admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:16:38 +00:00
parent c933ee49cb
commit b7c181f141
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3823 additions and 3823 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

188
2002/0xxx/CVE-2002-0363.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0363", "ID": "CVE-2002-0363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html" "lang": "eng",
}, "value": "ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice."
{ }
"name" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html", ]
"refsource" : "MISC", },
"url" : "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2002:083", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-083.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2002:123", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2002-123.html" ]
}, },
{ "references": {
"name" : "RHSA-2003:209", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-209.html" "name": "RHSA-2003:209",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-209.html"
"name" : "CSSA-2002-026.0", },
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt" "name": "4937",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4937"
"name" : "ghostscript-postscript-command-execution(9254)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9254.php" "name": "CSSA-2002-026.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt"
"name" : "4937", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4937" "name": "ghostscript-postscript-command-execution(9254)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/9254.php"
} },
{
"name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html",
"refsource": "MISC",
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html"
},
{
"name": "RHSA-2002:083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-083.html"
},
{
"name": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html",
"refsource": "MISC",
"url": "http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html"
},
{
"name": "RHSA-2002:123",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-123.html"
}
]
}
} }

158
2002/0xxx/CVE-2002-0377.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0377", "ID": "CVE-2002-0377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020512 Gaim abritary Email Reading", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102130733815285&w=2" "lang": "eng",
}, "value": "Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files."
{ }
"name" : "20020511 Gaim abritary Email Reading", ]
"refsource" : "VULN-DEV", },
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://gaim.sourceforge.net/ChangeLog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://gaim.sourceforge.net/ChangeLog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "gaim-email-access(9061)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9061.php" ]
}, },
{ "references": {
"name" : "4730", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4730" "name": "20020512 Gaim abritary Email Reading",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=102130733815285&w=2"
} },
{
"name": "4730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4730"
},
{
"name": "http://gaim.sourceforge.net/ChangeLog",
"refsource": "CONFIRM",
"url": "http://gaim.sourceforge.net/ChangeLog"
},
{
"name": "20020511 Gaim abritary Email Reading",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html"
},
{
"name": "gaim-email-access(9061)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9061.php"
}
]
}
} }

168
2002/0xxx/CVE-2002-0484.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0484", "ID": "CVE-2002-0484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/263259" "lang": "eng",
}, "value": "move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system."
{ }
"name" : "20020317 move_uploaded_file breaks safe_mode restrictions in PHP", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/262999" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101683938806677&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://bugs.php.net/bug.php?id=16128", ]
"refsource" : "CONFIRM", }
"url" : "http://bugs.php.net/bug.php?id=16128" ]
}, },
{ "references": {
"name" : "php-moveuploadedfile-create-files(8591)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8591.php" "name": "20020317 move_uploaded_file breaks safe_mode restrictions in PHP",
}, "refsource": "BUGTRAQ",
{ "url": "http://online.securityfocus.com/archive/1/262999"
"name" : "4325", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4325" "name": "http://bugs.php.net/bug.php?id=16128",
} "refsource": "CONFIRM",
] "url": "http://bugs.php.net/bug.php?id=16128"
} },
{
"name": "php-moveuploadedfile-create-files(8591)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8591.php"
},
{
"name": "4325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4325"
},
{
"name": "20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101683938806677&w=2"
},
{
"name": "20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263259"
}
]
}
} }

148
2002/0xxx/CVE-2002-0671.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0671", "ID": "CVE-2002-0671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "A071202-1", "description_data": [
"refsource" : "ATSTAKE", {
"url" : "http://www.atstake.com/research/advisories/2002/a071202-1.txt" "lang": "eng",
}, "value": "Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing."
{ }
"name" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp", ]
"refsource" : "CONFIRM", },
"url" : "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "pingtel-xpressa-dns-spoofing(9566)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9566.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5224", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5224" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp",
"refsource": "CONFIRM",
"url": "http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp"
},
{
"name": "A071202-1",
"refsource": "ATSTAKE",
"url": "http://www.atstake.com/research/advisories/2002/a071202-1.txt"
},
{
"name": "5224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5224"
},
{
"name": "pingtel-xpressa-dns-spoofing(9566)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9566.php"
}
]
}
} }

