admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:22:43 +00:00
parent fb1b8bf1cc
commit b279cfacd9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 3480 additions and 3480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
2002/0xxx/CVE-2002-0035.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2002-0035", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2002-0035",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2002. Notes: none."
} }
] ]
} }
} }

178
2002/0xxx/CVE-2002-0382.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0382", "ID": "CVE-2002-0382",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020327 Xchat /dns command execution vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101725430425490&w=2" "lang": "eng",
}, "value": "XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters."
{ }
"name" : "RHSA-2002:097", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2002-097.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2002:124", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-124.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2002:051", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php" ]
}, },
{ "references": {
"name" : "CLA-2002:526", "reference_data": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526" "name": "RHSA-2002:097",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-097.html"
"name" : "xchat-dns-execute-commands(8704)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8704.php" "name": "xchat-dns-execute-commands(8704)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/8704.php"
"name" : "4376", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4376" "name": "RHSA-2002:124",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2002-124.html"
} },
{
"name": "CLA-2002:526",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526"
},
{
"name": "MDKSA-2002:051",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php"
},
{
"name": "4376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4376"
},
{
"name": "20020327 Xchat /dns command execution vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101725430425490&w=2"
}
]
}
} }

148
2002/0xxx/CVE-2002-0437.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0437", "ID": "CVE-2002-0437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term \"string format vulnerability\" by some sources."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020311 SMStools vulnerabilities in release before 1.4.8", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html" "lang": "eng",
}, "value": "Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term \"string format vulnerability\" by some sources."
{ }
"name" : "http://www.isis.de/members/~s.frings/smstools/history.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.isis.de/members/~s.frings/smstools/history.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4268", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4268" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sms-tools-format-string(8433)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8433.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.isis.de/members/~s.frings/smstools/history.html",
"refsource": "CONFIRM",
"url": "http://www.isis.de/members/~s.frings/smstools/history.html"
},
{
"name": "4268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4268"
},
{
"name": "sms-tools-format-string(8433)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8433.php"
},
{
"name": "20020311 SMStools vulnerabilities in release before 1.4.8",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html"
}
]
}
} }

248
2002/0xxx/CVE-2002-0559.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0559", "ID": "CVE-2002-0559",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020206 Multiple Buffer Overflows in Oracle 9iAS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/254426" "lang": "eng",
}, "value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
{ }
"name" : "CA-2002-08", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2002-08.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#750299", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/750299" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#878603", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/878603" ]
}, },
{ "references": {
"name" : "VU#659043", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/659043" "name": "VU#750299",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/750299"
"name" : "VU#313280", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/313280" "name": "VU#878603",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/878603"
"name" : "VU#923395", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/923395" "name": "oracle-appserver-plsql-adddad-bo(8098)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
"name" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf", },
"refsource" : "CONFIRM", {
"url" : "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf" "name": "CA-2002-08",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2002-08.html"
"name" : "http://www.nextgenss.com/papers/hpoas.pdf", },
"refsource" : "MISC", {
"url" : "http://www.nextgenss.com/papers/hpoas.pdf" "name": "VU#659043",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/659043"
"name" : "oracle-appserver-plsql-adddad-bo(8098)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098" "name": "oracle-appserver-plsql-cache-bo(8097)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
"name" : "oracle-appserver-plsql-bo(8095)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095" "name": "oracle-appserver-plsql-authclient-bo(8096)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
"name" : "oracle-appserver-plsql-cache-bo(8097)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097" "name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
}, "refsource": "BUGTRAQ",
{ "url": "http://online.securityfocus.com/archive/1/254426"
"name" : "oracle-appserver-plsql-authclient-bo(8096)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096" "name": "VU#313280",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/313280"
"name" : "4032", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4032" "name": "http://www.nextgenss.com/papers/hpoas.pdf",
} "refsource": "MISC",
] "url": "http://www.nextgenss.com/papers/hpoas.pdf"
} },
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923395"
}
]
}
} }

