CVE-2005-1674.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1674", "ID": "CVE-2005-1674",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050517 Help Center Live Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0" "lang": "eng",
}, "value": "Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php."
{ }
"name" : "http://www.gulftech.org/?node=research&article_id=00076-05172005", ]
"refsource" : "MISC", },
"url" : "http://www.gulftech.org/?node=research&article_id=00076-05172005" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research&article_id=00076-05172005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00076-05172005"
},
{
"name": "20050517 Help Center Live Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/398457/2005-05-15/2005-05-21/0"
}
]
}
}

240
2005/1xxx/CVE-2005-1747.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1747", "ID": "CVE-2005-1747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111695921212456&w=2" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password."
{ }
"name" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt", ]
"refsource" : "MISC", },
"url" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111695844803328&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt", ]
"refsource" : "MISC", }
"url" : "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt" ]
}, },
{ "references": {
"name" : "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111722298705561&w=2" "name": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html",
}, "refsource": "MISC",
{ "url": "http://www.appsecinc.com/resources/alerts/general/BEA-002.html"
"name" : "http://www.appsecinc.com/resources/alerts/general/BEA-001.html", },
"refsource" : "MISC", {
"url" : "http://www.appsecinc.com/resources/alerts/general/BEA-001.html" "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (1)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=111695921212456&w=2"
"name" : "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111722380313416&w=2" "name": "BEA05-80.00",
}, "refsource": "BEA",
{ "url": "http://dev2dev.bea.com/pub/advisory/130"
"name" : "http://www.appsecinc.com/resources/alerts/general/BEA-002.html", },
"refsource" : "MISC", {
"url" : "http://www.appsecinc.com/resources/alerts/general/BEA-002.html" "name": "15486",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15486"
"name" : "BEA05-80.00", },
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/130" "name": "20050527 [AppSecInc Advisory BEA05-V0101] BEA WebLogic Administration Console login page cross-site scripting vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=111722380313416&w=2"
"name" : "13717", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13717" "name": "1014049",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014049"
"name" : "ADV-2005-0607", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0607" "name": "ADV-2005-0607",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/0607"
"name" : "1014049", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014049" "name": "20050524 ACROS Security: HTML Injection in BEA WebLogic Server Console (2)",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=111695844803328&w=2"
"name" : "15486", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15486" "name": "13717",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/13717"
} },
} {
"name": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html",
"refsource": "MISC",
"url": "http://www.appsecinc.com/resources/alerts/general/BEA-001.html"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-2-PUB.txt"
},
{
"name": "20050527 [AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111722298705561&w=2"
},
{
"name": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt",
"refsource": "MISC",
"url": "http://www.acrossecurity.com/aspr/ASPR-2005-05-24-1-PUB.txt"
}
]
}
}

130
2005/1xxx/CVE-2005-1853.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-1853", "ID": "CVE-2005-1853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-770", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-770" "lang": "eng",
}, "value": "gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges."
{ }
"name" : "1014599", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/alerts/2005/Jul/1014599.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Jul/1014599.html"
},
{
"name": "DSA-770",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-770"
}
]
}
}

180
2009/0xxx/CVE-2009-0161.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0161", "ID": "CVE-2009-0161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3549", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3549" "lang": "eng",
}, "value": "The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 misinterprets an unspecified invalid response as a successful OCSP certificate validation, which might allow remote attackers to spoof certificate authentication via a revoked certificate."
{ }
"name" : "APPLE-SA-2009-05-12", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA09-133A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34926", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34926" ]
}, },
{ "references": {
"name" : "35074", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35074" "name": "http://support.apple.com/kb/HT3549",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3549"
"name" : "ADV-2009-1297", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1297" "name": "35074",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35074"
"name" : "macos-opensslocsp-weak-security(50592)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50592" "name": "APPLE-SA-2009-05-12",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
} },
} {
"name": "34926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34926"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "macos-opensslocsp-weak-security(50592)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50592"
}
]
}
}