178
2002/1xxx/CVE-2002-1230.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1230", "ID": "CVE-2002-1230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via \"shatter\" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka \"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://getad.chat.ru/", "description_data": [
"refsource" : "MISC", {
"url" : "http://getad.chat.ru/" "lang": "eng",
}, "value": "NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via \"shatter\" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka \"Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation.\""
{ }
"name" : "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html", ]
"refsource" : "MISC", },
"url" : "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS02-071", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "N-027", ]
"refsource" : "CIAC", }
"url" : "http://www.ciac.org/ciac/bulletins/n-027.shtml" ]
}, },
{ "references": {
"name" : "5927", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5927" "name": "N-027",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/n-027.shtml"
"name" : "oval:org.mitre.oval:def:681", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681" "name": "5927",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5927"
"name" : "win-netdde-gain-privileges(10343)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10343.php" "name": "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html",
} "refsource": "MISC",
] "url": "http://www.packetstormsecurity.nl/filedesc/GetAd.c.html"
} },
{
"name": "MS02-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071"
},
{
"name": "http://getad.chat.ru/",
"refsource": "MISC",
"url": "http://getad.chat.ru/"
},
{
"name": "oval:org.mitre.oval:def:681",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681"
},
{
"name": "win-netdde-gain-privileges(10343)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10343.php"
}
]
}
} }

148
2002/1xxx/CVE-2002-1889.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1889", "ID": "CVE-2002-1889",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021004 vulnerabilities in logsurfer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/294131" "lang": "eng",
}, "value": "Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry."
{ }
"name" : "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc", ]
"refsource" : "CONFIRM", },
"url" : "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5898", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5898" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "logsurfer-contextaction-offbyone-bo(10287)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10287.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "5898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5898"
},
{
"name": "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc",
"refsource": "CONFIRM",
"url": "ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/logsurfer.README.asc"
},
{
"name": "logsurfer-contextaction-offbyone-bo(10287)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10287.php"
},
{
"name": "20021004 vulnerabilities in logsurfer",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/294131"
}
]
}
} }

128
2002/1xxx/CVE-2002-1916.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1916", "ID": "CVE-2002-1916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html" "lang": "eng",
}, "value": "Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename for saving queries."
{ }
"name" : "pirch-auto-log-dos(10395)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10395.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6F00A205QQ.html"
},
{
"name": "pirch-auto-log-dos(10395)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10395.php"
}
]
}
} }

158
2002/2xxx/CVE-2002-2068.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2068", "ID": "CVE-2002-2068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/251565" "lang": "eng",
}, "value": "Eraser 5.3 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
{ }
"name" : "http://www.seifried.org/security/advisories/kssa-003.html", ]
"refsource" : "MISC", },
"url" : "http://www.seifried.org/security/advisories/kssa-003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "M-034", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3912", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3912" ]
}, },
{ "references": {
"name" : "ntfs-ads-file-wipe(7953)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7953.php" "name": "3912",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/3912"
} },
{
"name": "http://www.seifried.org/security/advisories/kssa-003.html",
"refsource": "MISC",
"url": "http://www.seifried.org/security/advisories/kssa-003.html"
},
{
"name": "ntfs-ads-file-wipe(7953)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7953.php"
},
{
"name": "M-034",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
},
{
"name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251565"
}
]
}
} }

148
2002/2xxx/CVE-2002-2138.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2138", "ID": "CVE-2002-2138",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0207-198", "description_data": [
"refsource" : "HP", {
"url" : "http://online.securityfocus.com/advisories/4268" "lang": "eng",
}, "value": "RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when running HP-UX 11.00 or 11.11, allows remote attackers to cause a denial of service (panic) via a malformed UDP packet on port 139."
{ }
"name" : "5195", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5195" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:5654", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5654" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "hp-as-rfcnetbios-dos(9536)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9536.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "HPSBUX0207-198",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4268"
},
{
"name": "5195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5195"
},
{
"name": "oval:org.mitre.oval:def:5654",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5654"
},
{
"name": "hp-as-rfcnetbios-dos(9536)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9536.php"
}
]
}
} }