218
2002/1xxx/CVE-2002-1142.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1142", "ID": "CVE-2002-1142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS02-065", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub."
{ }
"name" : "20021120 Foundstone Advisory", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337", "description": [
"refsource" : "MISC", {
"url" : "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2002-33", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2002-33.html" ]
}, },
{ "references": {
"name" : "VU#542081", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/542081" "name": "oval:org.mitre.oval:def:2730",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730"
"name" : "6214", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6214" "name": "20021120 Foundstone Advisory",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html"
"name" : "oval:org.mitre.oval:def:2730", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730" "name": "6214",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6214"
"name" : "oval:org.mitre.oval:def:294", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294" "name": "mdac-rds-client-bo(10669)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669"
"name" : "oval:org.mitre.oval:def:3573", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573" "name": "VU#542081",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/542081"
"name" : "mdac-rds-server-bo(10659)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659" "name": "MS02-065",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065"
"name" : "mdac-rds-client-bo(10669)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10669" "name": "oval:org.mitre.oval:def:3573",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573"
} },
{
"name": "CA-2002-33",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-33.html"
},
{
"name": "mdac-rds-server-bo(10659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10659"
},
{
"name": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337",
"refsource": "MISC",
"url": "http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337"
},
{
"name": "oval:org.mitre.oval:def:294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294"
}
]
}
} }

198
2002/1xxx/CVE-2002-1186.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1186", "ID": "CVE-2002-1186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020903 MSIEv6 % encoding causes a problem again", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html" "lang": "eng",
}, "value": "Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka \"Encoded Characters Information Disclosure.\""
{ }
"name" : "20020904 Re: MSIEv6 % encoding causes a problem again", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS02-066", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5610", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5610" ]
}, },
{ "references": {
"name" : "7845", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/7845" "name": "MS02-066",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066"
"name" : "oval:org.mitre.oval:def:143", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143" "name": "5610",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5610"
"name" : "oval:org.mitre.oval:def:471", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471" "name": "20020903 MSIEv6 % encoding causes a problem again",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html"
"name" : "oval:org.mitre.oval:def:495", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495" "name": "ie-sameoriginpolicy-bypass(10039)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/10039.php"
"name" : "ie-sameoriginpolicy-bypass(10039)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10039.php" "name": "7845",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/7845"
} },
{
"name": "oval:org.mitre.oval:def:495",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495"
},
{
"name": "20020904 Re: MSIEv6 % encoding causes a problem again",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html"
},
{
"name": "oval:org.mitre.oval:def:471",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471"
},
{
"name": "oval:org.mitre.oval:def:143",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143"
}
]
}
} }

138
2002/1xxx/CVE-2002-1628.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1628", "ID": "CVE-2002-1628",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#250107", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/250107" "lang": "eng",
}, "value": "Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vote CGI before 1.3 allows remote attackers to write arbitrary files via .. (dot dot) sequences in the type parameter."
{ }
"name" : "3854", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3854" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vote-cgi-gain-privileges(7971)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "vote-cgi-gain-privileges(7971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7971"
},
{
"name": "3854",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3854"
},
{
"name": "VU#250107",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/250107"
}
]
}
} }

148
2002/1xxx/CVE-2002-1678.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1678", "ID": "CVE-2002-1678",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020322 memberlist.php of vBulletin", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/263609" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft vBulletin 2.0 rc 2 through 2.2.4 allows remote attackers to steal authentication credentials by injecting script into $letterbits."
{ }
"name" : "20020322 RE: memberlist.php of vBulletin", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4349", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4349" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "vbulletin-memberlist-execute-code(8619)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619" ]
} },
] "references": {
} "reference_data": [
{
"name": "20020322 memberlist.php of vBulletin",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263609"
},
{
"name": "4349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4349"
},
{
"name": "20020322 RE: memberlist.php of vBulletin",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/264023/2002-11-01/2002-11-07/2"
},
{
"name": "vbulletin-memberlist-execute-code(8619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8619"
}
]
}
} }

148
2002/1xxx/CVE-2002-1817.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1817", "ID": "CVE-2002-1817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seer.support.veritas.com/docs/238143.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seer.support.veritas.com/docs/238143.htm" "lang": "eng",
}, "value": "Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsNT, Cluster Server 1.3.0 for Solaris, and Cluster Server 1.3.1 for HP-UX allows attackers to gain privileges via unknown attack vectors."
{ }
"name" : "5688", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5688" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1005204", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1005204" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "vcs-unauth-root-access(10082)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10082.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "vcs-unauth-root-access(10082)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10082.php"
},
{
"name": "5688",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5688"
},
{
"name": "http://seer.support.veritas.com/docs/238143.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/238143.htm"
},
{
"name": "1005204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005204"
}
]
}
} }