520
2009/0xxx/CVE-2009-0584.json
View File

@ -1,262 +1,262 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-0584", "ID": "CVE-2009-0584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090319 rPSA-2009-0050-1 ghostscript", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501994/100/0/threaded" "lang": "eng",
}, "value": "icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using a device file for processing a crafted image file associated with large integer values for certain sizes, related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=261087", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=261087" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487744", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487744" ]
}, },
{ "references": {
"name" : "https://issues.rpath.com/browse/RPL-2991", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://issues.rpath.com/browse/RPL-2991" "name": "34381",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34381"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm" "name": "SUSE-SR:2009:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
"name" : "DSA-1746", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1746" "name": "34437",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34437"
"name" : "FEDORA-2009-2883", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html" "name": "34393",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34393"
"name" : "FEDORA-2009-2885", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-098.htm"
"name" : "FEDORA-2009-3011", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html" "name": "GLSA-200903-37",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml"
"name" : "FEDORA-2009-3031", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html" "name": "1021868",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1021868"
"name" : "GLSA-200903-37", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-37.xml" "name": "34266",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34266"
"name" : "MDVSA-2009:095", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095" "name": "34443",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34443"
"name" : "MDVSA-2009:096", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096" "name": "FEDORA-2009-3031",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00916.html"
"name" : "RHSA-2009:0345", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0345.html" "name": "DSA-1746",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1746"
"name" : "262288", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1" "name": "52988",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/52988"
"name" : "SUSE-SR:2009:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" "name": "ESB-2009.0259",
}, "refsource": "AUSCERT",
{ "url": "http://www.auscert.org.au/render.html?it=10666"
"name" : "USN-743-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-743-1" "name": "ADV-2009-0776",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0776"
"name" : "USN-757-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/757-1/" "name": "oval:org.mitre.oval:def:10544",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544"
"name" : "ESB-2009.0259", },
"refsource" : "AUSCERT", {
"url" : "http://www.auscert.org.au/render.html?it=10666" "name": "FEDORA-2009-2885",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00772.html"
"name" : "34184", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34184" "name": "262288",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-262288-1"
"name" : "52988", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52988" "name": "FEDORA-2009-3011",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00887.html"
"name" : "oval:org.mitre.oval:def:10544", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10544" "name": "34418",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34418"
"name" : "1021868", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021868" "name": "34729",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34729"
"name" : "34373", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34373" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0050"
"name" : "34381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34381" "name": "https://issues.rpath.com/browse/RPL-2991",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2991"
"name" : "34393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34393" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487744",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487744"
"name" : "34398", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34398" "name": "MDVSA-2009:095",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:095"
"name" : "34437", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34437" "name": "ADV-2009-0816",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0816"
"name" : "34418", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34418" "name": "34469",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34469"
"name" : "34266", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34266" "name": "35569",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35569"
"name" : "34443", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34443" "name": "ADV-2009-1708",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1708"
"name" : "34469", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34469" "name": "ghostscript-icclib-bo(49327)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327"
"name" : "34729", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34729" "name": "34184",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34184"
"name" : "35559", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35559" "name": "MDVSA-2009:096",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:096"
"name" : "35569", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35569" "name": "35559",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35559"
"name" : "ADV-2009-0776", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0776" "name": "34373",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34373"
"name" : "ADV-2009-0777", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0777" "name": "34398",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34398"
"name" : "ADV-2009-0816", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0816" "name": "USN-757-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/757-1/"
"name" : "ADV-2009-1708", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1708" "name": "http://bugs.gentoo.org/show_bug.cgi?id=261087",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=261087"
"name" : "ghostscript-icclib-bo(49327)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49327" "name": "RHSA-2009:0345",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2009-0345.html"
} },
} {
"name": "FEDORA-2009-2883",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00770.html"
},
{
"name": "ADV-2009-0777",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0777"
},
{
"name": "20090319 rPSA-2009-0050-1 ghostscript",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501994/100/0/threaded"
},
{
"name": "USN-743-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-743-1"
}
]
}
}

170
2009/1xxx/CVE-2009-1036.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1036", "ID": "CVE-2009-1036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/406314", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/406314" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI."
{ }
"name" : "http://drupal.org/node/405672", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/405672" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34168", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34168" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52786", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/52786" ]
}, },
{ "references": {
"name" : "34378", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34378" "name": "52786",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/52786"
"name" : "plus1-unspecified-csrf(49310)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310" "name": "34168",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34168"
} },
} {
"name": "http://drupal.org/node/405672",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/405672"
},
{
"name": "plus1-unspecified-csrf(49310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49310"
},
{
"name": "http://drupal.org/node/406314",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/406314"
},
{
"name": "34378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34378"
}
]
}
}

200
2009/1xxx/CVE-2009-1207.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1207", "ID": "CVE-2009-1207",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1", "description_data": [
"refsource" : "MISC", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1" "lang": "eng",
}, "value": "Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "253468", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34316", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34316" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:6183", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6183" "name": "solaris-dircmp-file-overwrite(49526)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49526"
"name" : "34558", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34558" "name": "34316",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34316"
"name" : "34813", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34813" "name": "ADV-2009-1105",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1105"
"name" : "ADV-2009-1105", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1105" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm"
"name" : "solaris-dircmp-file-overwrite(49526)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49526" "name": "oval:org.mitre.oval:def:6183",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6183"
} },
} {
"name": "34558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34558"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1"
},
{
"name": "253468",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1"
},
{
"name": "34813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34813"
}
]
}
}

160
2009/1xxx/CVE-2009-1423.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1423", "ID": "CVE-2009-1423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBGN02446", "description_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" "lang": "eng",
}, "value": "Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to cause a denial of service via unknown vectors, aka PR_39898, a different vulnerability than CVE-2009-1424 and CVE-2009-1425."
{ }
"name" : "SSRT090111", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=124751363528317&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1022536", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022536" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-1869", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/1869" ]
}, },
{ "references": {
"name" : "procurve-vpn-dos(51689)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51689" "name": "procurve-vpn-dos(51689)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51689"
} },
} {
"name": "ADV-2009-1869",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1869"
},
{
"name": "SSRT090111",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
},
{
"name": "1022536",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022536"
},
{
"name": "HPSBGN02446",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124751363528317&w=2"
}
]
}
}