198
2005/1xxx/CVE-2005-1280.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-1280", "ID": "CVE-2005-1280",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/396930" "lang": "eng",
}, "value": "The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4."
{ }
"name" : "FLSA:156139", ]
"refsource" : "FEDORA", },
"url" : "http://www.securityfocus.com/archive/1/430292/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2005:417", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-417.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:421", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-421.html" ]
}, },
{ "references": {
"name" : "SCOSA-2005.60", "reference_data": [
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt" "name": "20050426 tcpdump(/ethereal)[]: (RSVP) rsvp_print() infinite loop DOS.",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/396930"
"name" : "13390", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13390" "name": "15125",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15125"
"name" : "oval:org.mitre.oval:def:10732", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732" "name": "RHSA-2005:421",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-421.html"
"name" : "18146", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18146" "name": "oval:org.mitre.oval:def:10732",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10732"
"name" : "15125", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15125" "name": "RHSA-2005:417",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2005-417.html"
} },
{
"name": "FLSA:156139",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430292/100/0/threaded"
},
{
"name": "SCOSA-2005.60",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.60/SCOSA-2005.60.txt"
},
{
"name": "18146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18146"
},
{
"name": "13390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13390"
}
]
}
} }

138
2005/1xxx/CVE-2005-1816.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1816", "ID": "CVE-2005-1816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html" "lang": "eng",
}, "value": "Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to add themselves or other users to the root admin group via the \"Move users in this group to\" screen."
{ }
"name" : "13797", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13797" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15545", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15545" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "15545",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15545"
},
{
"name": "13797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13797"
},
{
"name": "20050528 Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0635.html"
}
]
}
} }

118
2005/1xxx/CVE-2005-1837.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1837", "ID": "CVE-2005-1837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050601 Backdoor in =?ISO-8859-1?Q?Fortinet=B4s_firewall_Fortigate?=", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111773657526375&w=2" "lang": "eng",
} "value": "Fortinet firewall running FortiOS 2.x contains a hardcoded username with the password set to the serial number, which allows local users with console access to gain privileges."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050601 Backdoor in =?ISO-8859-1?Q?Fortinet=B4s_firewall_Fortigate?=",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111773657526375&w=2"
}
]
}
} }

32
2009/0xxx/CVE-2009-0117.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0117", "ID": "CVE-2009-0117",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2009/0xxx/CVE-2009-0209.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2009-0209", "ID": "CVE-2009-0209",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/506826/100/0/threaded" "lang": "eng",
} "value": "PI Server in OSIsoft PI System before 3.4.380.x does not properly use encryption in the default authentication process, which allows remote attackers to read or modify information in databases via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090930 C4 SCADA Security Advisory - OSISoft PI Server Authentication Weakness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506826/100/0/threaded"
}
]
}
} }

158
2009/1xxx/CVE-2009-1202.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1202", "ID": "CVE-2009-1202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504516/100/0/threaded" "lang": "eng",
}, "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705."
{ }
"name" : "35480", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35480" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1022457", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022457" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35511", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35511" ]
}, },
{ "references": {
"name" : "ADV-2009-1713", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1713" "name": "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
} },
{
"name": "1022457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022457"
},
{
"name": "35480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35480"
},
{
"name": "ADV-2009-1713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1713"
},
{
"name": "35511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35511"
}
]
}
} }

138
2009/1xxx/CVE-2009-1331.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1331", "ID": "CVE-2009-1331",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8445", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8445" "lang": "eng",
}, "value": "Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid."
{ }
"name" : "34534", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34534" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53804", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53804" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "34534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34534"
},
{
"name": "53804",
"refsource": "OSVDB",
"url": "http://osvdb.org/53804"
},
{
"name": "8445",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8445"
}
]
}
} }

168
2009/1xxx/CVE-2009-1436.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1436", "ID": "CVE-2009-1436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756" "lang": "eng",
}, "value": "The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file."
{ }
"name" : "FreeBSD-SA-09:07", ]
"refsource" : "FREEBSD", },
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34666", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34666" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53918", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/53918" ]
}, },
{ "references": {
"name" : "1022113", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022113" "name": "34666",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34666"
"name" : "34810", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34810" "name": "53918",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/53918"
} },
{
"name": "FreeBSD-SA-09:07",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-09:07.libc.asc"
},
{
"name": "34810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34810"
},
{
"name": "1022113",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022113"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10756"
}
]
}
} }

188
2009/1xxx/CVE-2009-1831.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1831", "ID": "CVE-2009-1831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8767", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8767" "lang": "eng",
}, "value": "The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow."
{ }
"name" : "8770", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8770" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8772", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8772" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8783", ]
"refsource" : "EXPLOIT-DB", }
"url" : "https://www.exploit-db.com/exploits/8783" ]
}, },
{ "references": {
"name" : "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html" "name": "35052",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35052"
"name" : "35052", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35052" "name": "8783",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/8783"
"name" : "oval:org.mitre.oval:def:15683", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683" "name": "winamp-maki-overflow(50664)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664"
"name" : "winamp-maki-overflow(50664)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50664" "name": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html",
} "refsource": "MISC",
] "url": "http://vrt-sourcefire.blogspot.com/2009/05/winamp-maki-parsing-vulnerability.html"
} },
{
"name": "oval:org.mitre.oval:def:15683",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15683"
},
{
"name": "8770",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8770"
},
{
"name": "8767",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8767"
},
{
"name": "8772",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8772"
}
]
}
} }