118
2002/1xxx/CVE-2002-1989.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1989", "ID": "CVE-2002-1989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020617 KPMG-2002022: Resin DOS device Denial of Service", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html" "lang": "eng",
} "value": "Resin 2.1.1 allows remote attackers to cause a denial of service (thread and connection consumption) via multiple URL requests containing the DOS 'CON' device name and a registered file extension such as .jsp or .xtp."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020617 KPMG-2002022: Resin DOS device Denial of Service",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0108.html"
}
]
}
} }

138
2002/2xxx/CVE-2002-2158.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2158", "ID": "CVE-2002-2158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020610 [ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/276121" "lang": "eng",
}, "value": "zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message."
{ }
"name" : "4973", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4973" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "zentrack-ticketid-path-disclosure(9312)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9312.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "4973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4973"
},
{
"name": "zentrack-ticketid-path-disclosure(9312)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9312.php"
},
{
"name": "20020610 [ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276121"
}
]
}
} }

138
2002/2xxx/CVE-2002-2361.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2361", "ID": "CVE-2002-2361",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020827 Yahoo Messenger Install Secuirty", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html" "lang": "eng",
}, "value": "The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing."
{ }
"name" : "5579", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5579" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "yahoo-installer-insecure-connection(9984)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9984.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "yahoo-installer-insecure-connection(9984)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9984.php"
},
{
"name": "20020827 Yahoo Messenger Install Secuirty",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html"
},
{
"name": "5579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5579"
}
]
}
} }

32
2005/1xxx/CVE-2005-1271.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-1271", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-1271",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1343. Reason: This candidate is a reservation duplicate of CVE-2005-1343. Notes: All CVE users should reference CVE-2005-1343 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

128
2005/1xxx/CVE-2005-1968.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1968", "ID": "CVE-2005-1968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://echo.or.id/adv/adv16-theday-2005.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://echo.or.id/adv/adv16-theday-2005.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp."
{ }
"name" : "1014129", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1014129" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014129",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014129"
},
{
"name": "http://echo.or.id/adv/adv16-theday-2005.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv16-theday-2005.txt"
}
]
}
} }

458
2009/1xxx/CVE-2009-1099.json
View File

@ -1,232 +1,232 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1099", "ID": "CVE-2009-1099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777" "lang": "eng",
}, "value": "Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow."
{ }
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1", "description": [
"refsource" : "MISC", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm" "name": "SUSE-SA:2009:036",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" "name": "oval:org.mitre.oval:def:5726",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "SSRT090058",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
"name" : "GLSA-200911-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" "name": "35156",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35156"
"name" : "HPSBMA02429", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" "name": "SUSE-SA:2009:029",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
"name" : "SSRT090058", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133" "name": "35776",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35776"
"name" : "HPSBUX02429", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
"name" : "RHSA-2009:0392", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html" "name": "1021913",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021913"
"name" : "RHSA-2009:0394", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html" "name": "37460",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37460"
"name" : "RHSA-2009:1038", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "RHSA-2009:1198", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html" "name": "RHSA-2009:1038",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
"name" : "254571", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1" "name": "20090326 Sun Java Runtine Environment (JRE) Type1 Font Parsing Integer Signedness Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=777"
"name" : "SUSE-SA:2009:016", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html" "name": "RHSA-2009:1198",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
"name" : "SUSE-SA:2009:029", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "SUSE-SR:2009:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "name": "HPSBUX02429",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
"name" : "SUSE-SA:2009:036", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html" "name": "RHSA-2009:0394",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
"name" : "34240", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34240" "name": "254571",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254571-1"
"name" : "oval:org.mitre.oval:def:5726", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5726" "name": "34495",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34495"
"name" : "1021913", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021913" "name": "36185",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36185"
"name" : "34495", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34495" "name": "35255",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35255"
"name" : "34496", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34496" "name": "ADV-2009-1426",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1426"
"name" : "35223", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35223" "name": "SUSE-SR:2009:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
"name" : "35156", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35156" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "35255", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35255" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
"name" : "35416", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35416" "name": "RHSA-2009:0392",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
"name" : "35776", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35776" "name": "35223",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35223"
"name" : "36185", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36185" "name": "34240",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34240"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "34496",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34496"
"name" : "37460", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37460" "name": "HPSBMA02429",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
"name" : "ADV-2009-1426", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1426" "name": "35416",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35416"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1",
} "refsource": "MISC",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-118669-19-1"
} },
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
} }