470
2009/1xxx/CVE-2009-1891.json
View File

@ -1,237 +1,237 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1891", "ID": "CVE-2009-1891",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091113 rPSA-2009-0142-2 httpd mod_ssl", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/507857/100/0/threaded" "lang": "eng",
}, "value": "The mod_deflate module in Apache httpd 2.2.11 and earlier compresses large files until completion even after the associated network connection is closed, which allows remote attackers to cause a denial of service (CPU consumption)."
{ }
"name" : "[apache-httpd-dev] 20090628 mod_deflate DoS", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[apache-httpd-dev] 20090703 Re: mod_deflate DoS", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712", ]
"refsource" : "MISC", }
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=509125", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=509125" "name": "[apache-httpd-dev] 20090628 mod_deflate DoS",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=apache-httpd-dev&m=124621326524824&w=2"
"name" : "http://support.apple.com/kb/HT3937", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3937" "name": "FEDORA-2009-8812",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html"
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0142" "name": "SUSE-SA:2009:050",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142", },
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0142"
"name" : "PK91361", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361" "name": "35781",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35781"
"name" : "PK99480", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480" "name": "PK99480",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK99480"
"name" : "APPLE-SA-2009-11-09-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" "name": "oval:org.mitre.oval:def:12361",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361"
"name" : "DSA-1834", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1834" "name": "MDVSA-2009:149",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149"
"name" : "FEDORA-2009-8812", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html" "name": "PK91361",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK91361"
"name" : "GLSA-200907-04", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200907-04.xml" "name": "SSRT090208",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name" : "HPSBUX02612", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" "name": "RHSA-2009:1156",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1156.html"
"name" : "SSRT100345", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=129190899612998&w=2" "name": "35865",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35865"
"name" : "HPSBOV02683", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" "name": "ADV-2009-1841",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1841"
"name" : "SSRT090208", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" "name": "37152",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37152"
"name" : "MDVSA-2009:149", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:149" "name": "1022529",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022529"
"name" : "RHSA-2009:1148", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1148.html" "name": "[apache-httpd-dev] 20090703 Re: mod_deflate DoS",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=apache-httpd-dev&m=124661528519546&w=2"
"name" : "RHSA-2009:1156", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1156.html" "name": "DSA-1834",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1834"
"name" : "SUSE-SA:2009:050", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html" "name": "20091113 rPSA-2009-0142-2 httpd mod_ssl",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507857/100/0/threaded"
"name" : "USN-802-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-802-1" "name": "oval:org.mitre.oval:def:8632",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632"
"name" : "55782", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55782" "name": "HPSBUX02612",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
"name" : "oval:org.mitre.oval:def:8632", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8632" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534712"
"name" : "oval:org.mitre.oval:def:9248", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248" "name": "GLSA-200907-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"
"name" : "oval:org.mitre.oval:def:12361", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12361" "name": "HPSBOV02683",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name" : "1022529", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022529" "name": "http://wiki.rpath.com/Advisories:rPSA-2009-0142",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0142"
"name" : "35721", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35721" "name": "RHSA-2009:1148",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1148.html"
"name" : "35781", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35781" "name": "oval:org.mitre.oval:def:9248",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9248"
"name" : "35793", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35793" "name": "USN-802-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-802-1"
"name" : "35865", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35865" "name": "37221",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37221"
"name" : "37152", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37152" "name": "ADV-2009-3184",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3184"
"name" : "37221", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37221" "name": "SSRT100345",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"
"name" : "ADV-2009-1841", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1841" "name": "35793",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35793"
"name" : "ADV-2009-3184", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3184" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=509125",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=509125"
} },
} {
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "35721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35721"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "55782",
"refsource": "OSVDB",
"url": "http://osvdb.org/55782"
}
]
}
}

470
2012/0xxx/CVE-2012-0458.json
View File

@ -1,237 +1,237 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0458", "ID": "CVE-2012-0458",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html" "lang": "eng",
}, "value": "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict setting the home page through the dragging of a URL to the home button, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a javascript: URL that is later interpreted in the about:sessionrestore context."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718203", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=718203" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719994", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719994" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723808", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=723808" ]
}, },
{ "references": {
"name" : "DSA-2433", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2433" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-16.html"
"name" : "DSA-2458", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2458" "name": "openSUSE-SU-2012:0417",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
"name" : "MDVSA-2012:031", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031" "name": "48402",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48402"
"name" : "MDVSA-2012:032", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032" "name": "MDVSA-2012:031",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
"name" : "RHSA-2012:0387", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html" "name": "48624",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48624"
"name" : "RHSA-2012:0388", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html" "name": "SUSE-SU-2012:0424",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
"name" : "openSUSE-SU-2012:0417", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html" "name": "USN-1400-5",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-5"
"name" : "SUSE-SU-2012:0424", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html" "name": "52460",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52460"
"name" : "SUSE-SU-2012:0425", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html" "name": "48414",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48414"
"name" : "USN-1400-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-3" "name": "48359",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48359"
"name" : "USN-1400-4", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-4" "name": "48823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48823"
"name" : "USN-1400-5", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-5" "name": "USN-1401-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1401-1"
"name" : "USN-1400-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-2" "name": "USN-1400-4",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-4"
"name" : "USN-1401-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1401-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=723808",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=723808"
"name" : "USN-1400-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1400-1" "name": "48629",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48629"
"name" : "52460", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52460" "name": "oval:org.mitre.oval:def:15122",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122"
"name" : "oval:org.mitre.oval:def:15122", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15122" "name": "USN-1400-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-3"
"name" : "1026804", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026804" "name": "RHSA-2012:0387",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
"name" : "1026801", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026801" "name": "48496",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48496"
"name" : "1026803", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026803" "name": "SUSE-SU-2012:0425",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
"name" : "48629", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48629" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=718203",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=718203"
"name" : "48513", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48513" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=719994",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=719994"
"name" : "48495", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48495" "name": "USN-1400-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-2"
"name" : "48496", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48496" "name": "DSA-2458",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2458"
"name" : "48553", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48553" "name": "48920",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48920"
"name" : "48561", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48561" "name": "DSA-2433",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2433"
"name" : "48624", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48624" "name": "MDVSA-2012:032",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
"name" : "48823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48823" "name": "1026803",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026803"
"name" : "48920", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48920" "name": "48495",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48495"
"name" : "48402", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48402" "name": "48553",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48553"
"name" : "48359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48359" "name": "USN-1400-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1400-1"
"name" : "48414", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48414" "name": "48561",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48561"
} },
} {
"name": "RHSA-2012:0388",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
},
{
"name": "1026801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026801"
},
{
"name": "1026804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026804"
},
{
"name": "48513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48513"
}
]
}
}