248
2009/1xxx/CVE-2009-1902.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1902", "ID": "CVE-2009-1902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501968" "lang": "eng",
}, "value": "The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference."
{ }
"name" : "8241", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8241" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-2654", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html" ]
}, },
{ "references": {
"name" : "FEDORA-2009-2686", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html" "name": "FEDORA-2009-2654",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00487.html"
"name" : "GLSA-200907-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200907-02.xml" "name": "modsecurity-multipart-dos(49212)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49212"
"name" : "SUSE-SR:2009:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "name": "8241",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/8241"
"name" : "34096", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34096" "name": "GLSA-200907-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200907-02.xml"
"name" : "52553", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/52553" "name": "34256",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34256"
"name" : "34256", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34256" "name": "35687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35687"
"name" : "34311", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34311" "name": "52553",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/52553"
"name" : "35687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35687" "name": "34311",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34311"
"name" : "ADV-2009-0703", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0703" "name": "FEDORA-2009-2686",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00529.html"
"name" : "modsecurity-multipart-dos(49212)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49212" "name": "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846",
} "refsource": "CONFIRM",
] "url": "http://sourceforge.net/project/shownotes.php?release_id=667542&group_id=68846"
} },
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "20090319 [ISecAuditors Security Advisories] ModSecurity < 2.5.9 remote Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501968"
},
{
"name": "ADV-2009-0703",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0703"
},
{
"name": "34096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34096"
}
]
}
} }

158
2012/0xxx/CVE-2012-0171.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0171", "ID": "CVE-2012-0171",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"SelectAll Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-023", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"SelectAll Remote Code Execution Vulnerability.\""
{ }
"name" : "TA12-101A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15313", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026901", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026901" ]
}, },
{ "references": {
"name" : "ms-ie-selectall-code-exec(74382)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74382" "name": "MS12-023",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-023"
} },
{
"name": "1026901",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026901"
},
{
"name": "TA12-101A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-101A.html"
},
{
"name": "ms-ie-selectall-code-exec(74382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74382"
},
{
"name": "oval:org.mitre.oval:def:15313",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15313"
}
]
}
} }

32
2012/0xxx/CVE-2012-0476.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0476", "ID": "CVE-2012-0476",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

198
2012/0xxx/CVE-2012-0629.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0629", "ID": "CVE-2012-0629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
{ }
"name" : "APPLE-SA-2012-03-07-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-03-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52365" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:17419", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17419" "name": "52365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52365"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "oval:org.mitre.oval:def:17419",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17419"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "APPLE-SA-2012-03-12-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
} },
{
"name": "48274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48274"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
} }

148
2012/2xxx/CVE-2012-2523.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-2523", "ID": "CVE-2012-2523",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka \"JavaScript Integer Overflow Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-052", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052" "lang": "eng",
}, "value": "Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, and VBScript 5.8 on 64-bit platforms allows remote attackers to execute arbitrary code by leveraging an incorrect size calculation during object copying, aka \"JavaScript Integer Overflow Remote Code Execution Vulnerability.\""
{ }
"name" : "MS12-056", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-056" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA12-227A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:15790", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15790" ]
} },
] "references": {
} "reference_data": [
{
"name": "MS12-052",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-052"
},
{
"name": "MS12-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-056"
},
{
"name": "TA12-227A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
},
{
"name": "oval:org.mitre.oval:def:15790",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15790"
}
]
}
} }

158
2012/3xxx/CVE-2012-3292.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3292", "ID": "CVE-2012-3292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://jira.globus.org/browse/GT-195", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://jira.globus.org/browse/GT-195" "lang": "eng",
}, "value": "The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf macros are defined, does not properly check the return value from the getpwnam_r function, which might allow remote attackers to gain privileges by logging in with a user that does not exist, which causes GridFTP to run as the last user in the password file."
{ }
"name" : "DSA-2523", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2012/dsa-2523" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2012-8445", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2012-8461", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html" ]
}, },
{ "references": {
"name" : "FEDORA-2012-8488", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html" "name": "FEDORA-2012-8488",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081787.html"
} },
{
"name": "DSA-2523",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2523"
},
{
"name": "http://jira.globus.org/browse/GT-195",
"refsource": "CONFIRM",
"url": "http://jira.globus.org/browse/GT-195"
},
{
"name": "FEDORA-2012-8445",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081797.html"
},
{
"name": "FEDORA-2012-8461",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081791.html"
}
]
}
} }