138
2009/1xxx/CVE-2009-1765.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1765", "ID": "CVE-2009-1765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8715", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8715" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in pluck 4.6.2, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langpref parameter to (1) data/modules/contactform/module_info.php, (2) data/modules/blog/module_info.php, and (3) data/modules/albums/module_info.php, different vectors than CVE-2008-3194."
{ }
"name" : "35007", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35007" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35145", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35145" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "35007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35007"
},
{
"name": "35145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35145"
},
{
"name": "8715",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8715"
}
]
}
} }

268
2009/1xxx/CVE-2009-1894.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1894", "ID": "CVE-2009-1894",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090717 PulseAudio local race condition privilege escalation vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/505052/100/0/threaded" "lang": "eng",
}, "value": "Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink."
{ }
"name" : "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html", ]
"refsource" : "MISC", },
"url" : "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://taviso.decsystem.org/research.html", "description": [
"refsource" : "MISC", {
"url" : "http://taviso.decsystem.org/research.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.akitasecurity.nl/advisory.php?id=AK20090602", ]
"refsource" : "MISC", }
"url" : "http://www.akitasecurity.nl/advisory.php?id=AK20090602" ]
}, },
{ "references": {
"name" : "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2" "name": "35868",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35868"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510071", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510071" "name": "MDVSA-2009:171",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171"
"name" : "DSA-1838", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1838" "name": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html",
}, "refsource": "MISC",
{ "url": "http://blog.cr0.org/2009/07/old-school-local-root-vulnerability-in.html"
"name" : "GLSA-200907-13", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200907-13.xml" "name": "pulseaudio-suid-privilege-escalation(51804)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804"
"name" : "MDVSA-2009:152", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152" "name": "http://www.akitasecurity.nl/advisory.php?id=AK20090602",
}, "refsource": "MISC",
{ "url": "http://www.akitasecurity.nl/advisory.php?id=AK20090602"
"name" : "MDVSA-2009:171", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:171" "name": "MDVSA-2009:152",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:152"
"name" : "USN-804-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-804-1" "name": "35886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35886"
"name" : "35721", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35721" "name": "35721",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35721"
"name" : "35868", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35868" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=510071",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=510071"
"name" : "35886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35886" "name": "20090717 PulseAudio local race condition privilege escalation vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/505052/100/0/threaded"
"name" : "35896", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35896" "name": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2",
}, "refsource": "CONFIRM",
{ "url": "https://admin.fedoraproject.org/updates/pulseaudio-0.9.10-1.el5.2"
"name" : "pulseaudio-suid-privilege-escalation(51804)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51804" "name": "DSA-1838",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2009/dsa-1838"
} },
{
"name": "35896",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35896"
},
{
"name": "http://taviso.decsystem.org/research.html",
"refsource": "MISC",
"url": "http://taviso.decsystem.org/research.html"
},
{
"name": "GLSA-200907-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-13.xml"
},
{
"name": "USN-804-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-804-1"
}
]
}
} }

128
2009/5xxx/CVE-2009-5002.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5002", "ID": "CVE-2009-5002",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm" "lang": "eng",
}, "value": "The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.1-P8AE-FP001 does not record Get Content Failure Audit events, which might allow remote attackers to attempt content access without detection."
{ }
"name" : "PJ34853", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34853" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PJ34853",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PJ34853"
},
{
"name": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm",
"refsource": "CONFIRM",
"url": "http://download2.boulder.ibm.com/sar/CMA/IMA/00y3y/0/readme-4027-P8AE-FP007.htm"
}
]
}
} }

128
2012/0xxx/CVE-2012-0371.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-0371", "ID": "CVE-2012-0371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html" "lang": "eng",
}, "value": "Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, 6.0, and 7.0 before 7.0.220.4, when CPU-based ACLs are enabled, allow remote attackers to read or modify the configuration via unspecified vectors, aka Bug ID CSCtu56709."
{ }
"name" : "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120229 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc"
},
{
"name": "20120229 Cisco Security Advisory: Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0188.html"
}
]
}
} }

158
2012/0xxx/CVE-2012-0725.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-0725", "ID": "CVE-2012-0725",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html" "lang": "eng",
}, "value": "Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724."
{ }
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-07.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14628", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14628" ]
}, },
{ "references": {
"name" : "48732", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48732" "name": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html",
} "refsource": "CONFIRM",
] "url": "http://googlechromereleases.blogspot.com/2012/04/stable-and-beta-channel-updates.html"
} },
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-07.html"
},
{
"name": "48732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48732"
},
{
"name": "oval:org.mitre.oval:def:14628",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14628"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
} }