180
2012/0xxx/CVE-2012-0992.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0992", "ID": "CVE-2012-0992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120201 Multiple vulnerabilities in OpenEMR", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html" "lang": "eng",
}, "value": "interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter."
{ }
"name" : "https://www.htbridge.ch/advisory/HTB23069", ]
"refsource" : "MISC", },
"url" : "https://www.htbridge.ch/advisory/HTB23069" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51788", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/51788" ]
}, },
{ "references": {
"name" : "78731", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78731" "name": "https://www.htbridge.ch/advisory/HTB23069",
}, "refsource": "MISC",
{ "url": "https://www.htbridge.ch/advisory/HTB23069"
"name" : "47781", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47781" "name": "78731",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/78731"
"name" : "openemr-faxdispatch-command-execution(72915)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72915" "name": "51788",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/51788"
} },
} {
"name": "20120201 Multiple vulnerabilities in OpenEMR",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0004.html"
},
{
"name": "47781",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47781"
},
{
"name": "openemr-faxdispatch-command-execution(72915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72915"
},
{
"name": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource": "CONFIRM",
"url": "http://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
}
]
}
}

150
2012/2xxx/CVE-2012-2325.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2325", "ID": "CVE-2012-2325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120507 CVE request: mybb before 1.6.7", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/13" "lang": "eng",
}, "value": "SQL injection vulnerability in the User Inline Moderation feature in the Admin Control Panel (ACP) in MyBB (aka MyBulletinBoard) before 1.6.7 allows remote administrators to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53417", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/53417" ]
} },
] "references": {
} "reference_data": [
} {
"name": "53417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53417"
},
{
"name": "[oss-security] 20120507 CVE request: mybb before 1.6.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/13"
},
{
"name": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/",
"refsource": "CONFIRM",
"url": "http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/"
},
{
"name": "[oss-security] 20120507 Re: CVE request: mybb before 1.6.7",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/14"
}
]
}
}

140
2012/2xxx/CVE-2012-2564.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2564", "ID": "CVE-2012-2564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators for requests that perform administrative actions."
{ }
"name" : "VU#722963", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/722963" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53715", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53715" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "53715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53715"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-8R9LBY"
},
{
"name": "VU#722963",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/722963"
}
]
}
}

130
2012/3xxx/CVE-2012-3148.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3148", "ID": "CVE-2012-3148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2012/3xxx/CVE-2012-3175.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3175", "ID": "CVE-2012-3175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

260
2012/3xxx/CVE-2012-3500.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3500", "ID": "CVE-2012-3500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/7" "lang": "eng",
}, "value": "scripts/annotate-output.sh in devscripts before 2.12.2, as used in rpmdevtools before 8.3, allows local users to modify arbitrary files via a symlink attack on the temporary (1) standard output or (2) standard error output file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=848022", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=848022" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0", "description": [
"refsource" : "CONFIRM", {
"url" : "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb", ]
"refsource" : "CONFIRM", }
"url" : "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb" ]
}, },
{ "references": {
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316" "name": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0",
}, "refsource": "CONFIRM",
{ "url": "http://anonscm.debian.org/gitweb/?p=devscripts/devscripts.git;a=commit;h=4d23a5e6c90f7a37b0972b30f5d31dce97a93eb0"
"name" : "DSA-2549", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2549" "name": "MDVSA-2013:123",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123"
"name" : "FEDORA-2012-13208", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html" "name": "rpmdevtools-toctou-symlink(78230)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230"
"name" : "FEDORA-2012-13234", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html" "name": "55358",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55358"
"name" : "FEDORA-2012-13263", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html" "name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316",
}, "refsource": "CONFIRM",
{ "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0316"
"name" : "MDVSA-2013:123", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:123" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=848022",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=848022"
"name" : "openSUSE-SU-2012:1437", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html" "name": "FEDORA-2012-13208",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087335.html"
"name" : "USN-1593-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1593-1" "name": "DSA-2549",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2549"
"name" : "55358", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55358" "name": "FEDORA-2012-13263",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086159.html"
"name" : "50600", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50600" "name": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb",
}, "refsource": "CONFIRM",
{ "url": "http://git.fedorahosted.org/cgit/rpmdevtools.git/commit/?id=90b4400c2ab2e80cecfd8dfdf031536376ed2cdb"
"name" : "rpmdevtools-toctou-symlink(78230)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78230" "name": "50600",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/50600"
} },
} {
"name": "FEDORA-2012-13234",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086138.html"
},
{
"name": "USN-1593-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1593-1"
},
{
"name": "[oss-security] 20120831 [Notification] CVE-2012-3500 - rpmdevtools, devscripts: TOCTOU race condition in annotate-output",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/7"
},
{
"name": "openSUSE-SU-2012:1437",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00000.html"
}
]
}
}