138
2012/3xxx/CVE-2012-3486.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3486", "ID": "CVE-2012-3486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html" "lang": "eng",
}, "value": "Tunnelblick 3.3beta20 and earlier allows local users to gain privileges via an OpenVPN configuration file that specifies execution of a script upon occurrence of an OpenVPN event."
{ }
"name" : "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/08/14/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/tunnelblick/issues/detail?id=212", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/tunnelblick/issues/detail?id=212" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120812 Re: Tunnel Blick: Multiple Vulnerabilities to Local Root and DoS (OS X)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/14/1"
},
{
"name": "http://code.google.com/p/tunnelblick/issues/detail?id=212",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/tunnelblick/issues/detail?id=212"
},
{
"name": "20120811 OS X Local Root: Silly SUID Helper in Tunnel Blick",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html"
}
]
}
} }

168
2012/3xxx/CVE-2012-3618.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3618", "ID": "CVE-2012-3618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
} }

168
2012/3xxx/CVE-2012-3665.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3665", "ID": "CVE-2012-3665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
} }

32
2012/3xxx/CVE-2012-3905.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3905", "ID": "CVE-2012-3905",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2012/4xxx/CVE-2012-4039.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4039", "ID": "CVE-2012-4039",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

248
2012/4xxx/CVE-2012-4562.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4562", "ID": "CVE-2012-4562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/20/3" "lang": "eng",
}, "value": "Multiple integer overflows in libssh before 0.5.3 allow remote attackers to cause a denial of service (infinite loop or crash) and possibly execute arbitrary code via unspecified vectors, which triggers a buffer overflow, infinite loop, or possibly some other unspecified vulnerabilities."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=871620", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=871620" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2577", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2577" ]
}, },
{ "references": {
"name" : "FEDORA-2012-18610", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html" "name": "SUSE-SU-2012:1520",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html"
"name" : "FEDORA-2012-18677", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html" "name": "DSA-2577",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2577"
"name" : "MDVSA-2012:175", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175" "name": "MDVSA-2012:175",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:175"
"name" : "SUSE-SU-2012:1520", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00015.html" "name": "USN-1640-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1640-1"
"name" : "openSUSE-SU-2012:1620", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html" "name": "openSUSE-SU-2013:0130",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html"
"name" : "openSUSE-SU-2012:1622", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html" "name": "openSUSE-SU-2012:1622",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00016.html"
"name" : "openSUSE-SU-2013:0130", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00021.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=871620",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=871620"
"name" : "USN-1640-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1640-1" "name": "FEDORA-2012-18610",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093313.html"
"name" : "56604", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56604" "name": "openSUSE-SU-2012:1620",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00002.html"
"name" : "libssh-buffer-bo(80221)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221" "name": "[oss-security] 20121120 libssh 0.5.3 release fixes multiple security issues",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/11/20/3"
} },
{
"name": "libssh-buffer-bo(80221)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80221"
},
{
"name": "FEDORA-2012-18677",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/093474.html"
},
{
"name": "56604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56604"
},
{
"name": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/",
"refsource": "CONFIRM",
"url": "http://www.libssh.org/2012/11/20/libssh-0-5-3-security-release/"
}
]
}
} }

32
2012/4xxx/CVE-2012-4724.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-4724", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-4724",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
} }
] ]
} }
} }

158
2012/4xxx/CVE-2012-4864.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4864", "ID": "CVE-2012-4864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18637", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18637" "lang": "eng",
}, "value": "Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file."
{ }
"name" : "http://packetstormsecurity.org/files/111034", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/111034" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52650", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52650" ]
}, },
{ "references": {
"name" : "winlicense-xml-code-execution(74170)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74170" "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php",
} "refsource": "MISC",
] "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5080.php"
} },
{
"name": "52650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52650"
},
{
"name": "http://packetstormsecurity.org/files/111034",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/111034"
},
{
"name": "18637",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18637"
},
{
"name": "winlicense-xml-code-execution(74170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74170"
}
]
}
} }