128
2012/0xxx/CVE-2012-0901.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0901", "ID": "CVE-2012-0901",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter."
{ }
"name" : "yousaytooautopublishing-yousaytoo-xss(72271)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72271" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt"
},
{
"name": "yousaytooautopublishing-yousaytoo-xss(72271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72271"
}
]
}
} }

188
2012/3xxx/CVE-2012-3153.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3153", "ID": "CVE-2012-3153",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "31253", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/31253" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. NOTE: the previous information is from the October 2012 CPU. Oracle has not commented on claims from the original researcher that the PARSEQUERY function allows remote attackers to obtain database credentials via reports/rwservlet/parsequery, and that this issue occurs in earlier versions. NOTE: this can be leveraged with CVE-2012-3152 to execute arbitrary code by uploading a .jsp file."
{ }
"name" : "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Jan/186" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/", "description": [
"refsource" : "MISC", {
"url" : "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/", ]
"refsource" : "MISC", }
"url" : "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html" "name": "fusionmiddleware-reports-cve20123153(79296)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79296"
"name" : "MDVSA-2013:150", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "name": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/",
}, "refsource": "MISC",
{ "url": "http://blog.netinfiltration.com/2014/01/19/upcoming-exploit-release-oracle-forms-and-reports-11g/"
"name" : "55961", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55961" "name": "31253",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/31253"
"name" : "fusionmiddleware-reports-cve20123153(79296)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79296" "name": "20140127 Oracle Reports Exploit - Remote Shell/Dump Passwords",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2014/Jan/186"
} },
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "55961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55961"
},
{
"name": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/",
"refsource": "MISC",
"url": "http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

128
2012/3xxx/CVE-2012-3266.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-3266", "ID": "CVE-2012-3266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBST02818", "description_data": [
"refsource" : "HP", {
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" "lang": "eng",
}, "value": "Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX X9000 Storage allows remote attackers to obtain sensitive information via unknown vectors."
{ }
"name" : "SSRT100960", ]
"refsource" : "HP", },
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100960",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876"
},
{
"name": "HPSBST02818",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03510876"
}
]
}
} }

128
2012/4xxx/CVE-2012-4027.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4027", "ID": "CVE-2012-4027",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in Tridium Niagara AX Framework allows remote attackers to read files outside of the intended images, nav, and px folders by leveraging incorrect permissions, as demonstrated by reading the config.bog file."
{ }
"name" : "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf", ]
"refsource" : "CONFIRM", },
"url" : "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html",
"refsource": "MISC",
"url": "http://www.washingtonpost.com/investigations/tridiums-niagara-framework-marvel-of-connectivity-illustrates-new-cyber-risks/2012/07/11/gJQARJL6dW_story.html"
},
{
"name": "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf",
"refsource": "CONFIRM",
"url": "https://www.tridium.com/galleries/briefings/NiagaraAX_Framework_Software_Security_Alert.pdf"
}
]
}
} }

228
2012/4xxx/CVE-2012-4295.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4295", "ID": "CVE-2012-4295",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419" "lang": "eng",
}, "value": "Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-16.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563" ]
}, },
{ "references": {
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" "name": "55035",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55035"
"name" : "GLSA-201308-05", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-erf.c?r1=44419&r2=44418&pathrev=44419"
"name" : "openSUSE-SU-2012:1067", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15514562" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "55035", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55035" "name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=44419"
"name" : "oval:org.mitre.oval:def:15718", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718" "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3",
}, "refsource": "CONFIRM",
{ "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3"
"name" : "51363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51363" "name": "GLSA-201308-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name" : "50276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50276" "name": "51363",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51363"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "http://www.wireshark.org/security/wnpa-sec-2012-16.html",
} "refsource": "CONFIRM",
] "url": "http://www.wireshark.org/security/wnpa-sec-2012-16.html"
} },
{
"name": "oval:org.mitre.oval:def:15718",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15718"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7563"
},
{
"name": "50276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50276"
},
{
"name": "openSUSE-SU-2012:1067",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15514562"
}
]
}
} }