170
2012/3xxx/CVE-2012-3863.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3863", "ID": "CVE-2012-3863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-010.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-010.html" "lang": "eng",
}, "value": "channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Asterisk Digiumphones 10.x.x-digiumphones before 10.5.2-digiumphones does not properly handle a provisional response to a SIP reINVITE request, which allows remote authenticated users to cause a denial of service (RTP port exhaustion) via sessions that lack final responses."
{ }
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-19992", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-19992" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2550", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2550" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54327", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/54327" ]
}, },
{ "references": {
"name" : "50687", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50687" "name": "50687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50687"
"name" : "50756", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50756" "name": "50756",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/50756"
} },
} {
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name": "54327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54327"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-010.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-010.html"
},
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-19992",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-19992"
}
]
}
}

34
2012/3xxx/CVE-2012-3882.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3882", "ID": "CVE-2012-3882",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2012/4xxx/CVE-2012-4021.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2012-4021", "ID": "CVE-2012-4021",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#52264310", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN52264310/index.html" "lang": "eng",
}, "value": "MosP kintai kanri before 4.1.0 does not properly perform authentication, which allows remote authenticated users to impersonate arbitrary user accounts, and consequently obtain sensitive information or modify settings, via unspecified vectors."
{ }
"name" : "JVNDB-2012-000097", ]
"refsource" : "JVNDB", },
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000097" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56369", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56369" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51110", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/51110" ]
} },
] "references": {
} "reference_data": [
} {
"name": "56369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56369"
},
{
"name": "JVNDB-2012-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000097"
},
{
"name": "JVN#52264310",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52264310/index.html"
},
{
"name": "51110",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51110"
}
]
}
}

130
2012/4xxx/CVE-2012-4265.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4265", "ID": "CVE-2012-4265",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18872", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18872" "lang": "eng",
}, "value": "SQL injection vulnerability in category_edit.php in Proman Xpress 5.0.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
{ }
"name" : "http://www.vulnerability-lab.com/get_content.php?id=512", ]
"refsource" : "MISC", },
"url" : "http://www.vulnerability-lab.com/get_content.php?id=512" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=512",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=512"
},
{
"name": "18872",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18872"
}
]
}
}

160
2012/4xxx/CVE-2012-4614.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2012-4614", "ID": "CVE-2012-4614",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html" "lang": "eng",
}, "value": "The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session."
{ }
"name" : "56682", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/56682" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "87877", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027812", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027812" ]
}, },
{ "references": {
"name" : "51408", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51408" "name": "1027812",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027812"
} },
} {
"name": "51408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51408"
},
{
"name": "20121126 ESA-2012-057: EMC Smarts Network Configuration Manager Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0095.html"
},
{
"name": "56682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56682"
},
{
"name": "87877",
"refsource": "OSVDB",
"url": "http://osvdb.org/87877"
}
]
}
}

180
2012/4xxx/CVE-2012-4912.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2012-4912", "ID": "CVE-2012-4912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download.novell.com/Download?buildid=O5hTjIiMdMo~", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://download.novell.com/Download?buildid=O5hTjIiMdMo~" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message."
{ }
"name" : "http://www.novell.com/support/kb/doc.php?id=7010768", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/kb/doc.php?id=7010768" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=702788", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=702788" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=745425", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=745425" ]
}, },
{ "references": {
"name" : "55814", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55814" "name": "1027614",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027614"
"name" : "1027614", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027614" "name": "http://www.novell.com/support/kb/doc.php?id=7010768",
}, "refsource": "CONFIRM",
{ "url": "http://www.novell.com/support/kb/doc.php?id=7010768"
"name" : "50622", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50622" "name": "55814",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/55814"
} },
} {
"name": "https://bugzilla.novell.com/show_bug.cgi?id=745425",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=745425"
},
{
"name": "50622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50622"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=702788",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=702788"
},
{
"name": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~",
"refsource": "CONFIRM",
"url": "http://download.novell.com/Download?buildid=O5hTjIiMdMo~"
}
]
}
}

170
2012/6xxx/CVE-2012-6076.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6076", "ID": "CVE-2012-6076",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/12/30/2" "lang": "eng",
}, "value": "Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and possibly have other unspecified impacts."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/inkscape/+bug/911146", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/inkscape/+bug/911146" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0294", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0297", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html" "name": "[oss-security] 20121229 Re: Inkscape reads .eps files from /tmp instead of the current directory",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/12/30/2"
"name" : "USN-1712-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1712-1" "name": "USN-1712-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1712-1"
} },
} {
"name": "https://bugs.launchpad.net/inkscape/+bug/911146",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/inkscape/+bug/911146"
},
{
"name": "openSUSE-SU-2013:0294",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00041.html"
},
{
"name": "openSUSE-SU-2013:0297",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00043.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654341"
}
]
}
}