148
2012/6xxx/CVE-2012-6132.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6132", "ID": "CVE-2012-6132",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/10/2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter."
{ }
"name" : "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/02/13/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=722672", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=722672" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "roundup-cve20126132-otk-xss(84191)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=722672",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=722672"
},
{
"name": "[oss-security] 20130213 Re: CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/8"
},
{
"name": "[oss-security] 20121110 CVE Request -- roundup: Multiple XSS flaws plus other security related fixes corrected in upstream 1.4.20 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/2"
},
{
"name": "roundup-cve20126132-otk-xss(84191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84191"
}
]
}
} }

32
2012/6xxx/CVE-2012-6343.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6343", "ID": "CVE-2012-6343",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2012/6xxx/CVE-2012-6464.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6464", "ID": "CVE-2012-6464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/unified/1210/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/unified/1210/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript code that overrides methods of unspecified native objects in documents that have different origins."
{ }
"name" : "http://www.opera.com/support/kb/view/1032/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/support/kb/view/1032/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/support/kb/view/1032/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1032/"
},
{
"name": "http://www.opera.com/docs/changelogs/unified/1210/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unified/1210/"
}
]
}
} }

32
2012/6xxx/CVE-2012-6483.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6483", "ID": "CVE-2012-6483",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2017/2xxx/CVE-2017-2350.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2350", "ID": "CVE-2017-2350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207482", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207482" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207484", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207484" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207485", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207485" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201706-15", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-15" ]
}, },
{ "references": {
"name" : "95727", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/95727" "name": "95727",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/95727"
"name" : "1037668", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037668" "name": "https://support.apple.com/HT207485",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT207485"
} },
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207484",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207484"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
}
]
}
} }

182
2017/2xxx/CVE-2017-2594.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2594", "ID": "CVE-2017-2594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "hawtio", "product_name": "hawtio",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "hawtio 2.0-beta-1" "version_value": "hawtio 2.0-beta-1"
}, },
{ {
"version_value" : " hawtio 2.0-beta-2 hawtio 2.0-M1" "version_value": " hawtio 2.0-beta-2 hawtio 2.0-M1"
}, },
{ {
"version_value" : " hawtio 2.0-M2" "version_value": " hawtio 2.0-M2"
}, },
{ {
"version_value" : " hawtio 2.0-M3" "version_value": " hawtio 2.0-M3"
}, },
{ {
"version_value" : " hawtio 1.5" "version_value": " hawtio 1.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "" "vendor_name": ""
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-209"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://access.redhat.com/errata/RHSA-2017:1832", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://access.redhat.com/errata/RHSA-2017:1832" "lang": "eng",
}, "value": "hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, and 1.5 is vulnerable to a path traversal that leads to a NullPointerException with a full stacktrace. An attacker could use this flaw to gather undisclosed information from within hawtio's root."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594" "impact": {
}, "cvss": [
{ [
"name" : "95793", {
"refsource" : "BID", "vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"url" : "http://www.securityfocus.com/bid/95793" "version": "3.0"
} }
] ]
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2594"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:1832",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/errata/RHSA-2017:1832"
},
{
"name": "95793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95793"
}
]
}
} }

32
2017/6xxx/CVE-2017-6047.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6047", "ID": "CVE-2017-6047",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/6xxx/CVE-2017-6577.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6577", "ID": "CVE-2017-6577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin" "lang": "eng",
}, "value": "A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id."
{ }
"name" : "96783", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96783" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96783"
},
{
"name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin",
"refsource": "MISC",
"url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin"
}
]
}
} }

138
2017/6xxx/CVE-2017-6597.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6597", "ID": "CVE-2017-6597",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance", "product_name": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance" "version_value": "Cisco UCS Manager, Cisco Firepower 4100 Series NGFW, and Cisco Firepower 9300 Security Appliance"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Injection Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli" "lang": "eng",
}, "value": "A vulnerability in the local-mgmt CLI command of the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to perform a command injection attack. More Information: CSCvb61394 CSCvb86816. Known Affected Releases: 2.0(1.68) 3.1(1k)A. Known Fixed Releases: 92.2(1.101) 92.1(1.1658) 2.0(1.115)."
{ }
"name" : "97476", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97476" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038195", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038195" "lang": "eng",
} "value": "Command Injection Vulnerability"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1038195",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038195"
},
{
"name": "97476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97476"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-cli"
}
]
}
} }