228
2012/4xxx/CVE-2012-4298.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4298", "ID": "CVE-2012-4298",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075" "lang": "eng",
}, "value": "Integer signedness error in the vwr_read_rec_data_ethernet function in wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 1.8.x before 1.8.2 allows user-assisted remote attackers to execute arbitrary code via a crafted packet-trace file that triggers a buffer overflow."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-25.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-25.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533" ]
}, },
{ "references": {
"name" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3" "name": "55035",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55035"
"name" : "GLSA-201308-05", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml" "name": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075",
}, "refsource": "CONFIRM",
{ "url": "http://anonsvn.wireshark.org/viewvc/trunk/wiretap/vwr.c?r1=44075&r2=44074&pathrev=44075"
"name" : "openSUSE-SU-2012:1067", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15514562" "name": "54425",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54425"
"name" : "55035", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55035" "name": "http://www.wireshark.org/security/wnpa-sec-2012-25.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2012-25.html"
"name" : "oval:org.mitre.oval:def:15777", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15777" "name": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3",
}, "refsource": "CONFIRM",
{ "url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark3"
"name" : "51363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51363" "name": "GLSA-201308-05",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name" : "50276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50276" "name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7533"
"name" : "54425", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54425" "name": "51363",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/51363"
} },
{
"name": "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?revision=44075&view=revision"
},
{
"name": "oval:org.mitre.oval:def:15777",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15777"
},
{
"name": "50276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50276"
},
{
"name": "openSUSE-SU-2012:1067",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15514562"
}
]
}
} }

148
2012/4xxx/CVE-2012-4567.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4567", "ID": "CVE-2012-4567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121005 CVE request: LetoDMS, more issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/06/1" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS (formerly MyDMS) before 3.3.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) inc/inc.ClassUI.php or (2) out/out.DocumentNotify.php."
{ }
"name" : "[oss-security] 20121031 CVE request: LetoDMS, more issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/10/31/7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "55822", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/55822" ]
} },
] "references": {
} "reference_data": [
{
"name": "[oss-security] 20121005 CVE request: LetoDMS, more issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/06/1"
},
{
"name": "[oss-security] 20121031 CVE request: LetoDMS, more issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/31/7"
},
{
"name": "55822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55822"
},
{
"name": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/mydms/code/HEAD/tree/trunk/CHANGELOG"
}
]
}
} }

138
2012/4xxx/CVE-2012-4952.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-4952", "ID": "CVE-2012-4952",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dentrix.com/support/software-updates/g5.aspx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dentrix.com/support/software-updates/g5.aspx" "lang": "eng",
}, "value": "Henry Schein Dentrix G5 before 15.1.294 has a single internal-database password that is shared across different customers' installations, which allows remote attackers to obtain sensitive information about patients by leveraging knowledge of this password from another installation."
{ }
"name" : "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK", ]
"refsource" : "CONFIRM", },
"url" : "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#948155", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/948155" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dentrix.com/support/software-updates/g5.aspx",
"refsource": "CONFIRM",
"url": "http://www.dentrix.com/support/software-updates/g5.aspx"
},
{
"name": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JALR-8ZRHUK"
},
{
"name": "VU#948155",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/948155"
}
]
}
} }

32
2012/6xxx/CVE-2012-6480.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6480", "ID": "CVE-2012-6480",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2012/6xxx/CVE-2012-6565.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6565", "ID": "CVE-2012-6565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
"refsource": "CONFIRM",
"url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
}
]
}
} }

138
2017/2xxx/CVE-2017-2173.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2173", "ID": "CVE-2017-2173",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Empirical Project Monitor - eXtended", "product_name": "Empirical Project Monitor - eXtended",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "all versions" "version_value": "all versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ipa.go.jp/sec/info/20170519.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ipa.go.jp/sec/info/20170519.html" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#85512750", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN85512750/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2017-000096", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096" "lang": "eng",
} "value": "Cross-site scripting"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#85512750",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN85512750/index.html"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVNDB-2017-000096",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000096"
}
]
}
} }

138
2017/2xxx/CVE-2017-2206.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2206", "ID": "CVE-2017-2206",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "The installer of SaAT Netizen", "product_name": "The installer of SaAT Netizen",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ver.1.2.10.510 and earlier" "version_value": "ver.1.2.10.510 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetMove Corporation" "vendor_name": "NetMove Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php" "lang": "eng",
}, "value": "Untrusted search path vulnerability in the installer of SaAT Netizen ver.1.2.10.510 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "JVN#91170929", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN91170929/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98817", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98817" "lang": "eng",
} "value": "Untrusted search path vulnerability"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php",
"refsource": "CONFIRM",
"url": "https://www.saat.jp/information/netizen/2017/0531_security_update_info.php"
},
{
"name": "JVN#91170929",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN91170929/index.html"
},
{
"name": "98817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98817"
}
]
}
} }