160
2012/6xxx/CVE-2012-6116.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6116", "ID": "CVE-2012-6116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec" "lang": "eng",
}, "value": "modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA certificate by writing to this file."
{ }
"name" : "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0547", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0547.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0686", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html" ]
}, },
{ "references": {
"name" : "52774", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52774" "name": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec",
} "refsource": "CONFIRM",
] "url": "https://github.com/Katello/katello/commits/master/katello-configure/katello-configure.spec"
} },
} {
"name": "52774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52774"
},
{
"name": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d",
"refsource": "CONFIRM",
"url": "https://github.com/jsomara/katello/commit/65f1e42b7bda0f3410931c50598540d944d8bf0d"
},
{
"name": "RHSA-2013:0547",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0547.html"
},
{
"name": "RHSA-2013:0686",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
}
]
}
}

140
2012/6xxx/CVE-2012-6142.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6142", "ID": "CVE-2012-6142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q2/318" "lang": "eng",
}, "value": "Session::Cookie in the HTML::EP module 0.2011 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."
{ }
"name" : "59833", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/59833" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "htmlep-cve20126142-sec-bypass(84199)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84199" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "htmlep-cve20126142-sec-bypass(84199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84199"
},
{
"name": "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/318"
},
{
"name": "59833",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59833"
}
]
}
}

34
2012/6xxx/CVE-2012-6672.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6672", "ID": "CVE-2012-6672",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

240
2017/2xxx/CVE-2017-2112.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2112", "ID": "CVE-2017-2112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TS-WPTCAM", "product_name": "TS-WPTCAM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.18 and earlier" "version_value": "firmware version 1.18 and earlier"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-WPTCAM2", "product_name": "TS-WPTCAM2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.00" "version_value": "firmware version 1.00"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-WLCE", "product_name": "TS-WLCE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.18 and earlier" "version_value": "firmware version 1.18 and earlier"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-WLC2", "product_name": "TS-WLC2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.18 and earlier" "version_value": "firmware version 1.18 and earlier"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-WRLC", "product_name": "TS-WRLC",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.17 and earlier" "version_value": "firmware version 1.17 and earlier"
} }
] ]
} }
}, },
{ {
"product_name" : "TS-PTCAM/POE", "product_name": "TS-PTCAM/POE",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 1.18 and earlier" "version_value": "firmware version 1.18 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "I-O DATA DEVICE, INC." "vendor_name": "I-O DATA DEVICE, INC."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.iodata.jp/support/information/2017/camera201702/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.iodata.jp/support/information/2017/camera201702/" "lang": "eng",
}, "value": "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
{ }
"name" : "JVN#46830433", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN46830433/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96620", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96620" "lang": "eng",
} "value": "OS Command Injection"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVN#46830433",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN46830433/index.html"
},
{
"name": "96620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96620"
},
{
"name": "http://www.iodata.jp/support/information/2017/camera201702/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
}
]
}
}

140
2017/2xxx/CVE-2017-2243.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2243", "ID": "CVE-2017-2243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Responsive Lightbox", "product_name": "Responsive Lightbox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 1.7.2" "version_value": "prior to version 1.7.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "dFactory" "vendor_name": "dFactory"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wordpress.org/plugins/responsive-lightbox/#developers", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/plugins/responsive-lightbox/#developers" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#39819446", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN39819446/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99463", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99463" "lang": "eng",
} "value": "Cross-site scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99463"
},
{
"name": "JVN#39819446",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN39819446/index.html"
},
{
"name": "https://wordpress.org/plugins/responsive-lightbox/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/responsive-lightbox/#developers"
}
]
}
}

190
2017/2xxx/CVE-2017-2460.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2460", "ID": "CVE-2017-2460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41811", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41811/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207600", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207600" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207601" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207617", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "name": "1038137",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038137"
"name" : "GLSA-201706-15", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201706-15" "name": "https://support.apple.com/HT207601",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207601"
"name" : "97130", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97130" "name": "97130",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97130"
"name" : "1038137", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038137" "name": "GLSA-201706-15",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201706-15"
} },
} {
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1090"
},
{
"name": "41811",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41811/"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

130
2017/2xxx/CVE-2017-2789.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-2789", "ID": "CVE-2017-2789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Ichitaro", "product_name": "Ichitaro",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "JustSystems" "vendor_name": "JustSystems"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.talosintelligence.com/reports/TALOS-2016-0196/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.talosintelligence.com/reports/TALOS-2016-0196/" "lang": "eng",
}, "value": "When copying filedata into a buffer, JustSystems Ichitaro Office 2016 Trial will calculate two values to determine how much data to copy from the document. If both of these values are larger than the size of the buffer, the application will choose the smaller of the two and trust it to copy data from the file. This value is larger than the buffer size, which leads to a heap-based buffer overflow. This overflow corrupts an offset in the heap used in pointer arithmetic for writing data and can lead to code execution under the context of the application."
{ }
"name" : "96438", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96438" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2016-0196/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0196/"
},
{
"name": "96438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96438"
}
]
}
}

130
2017/2xxx/CVE-2017-2841.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-2841", "ID": "CVE-2017-2841",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Indoor IP Camera C1 Series", "product_name": "Indoor IP Camera C1 Series",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foscam" "vendor_name": "Foscam"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343" "lang": "eng",
}, "value": "An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the \"msmtprc\" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
{ }
"name" : "99184", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99184" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0343"
}
]
}
}