138
2017/6xxx/CVE-2017-6703.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6703", "ID": "CVE-2017-6703",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Collaboration Provisioning Tool", "product_name": "Cisco Prime Collaboration Provisioning Tool",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Prime Collaboration Provisioning Tool" "version_value": "Cisco Prime Collaboration Provisioning Tool"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Session Hijacking Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1" "lang": "eng",
}, "value": "A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an unauthenticated, remote attacker to hijack another user's session. More Information: CSCvc90346. Known Affected Releases: 12.1."
{ }
"name" : "99224", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99224" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038744", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038744" "lang": "eng",
} "value": "Session Hijacking Vulnerability"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1038744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038744"
},
{
"name": "99224",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99224"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170621-pcp1"
}
]
}
} }

138
2018/11xxx/CVE-2018-11182.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11182", "ID": "CVE-2018-11182",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 40 of 46)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
} }

32
2018/11xxx/CVE-2018-11246.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11246", "ID": "CVE-2018-11246",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/11xxx/CVE-2018-11334.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11334", "ID": "CVE-2018-11334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\\\.\\pipe\\WindscribeService."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68", "description_data": [
"refsource" : "MISC", {
"url" : "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68" "lang": "eng",
} "value": "Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\\\.\\pipe\\WindscribeService."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68",
"refsource": "MISC",
"url": "https://gist.github.com/drmint80/e5f8a3b8b8324c50a85d9b8623197c68"
}
]
}
} }

128
2018/11xxx/CVE-2018-11961.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11961", "ID": "CVE-2018-11961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in GPS."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin" "lang": "eng",
}, "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations."
{ }
"name" : "106136", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106136" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in GPS."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106136"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/12/03/december-2018-code-aurora-security-bulletin"
}
]
}
} }

32
2018/14xxx/CVE-2018-14215.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14215", "ID": "CVE-2018-14215",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/14xxx/CVE-2018-14308.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14308", "ID": "CVE-2018-14308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.5096" "version_value": "9.0.1.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-768", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-768" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the valueAsString function. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6326."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-768",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-768"
}
]
}
} }

208
2018/14xxx/CVE-2018-14600.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14600", "ID": "CVE-2018-14600",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20180821 X.Org security advisory: August 21, 2018", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2018/08/21/6" "lang": "eng",
}, "value": "An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution."
{ }
"name" : "[xorg-announce] 20180821 libX11 1.6.6", ]
"refsource" : "MLIST", },
"url" : "https://lists.x.org/archives/xorg-announce/2018-August/002916.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1102068", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1102068" ]
}, },
{ "references": {
"name" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea" "name": "USN-3758-2",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3758-2/"
"name" : "GLSA-201811-01", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-01" "name": "GLSA-201811-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201811-01"
"name" : "USN-3758-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3758-2/" "name": "105177",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/105177"
"name" : "USN-3758-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3758-1/" "name": "https://bugzilla.suse.com/show_bug.cgi?id=1102068",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.suse.com/show_bug.cgi?id=1102068"
"name" : "105177", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105177" "name": "[oss-security] 20180821 X.Org security advisory: August 21, 2018",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2018/08/21/6"
"name" : "1041543", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041543" "name": "1041543",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1041543"
} },
{
"name": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea",
"refsource": "CONFIRM",
"url": "https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=dbf72805fd9d7b1846fe9a11b46f3994bfc27fea"
},
{
"name": "[debian-lts-announce] 20180829 [SECURITY] [DLA 1482-1] libx11 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00030.html"
},
{
"name": "[xorg-announce] 20180821 libX11 1.6.6",
"refsource": "MLIST",
"url": "https://lists.x.org/archives/xorg-announce/2018-August/002916.html"
},
{
"name": "USN-3758-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3758-1/"
}
]
}
} }

32
2018/15xxx/CVE-2018-15162.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15162", "ID": "CVE-2018-15162",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