118
2017/2xxx/CVE-2017-2289.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2289", "ID": "CVE-2017-2289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Installer of Qua station connection tool for Windows", "product_name": "Installer of Qua station connection tool for Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1.00.03" "version_value": "version 1.00.03"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "KDDI CORPORATION" "vendor_name": "KDDI CORPORATION"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#81659403", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN81659403/index.html" "lang": "eng",
} "value": "Untrusted search path vulnerability in Installer of Qua station connection tool for Windows version 1.00.03 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81659403",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN81659403/index.html"
}
]
}
} }

128
2017/2xxx/CVE-2017-2543.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2543", "ID": "CVE-2017-2543",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Multi-Touch\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207797", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207797" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Multi-Touch\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "1038484", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038484" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
} }

128
2017/6xxx/CVE-2017-6068.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6068", "ID": "CVE-2017-6068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.yiwang6.cn/Subrion-CSRF1.docx", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.yiwang6.cn/Subrion-CSRF1.docx" "lang": "eng",
}, "value": "Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can create any block, and can optionally insert XSS via the content parameter."
{ }
"name" : "97091", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97091" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.yiwang6.cn/Subrion-CSRF1.docx",
"refsource": "MISC",
"url": "https://www.yiwang6.cn/Subrion-CSRF1.docx"
},
{
"name": "97091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97091"
}
]
}
} }

32
2017/6xxx/CVE-2017-6107.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6107", "ID": "CVE-2017-6107",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/6xxx/CVE-2017-6120.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6120", "ID": "CVE-2017-6120",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/6xxx/CVE-2017-6124.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6124", "ID": "CVE-2017-6124",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/6xxx/CVE-2017-6494.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6494", "ID": "CVE-2017-6494",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/6xxx/CVE-2017-6847.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6847", "ID": "CVE-2017-6847",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/" "lang": "eng",
} "value": "The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h/"
}
]
}
} }

32
2017/7xxx/CVE-2017-7182.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7182", "ID": "CVE-2017-7182",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/11xxx/CVE-2018-11429.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11429", "ID": "CVE-2018-11429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md" "lang": "eng",
}, "value": "ATLANT (ATL) is a smart contract running on Ethereum. The mint function has an integer overflow that allows minted tokens to be arbitrarily retrieved by the contract owner."
{ }
"name" : "https://github.com/dwfault/AirTokens/tree/master/ATLANT", ]
"refsource" : "MISC", },
"url" : "https://github.com/dwfault/AirTokens/tree/master/ATLANT" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/dwfault/AirTokens/blob/master/SPXToken/mint%20interger%20overflow.md"
},
{
"name": "https://github.com/dwfault/AirTokens/tree/master/ATLANT",
"refsource": "MISC",
"url": "https://github.com/dwfault/AirTokens/tree/master/ATLANT"
}
]
}
} }

32
2018/11xxx/CVE-2018-11767.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11767", "ID": "CVE-2018-11767",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14122.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14122", "ID": "CVE-2018-14122",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14189.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14189", "ID": "CVE-2018-14189",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/14xxx/CVE-2018-14320.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14320", "ID": "CVE-2018-14320",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PoDoFo PoDoFo", "product_name": "PoDoFo PoDoFo",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.9.5" "version_value": "0.9.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "PoDoFo" "vendor_name": "PoDoFo"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-119-Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-1046", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-1046" "lang": "eng",
} "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within PdfEncoding::ParseToUnicode. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-5673."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119-Improper Restriction of Operations within the Bounds of a Memory Buffer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-1046",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-1046"
}
]
}
} }

32
2018/15xxx/CVE-2018-15095.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15095", "ID": "CVE-2018-15095",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15251.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15251", "ID": "CVE-2018-15251",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15337.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15337", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-15337",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15662.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15662", "ID": "CVE-2018-15662",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/15xxx/CVE-2018-15672.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-15672", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-15672",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11207. Reason: This candidate is a reservation duplicate of CVE-2018-11207. Notes: All CVE users should reference CVE-2018-11207 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-11207. Reason: This candidate is a reservation duplicate of CVE-2018-11207. Notes: All CVE users should reference CVE-2018-11207 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

118
2018/15xxx/CVE-2018-15684.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15684", "ID": "CVE-2018-15684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://rastating.github.io/xbtit-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive data."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://rastating.github.io/xbtit-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://rastating.github.io/xbtit-multiple-vulnerabilities/"
}
]
}
} }

288
2018/20xxx/CVE-2018-20346.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20346", "ID": "CVE-2018-20346",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html" "lang": "eng",
}, "value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
{ }
"name" : "https://access.redhat.com/articles/3758321", ]
"refsource" : "MISC", },
"url" : "https://access.redhat.com/articles/3758321" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://blade.tencent.com/magellan/index_en.html", "description": [
"refsource" : "MISC", {
"url" : "https://blade.tencent.com/magellan/index_en.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659379", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659379" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659677", "reference_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1659677" "name": "https://worthdoingbadly.com/sqlitebug/",
}, "refsource": "MISC",
{ "url": "https://worthdoingbadly.com/sqlitebug/"
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", },
"refsource" : "MISC", {
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
"name" : "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e", },
"refsource" : "MISC", {
"url" : "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
"name" : "https://crbug.com/900910", },
"refsource" : "MISC", {
"url" : "https://crbug.com/900910" "name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
"name" : "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html", },
"refsource" : "MISC", {
"url" : "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html" "name": "https://www.synology.com/security/advisory/Synology_SA_18_61",
}, "refsource": "CONFIRM",
{ "url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
"name" : "https://news.ycombinator.com/item?id=18685296", },
"refsource" : "MISC", {
"url" : "https://news.ycombinator.com/item?id=18685296" "name": "https://access.redhat.com/articles/3758321",
}, "refsource": "MISC",
{ "url": "https://access.redhat.com/articles/3758321"
"name" : "https://sqlite.org/src/info/940f2adc8541a838", },
"refsource" : "MISC", {
"url" : "https://sqlite.org/src/info/940f2adc8541a838" "name": "https://blade.tencent.com/magellan/index_en.html",
}, "refsource": "MISC",
{ "url": "https://blade.tencent.com/magellan/index_en.html"
"name" : "https://sqlite.org/src/info/d44318f59044162e", },
"refsource" : "MISC", {
"url" : "https://sqlite.org/src/info/d44318f59044162e" "name": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html",
}, "refsource": "MISC",
{ "url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
"name" : "https://worthdoingbadly.com/sqlitebug/", },
"refsource" : "MISC", {
"url" : "https://worthdoingbadly.com/sqlitebug/" "name": "https://news.ycombinator.com/item?id=18685296",
}, "refsource": "MISC",
{ "url": "https://news.ycombinator.com/item?id=18685296"
"name" : "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html", },
"refsource" : "MISC", {
"url" : "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html" "name": "https://sqlite.org/src/info/940f2adc8541a838",
}, "refsource": "MISC",
{ "url": "https://sqlite.org/src/info/940f2adc8541a838"
"name" : "https://www.sqlite.org/releaselog/3_25_3.html", },
"refsource" : "MISC", {
"url" : "https://www.sqlite.org/releaselog/3_25_3.html" "name": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e",
}, "refsource": "MISC",
{ "url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
"name" : "https://www.synology.com/security/advisory/Synology_SA_18_61", },
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/security/advisory/Synology_SA_18_61" "name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html",
}, "refsource": "MISC",
{ "url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html"
"name" : "106323", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106323" "name": "106323",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/106323"
"name" : "FreeBSD-EN-19:03", },
"refsource" : "FREEBSD", {
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc" "name": "https://crbug.com/900910",
} "refsource": "MISC",
] "url": "https://crbug.com/900910"
} },
{
"name": "https://sqlite.org/src/info/d44318f59044162e",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://www.sqlite.org/releaselog/3_25_3.html",
"refsource": "MISC",
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
}
]
}
} }

32
2018/20xxx/CVE-2018-20447.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20447", "ID": "CVE-2018-20447",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20668.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20668", "ID": "CVE-2018-20668",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9635.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9635", "ID": "CVE-2018-9635",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9813.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9813", "ID": "CVE-2018-9813",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/9xxx/CVE-2018-9849.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9849", "ID": "CVE-2018-9849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730" "lang": "eng",
}, "value": "Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document."
{ }
"name" : "104160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104160" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104160"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730"
}
]
}
} }