34
2017/6xxx/CVE-2017-6217.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6217", "ID": "CVE-2017-6217",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/6xxx/CVE-2017-6267.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC" : "2017-09-21T00:00:00", "DATE_PUBLIC": "2017-09-21T00:00:00",
"ID" : "CVE-2017-6267", "ID": "CVE-2017-6267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GPU Display Driver", "product_name": "GPU Display Driver",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544" "lang": "eng",
}, "value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where an incorrect initialization of internal objects can cause an infinite loop which may lead to a denial of service."
{ }
"name" : "101025", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101025" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544"
},
{
"name": "101025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101025"
}
]
}
}

120
2017/6xxx/CVE-2017-6315.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6315", "ID": "CVE-2017-6315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42726", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42726/" "lang": "eng",
} "value": "Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute arbitrary code via a crafted request to index.plx."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42726",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42726/"
}
]
}
}

34
2018/11xxx/CVE-2018-11584.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11584", "ID": "CVE-2018-11584",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/11xxx/CVE-2018-11633.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11633", "ID": "CVE-2018-11633",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/", "description_data": [
"refsource" : "MISC", {
"url" : "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/" "lang": "eng",
}, "value": "An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishing/social engineering), the attacker can change the plugin settings. The function woo_checkout_settings_page in the file class-woo-checkout-for-digital-goods-admin.php doesn't do any check against wp-admin/admin-post.php Cross-site request forgery (CSRF) and user capabilities."
{ }
"name" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/woo-checkout-for-digital-goods/#developers"
},
{
"name": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/",
"refsource": "MISC",
"url": "http://labs.threatpress.com/cross-site-request-forgery-csrf-in-woo-checkout-for-digital-goods-plugin/"
}
]
}
}

130
2018/11xxx/CVE-2018-11852.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11852", "ID": "CVE-2018-11852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143" "lang": "eng",
}, "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write."
{ }
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", ]
"refsource" : "CONFIRM", },
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=92fbe31eb6b356a1f673515cb1e63b6eaf245143"
}
]
}
}

120
2018/11xxx/CVE-2018-11987.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11987", "ID": "CVE-2018-11987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free Issue in Kernel"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" "lang": "eng",
} "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free Issue in Kernel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
}
]
}
}

130
2018/14xxx/CVE-2018-14298.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14298", "ID": "CVE-2018-14298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.5096" "version_value": "9.0.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-758", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-758" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Ink annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6214."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-758",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-758"
}
]
}
}

130
2018/14xxx/CVE-2018-14481.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14481", "ID": "CVE-2018-14481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280."
{ }
"name" : "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/", ]
"refsource" : "MISC", },
"url" : "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150643/OSclass-3.7.4-Cross-Site-Scripting.html"
},
{
"name": "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/",
"refsource": "MISC",
"url": "https://www.netsparker.com/web-applications-advisories/ns-18-029-cross-site-scripting-in-osclass/"
}
]
}
}

34
2018/14xxx/CVE-2018-14676.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14676", "ID": "CVE-2018-14676",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/14xxx/CVE-2018-14690.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14690", "ID": "CVE-2018-14690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in Subsonic 6.1.1. The general settings are affected by two stored cross-site scripting vulnerabilities in the title and subtitle parameters to generalSettings.view that could be used to steal session information of a victim."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://www.bishopfox.com/news/2018/09/subsonic-6-1-1-multiple-vulnerabilities/"
}
]
}
}

34
2018/14xxx/CVE-2018-14724.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14724", "ID": "CVE-2018-14724",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15212.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15212", "ID": "CVE-2018-15212",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/15xxx/CVE-2018-15363.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2018-15363", "ID": "CVE-2018-15363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro Security (Consumer)", "product_name": "Trend Micro Security (Consumer)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.0 (2018)" "version_value": "12.0 (2018)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-963/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-963/" "lang": "eng",
}, "value": "An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit the vulnerability."
{ }
"name" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx", ]
"refsource" : "CONFIRM", },
"url" : "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-US/home/pages/technical-support/1120742.aspx"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-963/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-963/"
}
]
}
}