186
2018/15xxx/CVE-2018-15444.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600", "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-15444", "ID": "CVE-2018-15444",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Energy Management Suite XML External Entity Vulnerability" "TITLE": "Cisco Energy Management Suite XML External Entity Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Energy Management Suite ", "product_name": "Cisco Energy Management Suite ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.3",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-611"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2018-36", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2018-36" "lang": "eng",
}, "value": "A vulnerability in the web-based user interface of Cisco Energy Management Suite Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by convincing a user of an affected system to import a crafted XML file with malicious entries, which could allow the attacker to read and write files within the affected application."
{ }
"name" : "20181107 Cisco Energy Management Suite XML External Entity Vulnerability", ]
"refsource" : "CISCO", },
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-ems-xml-xxe" "exploit": [
}, {
{ "lang": "eng",
"name" : "105860", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/105860" ],
} "impact": {
] "cvss": {
}, "baseScore": "6.3",
"source" : { "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N ",
"advisory" : "cisco-sa-20181107-ems-xml-xxe", "version": "3.0"
"defect" : [ }
[ },
"CSCvm38505" "problemtype": {
] "problemtype_data": [
], {
"discovery" : "INTERNAL" "description": [
} {
"lang": "eng",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181107 Cisco Energy Management Suite XML External Entity Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-ems-xml-xxe"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-36"
},
{
"name": "105860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105860"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-ems-xml-xxe",
"defect": [
[
"CSCvm38505"
]
],
"discovery": "INTERNAL"
}
} }

176
2018/15xxx/CVE-2018-15455.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-23T16:00:00-0800", "DATE_PUBLIC": "2019-01-23T16:00:00-0800",
"ID" : "CVE-2018-15455", "ID": "CVE-2018-15455",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability" "TITLE": "Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Identity Services Engine Software ", "product_name": "Cisco Identity Services Engine Software ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.1",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20190123 Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss" "lang": "eng",
}, "value": "A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal."
{ }
"name" : "106708", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106708" "exploit": [
} {
] "lang": "eng",
}, "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"source" : { }
"advisory" : "cisco-sa-20190123-isel-xss", ],
"defect" : [ "impact": {
[ "cvss": {
"CSCvm62862" "baseScore": "6.1",
] "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N ",
], "version": "3.0"
"discovery" : "INTERNAL" }
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190123 Cisco Identity Services Engine Logging Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss"
},
{
"name": "106708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106708"
}
]
},
"source": {
"advisory": "cisco-sa-20190123-isel-xss",
"defect": [
[
"CSCvm62862"
]
],
"discovery": "INTERNAL"
}
} }

32
2018/20xxx/CVE-2018-20008.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20008", "ID": "CVE-2018-20008",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/20xxx/CVE-2018-20121.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20121", "ID": "CVE-2018-20121",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/20xxx/CVE-2018-20211.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20211", "ID": "CVE-2018-20211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Dec/44" "lang": "eng",
}, "value": "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)."
{ }
"name" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/44"
},
{
"name": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html"
}
]
}
} }

128
2018/20xxx/CVE-2018-20372.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20372", "ID": "CVE-2018-20372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vulnerability-lab.com/get_content.php?id=1990", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.vulnerability-lab.com/get_content.php?id=1990" "lang": "eng",
}, "value": "TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client."
{ }
"name" : "https://www.youtube.com/watch?v=HUM5myJWbvc", ]
"refsource" : "MISC", },
"url" : "https://www.youtube.com/watch?v=HUM5myJWbvc" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1990",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1990"
},
{
"name": "https://www.youtube.com/watch?v=HUM5myJWbvc",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=HUM5myJWbvc"
}
]
}
} }

118
2018/20xxx/CVE-2018-20776.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20776", "ID": "CVE-2018-20776",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Frog CMS 0.9.5 provides a directory listing for a /public request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/philippe/FrogCMS/issues/21", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/philippe/FrogCMS/issues/21" "lang": "eng",
} "value": "Frog CMS 0.9.5 provides a directory listing for a /public request."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/philippe/FrogCMS/issues/21",
"refsource": "MISC",
"url": "https://github.com/philippe/FrogCMS/issues/21"
}
]
}
} }

32
2018/9xxx/CVE-2018-9097.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9097", "ID": "CVE-2018-9097",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

158
2018/9xxx/CVE-2018-9269.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9269", "ID": "CVE-2018-9269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html" "lang": "eng",
}, "value": "In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-giop.c has a memory leak."
{ }
"name" : "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa", ]
"refsource" : "MISC", }
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa" ]
}, },
{ "references": {
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html", "reference_data": [
"refsource" : "MISC", {
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-24.html" "name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa",
} "refsource": "MISC",
] "url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa"
} },
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-24.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-24.html"
},
{
"name": "[debian-lts-announce] 20190115 [SECURITY] [DLA 1634-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00010.html"
},
{
"name": "[debian-lts-announce] 20180528 [SECURITY] [DLA 1388-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00019.html"
}
]
}
} }