206
2018/15xxx/CVE-2018-15378.json
View File

@ -1,105 +1,105 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T21:00:00-0500", "DATE_PUBLIC": "2018-10-03T21:00:00-0500",
"ID" : "CVE-2018-15378", "ID": "CVE-2018-15378",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Clam AntiVirus unmew11() Denial of Service Vulnerability" "TITLE": "Clam AntiVirus unmew11() Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ClamAV", "product_name": "ClamAV",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : "0.100.2" "version_value": "0.100.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the \"unmew11()\" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "5.3",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html" "lang": "eng",
}, "value": "A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the \"unmew11()\" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file."
{ }
"name" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html", ]
"refsource" : "MISC", },
"url" : "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html" "impact": {
}, "cvss": {
{ "baseScore": "5.3",
"name" : "https://bugzilla.clamav.net/show_bug.cgi?id=12170", "version": "3.0"
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.clamav.net/show_bug.cgi?id=12170" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "USN-3789-1", {
"refsource" : "UBUNTU", "description": [
"url" : "https://usn.ubuntu.com/3789-1/" {
}, "lang": "eng",
{ "value": "CWE-125"
"name" : "USN-3789-2", }
"refsource" : "UBUNTU", ]
"url" : "https://usn.ubuntu.com/3789-2/" }
}, ]
{ },
"name" : "83000", "references": {
"refsource" : "SECUNIA", "reference_data": [
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/83000/" {
} "name": "[debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update",
] "refsource": "MLIST",
}, "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html"
"source" : { },
"advisory" : "Bug 12170 - ClamAV Invalid read memory access in MEW unpacker", {
"defect" : [ "name": "https://bugzilla.clamav.net/show_bug.cgi?id=12170",
[ "refsource": "CONFIRM",
"12170" "url": "https://bugzilla.clamav.net/show_bug.cgi?id=12170"
] },
], {
"discovery" : "UNKNOWN" "name": "83000",
} "refsource": "SECUNIA",
} "url": "https://secuniaresearch.flexerasoftware.com/advisories/83000/"
},
{
"name": "USN-3789-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3789-2/"
},
{
"name": "USN-3789-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3789-1/"
},
{
"name": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html",
"refsource": "MISC",
"url": "https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html"
}
]
},
"source": {
"advisory": "Bug 12170 - ClamAV Invalid read memory access in MEW unpacker",
"defect": [
[
"12170"
]
],
"discovery": "UNKNOWN"
}
}

166
2018/15xxx/CVE-2018-15425.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500", "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15425", "ID": "CVE-2018-15425",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Multiple Vulnerabilities in Cisco Identity Services Engine" "TITLE": "Multiple Vulnerabilities in Cisco Identity Services Engine"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Identity Services Engine Software ", "product_name": "Cisco Identity Services Engine Software ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "4.7",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns" "lang": "eng",
}, "value": "A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device with the privileges of the web server."
{ }
"name" : "1041792", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041792" "impact": {
} "cvss": {
] "baseScore": "4.7",
}, "version": "3.0"
"source" : { }
"advisory" : "cisco-sa-20181003-ise-mult-vulns", },
"defect" : [ "problemtype": {
[ "problemtype_data": [
"CSCvj62592", {
"CSCvj62614" "description": [
] {
], "lang": "eng",
"discovery" : "UNKNOWN" "value": "CWE-20"
} }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20181003 Multiple Vulnerabilities in Cisco Identity Services Engine",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-ise-mult-vulns"
},
{
"name": "1041792",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041792"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-ise-mult-vulns",
"defect": [
[
"CSCvj62592",
"CSCvj62614"
]
],
"discovery": "UNKNOWN"
}
}

140
2018/15xxx/CVE-2018-15966.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15966", "ID": "CVE-2018-15966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a security bypass vulnerability. Successful exploitation could lead to privilege escalation."
{ }
"name" : "105435", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105435" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Security Bypass"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105435",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105435"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
}

130
2018/20xxx/CVE-2018-20010.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20010", "ID": "CVE-2018-20010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "46373", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/46373/" "lang": "eng",
}, "value": "DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field."
{ }
"name" : "https://github.com/domainmod/domainmod/issues/88", ]
"refsource" : "MISC", },
"url" : "https://github.com/domainmod/domainmod/issues/88" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/domainmod/domainmod/issues/88",
"refsource": "MISC",
"url": "https://github.com/domainmod/domainmod/issues/88"
},
{
"name": "46373",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46373/"
}
]
}
}

140
2018/20xxx/CVE-2018-20467.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20467", "ID": "CVE-2018-20467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb" "lang": "eng",
}, "value": "In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can result in an infinite loop and hang, with high CPU and memory consumption. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted file."
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1408", ]
"refsource" : "MISC", },
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1408" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "106315", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106315" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/commit/db0add932fb850d762b02604ca3053b7d7ab6deb"
},
{
"name": "106315",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106315"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1408",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1408"
}
]
}
}

130
2018/20xxx/CVE-2018-20594.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20594", "ID": "CVE-2018-20594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f" "lang": "eng",
}, "value": "An issue was discovered in hsweb 3.0.4. It is a reflected XSS vulnerability due to the absence of type parameter checking in FlowableModelManagerController.java."
{ }
"name" : "https://github.com/hs-web/hsweb-framework/issues/107", ]
"refsource" : "MISC", },
"url" : "https://github.com/hs-web/hsweb-framework/issues/107" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f",
"refsource": "MISC",
"url": "https://github.com/hs-web/hsweb-framework/commit/b72a2275ed21240296c6539bae1049c56abb542f"
},
{
"name": "https://github.com/hs-web/hsweb-framework/issues/107",
"refsource": "MISC",
"url": "https://github.com/hs-web/hsweb-framework/issues/107"
}
]
}
}

120
2018/20xxx/CVE-2018-20659.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20659", "ID": "CVE-2018-20659",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/axiomatic-systems/Bento4/issues/350", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/axiomatic-systems/Bento4/issues/350" "lang": "eng",
} "value": "An issue was discovered in Bento4 1.5.1-627. The AP4_StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/350",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/350"
}
]
}
}

34
2018/9xxx/CVE-2018-9746.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9746", "ID": "CVE-2018-9746",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9747.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9747", "ID": "CVE-2018-9747",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/9xxx/CVE-2018-9829.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9829", "ID": "CVE-2018-9829",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }