admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:13:55 +00:00
parent d57f51abef
commit b98374fad9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3518 additions and 3518 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0168.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2002:048",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-048.html"
},
{
"name" : "CLA-2002:470",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470"
},
{
"name" : "CSSA-2002-019.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt"
},
{
"name" : "MDKSA-2002:029",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php"
},
{
"name" : "SuSE-SA:2002:015",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html"
},
{
"name" : "4336",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4336"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4336"
},
{
"name": "SuSE-SA:2002:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html"
},
{
"name": "RHSA-2002:048",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-048.html"
},
{
"name": "MDKSA-2002:029",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php"
},
{
"name": "CSSA-2002-019.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt"
},
{
"name": "CLA-2002:470",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470"
}
]
}
}

150
2002/0xxx/CVE-2002-0212.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020126 [ARL02-A01] Vulnerability in Hosting Controller",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101224151705897&w=2"
},
{
"name" : "http://hostingcontroller.com/English/patches/ForAll/index.html",
"refsource" : "MISC",
"url" : "http://hostingcontroller.com/English/patches/ForAll/index.html"
},
{
"name" : "3971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3971"
},
{
"name" : "hosting-controller-brute-force(8006)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8006.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login for Hosting Controller 1.1 through 1.4.1 returns different error messages when a valid or invalid user is provided, which allows remote attackers to determine the existence of valid usernames and makes it easier to conduct a brute force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hostingcontroller.com/English/patches/ForAll/index.html",
"refsource": "MISC",
"url": "http://hostingcontroller.com/English/patches/ForAll/index.html"
},
{
"name": "hosting-controller-brute-force(8006)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8006.php"
},
{
"name": "3971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3971"
},
{
"name": "20020126 [ARL02-A01] Vulnerability in Hosting Controller",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101224151705897&w=2"
}
]
}
}

140
2002/0xxx/CVE-2002-0225.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020130 tac_plus version F4.0.4.alpha on at least Solaris 8 sparc",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/253288"
},
{
"name" : "4003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4003"
},
{
"name" : "tacplus-insecure-accounting-files(8061)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8061.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4003"
},
{
"name": "20020130 tac_plus version F4.0.4.alpha on at least Solaris 8 sparc",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/253288"
},
{
"name": "tacplus-insecure-accounting-files(8061)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8061.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0794.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-02:26",
"refsource" : "FREEBSD",
"url" : "http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html"
},
{
"name" : "4879",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4879"
},
{
"name" : "freebsd-accept-filter-dos(9209)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9209.php"
},
{
"name" : "5081",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "freebsd-accept-filter-dos(9209)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9209.php"
},
{
"name": "4879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4879"
},
{
"name": "5081",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5081"
},
{
"name": "FreeBSD-SA-02:26",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html"
}
]
}
}

160
2002/1xxx/CVE-2002-1147.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tech-serve.com/research/advisories/2002/a092302-1.txt",
"refsource" : "MISC",
"url" : "http://www.tech-serve.com/research/advisories/2002/a092302-1.txt"
},
{
"name" : "20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103287951910420&w=2"
},
{
"name" : "HPSBUX0209-219",
"refsource" : "HP",
"url" : "http://online.securityfocus.com/advisories/4501"
},
{
"name" : "5784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5784"
},
{
"name" : "hp-procurve-http-reset-dos(10172)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10172.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tech-serve.com/research/advisories/2002/a092302-1.txt",
"refsource": "MISC",
"url": "http://www.tech-serve.com/research/advisories/2002/a092302-1.txt"
},
{
"name": "20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103287951910420&w=2"
},
{
"name": "hp-procurve-http-reset-dos(10172)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10172.php"
},
{
"name": "HPSBUX0209-219",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4501"
},
{
"name": "5784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5784"
}
]
}
}

150
2002/1xxx/CVE-2002-1516.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "N-004",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-004.shtml"
},
{
"name" : "20020903-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P"
},
{
"name" : "irix-rpcbind-w-symlink(10272)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10272.php"
},
{
"name" : "5889",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "N-004",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-004.shtml"
},
{
"name": "5889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5889"
},
{
"name": "irix-rpcbind-w-symlink(10272)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10272.php"
},
{
"name": "20020903-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P"
}
]
}
}

140
2002/1xxx/CVE-2002-1591.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.informationweek.com/story/IWK20010927S0021",
"refsource" : "MISC",
"url" : "http://www.informationweek.com/story/IWK20010927S0021"
},
{
"name" : "http://www.instantmessagingplanet.com/security/article.php/10818_1014151",
"refsource" : "MISC",
"url" : "http://www.instantmessagingplanet.com/security/article.php/10818_1014151"
},
{
"name" : "VU#744139",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/744139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.informationweek.com/story/IWK20010927S0021",
"refsource": "MISC",
"url": "http://www.informationweek.com/story/IWK20010927S0021"
},
{
"name": "http://www.instantmessagingplanet.com/security/article.php/10818_1014151",
"refsource": "MISC",
"url": "http://www.instantmessagingplanet.com/security/article.php/10818_1014151"
},
{
"name": "VU#744139",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/744139"
}
]
}
}

150
2002/1xxx/CVE-2002-1607.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SSRT2275",
"refsource" : "HP",
"url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name" : "SSRT2277",
"refsource" : "HP",
"url" : "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name" : "VU#706817",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/706817"
},
{
"name" : "tru64-multiple-binaries-bo(10016)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allows local users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT2275",
"refsource": "HP",
"url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name": "VU#706817",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/706817"
},
{
"name": "SSRT2277",
"refsource": "HP",
"url": "http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11"
},
{
"name": "tru64-multiple-binaries-bo(10016)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10016"
}
]
}
}

140
2002/1xxx/CVE-2002-1734.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to \"logged,true\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook",
"refsource" : "VULN-DEV",
"url" : "http://www.derkeiler.com/Mailing-Lists/securityfocus/vuln-dev/2002-05/0135.html"
},
{
"name" : "4672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4672"
},
{
"name" : "newspro-admin-access(9007)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9007"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NewsPro 1.01 allows remote attackers to gain unauthorized administrator access by setting their authentication cookie to \"logged,true\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4672"
},
{
"name": "newspro-admin-access(9007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9007"
},
{
"name": "20020504 Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook",
"refsource": "VULN-DEV",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/vuln-dev/2002-05/0135.html"
}
]
}
}

150
2003/0xxx/CVE-2003-0110.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0110",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0110",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000 ",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104994487012027&w=2"
},
{
"name" : "http://www.idefense.com/advisory/04.09.03.txt",
"refsource" : "MISC",
"url" : "http://www.idefense.com/advisory/04.09.03.txt"
},
{
"name" : "MS03-012",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012"
},
{
"name" : "oval:org.mitre.oval:def:406",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "BUGTRAQ",
"name": "20030409 iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration Server 2000",
"url": "http://marc.info/?l=bugtraq&m=104994487012027&w=2"
},
{
"name": "oval:org.mitre.oval:def:406",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A406"
},
{
"name": "http://www.idefense.com/advisory/04.09.03.txt",
"refsource": "MISC",
"url": "http://www.idefense.com/advisory/04.09.03.txt"
},
{
"name": "MS03-012",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-012"
}
]
}
}

140
2003/0xxx/CVE-2003-0859.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2003:325",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-325.html"
},
{
"name" : "RHSA-2003:334",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-334.html"
},
{
"name" : "oval:org.mitre.oval:def:11337",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11337"
},
{
"name": "RHSA-2003:325",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-325.html"
},
{
"name": "RHSA-2003:334",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-334.html"
}
]
}
}

120
2003/0xxx/CVE-2003-0902.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0902",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-402",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-402"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-402",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-402"
}
]
}
}

160
2003/1xxx/CVE-2003-1558.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030117 GLSA: fnord",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/307400/30/26270/threaded"
},
{
"name" : "http://www.fefe.de/fnord/",
"refsource" : "CONFIRM",
"url" : "http://www.fefe.de/fnord/"
},
{
"name" : "6635",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6635"
},
{
"name" : "7893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/7893"
},
{
"name" : "fnord-httpdc-cgi-bo(11121)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11121"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to create a denial of service (crash) and possibly execute arbitrary code via a long CGI request passed to the do_cgi function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030117 GLSA: fnord",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/307400/30/26270/threaded"
},
{
"name": "http://www.fefe.de/fnord/",
"refsource": "CONFIRM",
"url": "http://www.fefe.de/fnord/"
},
{
"name": "7893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/7893"
},
{
"name": "6635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6635"
},
{
"name": "fnord-httpdc-cgi-bo(11121)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11121"
}
]
}
}

34
2012/0xxx/CVE-2012-0251.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0251",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0251",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/0xxx/CVE-2012-0321.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kingsoft.jp/support/security/support_news/supportnews_20120229",
"refsource" : "CONFIRM",
"url" : "http://www.kingsoft.jp/support/security/support_news/supportnews_20120229"
},
{
"name" : "JVN#31517714",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN31517714/index.html"
},
{
"name" : "JVNDB-2012-000019",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000019"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the device driver in Kingsoft Internet Security 2011 allows local users to cause a denial of service via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2012-000019",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000019"
},
{
"name": "http://www.kingsoft.jp/support/security/support_news/supportnews_20120229",
"refsource": "CONFIRM",
"url": "http://www.kingsoft.jp/support/security/support_news/supportnews_20120229"
},
{
"name": "JVN#31517714",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN31517714/index.html"
}
]
}
}

34
2012/0xxx/CVE-2012-0357.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0357",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0357",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2012/0xxx/CVE-2012-0446.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-05.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705651",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=705651"
},
{
"name" : "MDVSA-2012:013",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
},
{
"name" : "openSUSE-SU-2012:0234",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
},
{
"name" : "51752",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51752"
},
{
"name" : "oval:org.mitre.oval:def:14304",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304"
},
{
"name" : "49055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49055"
},
{
"name" : "mozilla-xpconnect-xss(72837)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72837"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51752"
},
{
"name": "49055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49055"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=705651",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=705651"
},
{
"name": "mozilla-xpconnect-xss(72837)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72837"
},
{
"name": "MDVSA-2012:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-05.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-05.html"
},
{
"name": "openSUSE-SU-2012:0234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
},
{
"name": "oval:org.mitre.oval:def:14304",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14304"
}
]
}
}

160
2012/0xxx/CVE-2012-0543.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0543",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "53083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53083"
},
{
"name" : "1026949",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026949"
},
{
"name" : "48857",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48857"
},
{
"name": "1026949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026949"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "53083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53083"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

220
2012/0xxx/CVE-2012-0698.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "22904",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/22904/"
},
{
"name" : "http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358"
},
{
"name" : "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601",
"refsource" : "CONFIRM",
"url" : "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601"
},
{
"name" : "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786",
"refsource" : "CONFIRM",
"url" : "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=781648",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=781648"
},
{
"name" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of",
"refsource" : "CONFIRM",
"url" : "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of"
},
{
"name" : "DSA-2576",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2576"
},
{
"name" : "51295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51295"
},
{
"name" : "trousers-tcsd-dos(80226)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a denial of service (daemon crash) via a crafted type_offset value in a TCP packet to port 30003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=3473554&group_id=126012&atid=704358"
},
{
"name": "DSA-2576",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2576"
},
{
"name": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601",
"refsource": "CONFIRM",
"url": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=50dd06a6f639b76b3bb629606ef71b2dc5407601"
},
{
"name": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786",
"refsource": "CONFIRM",
"url": "http://trousers.git.sourceforge.net/git/gitweb.cgi?p=trousers/trousers;a=commit;h=ae0c2f8c1fd7a96ba0191f83b6057f8cbc51e786"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692649"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=781648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781648"
},
{
"name": "trousers-tcsd-dos(80226)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80226"
},
{
"name": "22904",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22904/"
},
{
"name": "http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/118281/TrouSerS-Denial-Of-Service.html"
},
{
"name": "51295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51295"
},
{
"name": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of",
"refsource": "CONFIRM",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2012_0698_denial_of"
}
]
}
}

320
2012/1xxx/CVE-2012-1138.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/06/16"
},
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=733512"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=800597",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=800597"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "GLSA-201204-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201204-04.xml"
},
{
"name" : "MDVSA-2012:057",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057"
},
{
"name" : "SUSE-SU-2012:0483",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html"
},
{
"name" : "SUSE-SU-2012:0521",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html"
},
{
"name" : "SUSE-SU-2012:0484",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html"
},
{
"name" : "openSUSE-SU-2012:0489",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html"
},
{
"name" : "USN-1403-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1403-1"
},
{
"name" : "52318",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52318"
},
{
"name" : "1026765",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026765"
},
{
"name" : "48918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48918"
},
{
"name" : "48951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48951"
},
{
"name" : "48822",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48822"
},
{
"name" : "48973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48973"
},
{
"name" : "48797",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48797"
},
{
"name" : "48508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors involving the MIRP instruction in a TrueType font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48797",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48797"
},
{
"name": "48508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48508"
},
{
"name": "48822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48822"
},
{
"name": "MDVSA-2012:057",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:057"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "52318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52318"
},
{
"name": "USN-1403-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1403-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=733512"
},
{
"name": "48918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48918"
},
{
"name": "[oss-security] 20120306 Re: CVE Request -- FreeType: Multiple security flaws to be fixed in v2.4.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/06/16"
},
{
"name": "SUSE-SU-2012:0484",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00003.html"
},
{
"name": "SUSE-SU-2012:0521",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00015.html"
},
{
"name": "48973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48973"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-21.html"
},
{
"name": "SUSE-SU-2012:0483",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00002.html"
},
{
"name": "1026765",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026765"
},
{
"name": "openSUSE-SU-2012:0489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00004.html"
},
{
"name": "48951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48951"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=800597",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=800597"
},
{
"name": "GLSA-201204-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-04.xml"
}
]
}
}

190
2012/1xxx/CVE-2012-1190.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php"
},
{
"name" : "https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6",
"refsource" : "CONFIRM",
"url" : "https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6"
},
{
"name" : "FEDORA-2012-5599",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079566.html"
},
{
"name" : "FEDORA-2012-5624",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079475.html"
},
{
"name" : "FEDORA-2012-5631",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html"
},
{
"name" : "MDVSA-2012:050",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:050"
},
{
"name" : "52857",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52857"
},
{
"name" : "phpmyadmin-replication-xss(75304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the replication-setup functionality in js/replication.js in phpMyAdmin 3.4.x before 3.4.10.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted database name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php"
},
{
"name": "FEDORA-2012-5599",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079566.html"
},
{
"name": "FEDORA-2012-5631",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079435.html"
},
{
"name": "MDVSA-2012:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:050"
},
{
"name": "FEDORA-2012-5624",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/079475.html"
},
{
"name": "52857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52857"
},
{
"name": "phpmyadmin-replication-xss(75304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75304"
},
{
"name": "https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6",
"refsource": "CONFIRM",
"url": "https://github.com/phpmyadmin/phpmyadmin/commit/86073d532aed656550cb731aa5b4288b126ae7a6"
}
]
}
}

170
2012/1xxx/CVE-2012-1424.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \\19\\04\\00\\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522005"
},
{
"name" : "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource" : "MISC",
"url" : "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name" : "80390",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80390"
},
{
"name" : "80391",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80391"
},
{
"name" : "80392",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80392"
},
{
"name" : "80409",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Jiangmin Antivirus 13.0.900, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a POSIX TAR file with a \\19\\04\\00\\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80391",
"refsource": "OSVDB",
"url": "http://osvdb.org/80391"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80390",
"refsource": "OSVDB",
"url": "http://osvdb.org/80390"
}
]
}
}

210
2012/1xxx/CVE-2012-1947.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1947",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=744541",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=744541"
},
{
"name" : "DSA-2488",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2488"
},
{
"name" : "DSA-2489",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2489"
},
{
"name" : "MDVSA-2012:088",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name" : "RHSA-2012:0710",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
},
{
"name" : "RHSA-2012:0715",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
},
{
"name" : "SUSE-SU-2012:0746",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name" : "openSUSE-SU-2012:0760",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name" : "oval:org.mitre.oval:def:16911",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the utf16_to_isolatin1 function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers to execute arbitrary code via vectors that trigger a character-set conversion failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:088"
},
{
"name": "DSA-2488",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2488"
},
{
"name": "oval:org.mitre.oval:def:16911",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16911"
},
{
"name": "RHSA-2012:0710",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0710.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-40.html"
},
{
"name": "SUSE-SU-2012:0746",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0760",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00015.html"
},
{
"name": "DSA-2489",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2489"
},
{
"name": "RHSA-2012:0715",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0715.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=744541",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=744541"
}
]
}
}

130
2012/4xxx/CVE-2012-4099.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4099"
},
{
"name" : "98130",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/98130"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BGP implementation in Cisco NX-OS does not properly filter AS paths, which allows remote attackers to cause a denial of service (BGP service reset and resync) via a malformed UPDATE message, aka Bug ID CSCtn13065."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131004 Cisco NX-OS Software BGP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4099"
},
{
"name": "98130",
"refsource": "OSVDB",
"url": "http://osvdb.org/98130"
}
]
}
}

150
2012/4xxx/CVE-2012-4366.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121119 CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0070.html"
},
{
"name" : "http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/",
"refsource" : "MISC",
"url" : "http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/"
},
{
"name" : "56591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56591"
},
{
"name" : "belkin-wireless-security-bypass(80157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121119 CVE-2012-4366: Insecure default WPA2 passphrase in multiple Belkin wireless routers",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0070.html"
},
{
"name": "56591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56591"
},
{
"name": "belkin-wireless-security-bypass(80157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80157"
},
{
"name": "http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/",
"refsource": "MISC",
"url": "http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/"
}
]
}
}

130
2012/4xxx/CVE-2012-4585.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120329 NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0163.html"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote authenticated users to read arbitrary files via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120329 NGS00158 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Arbitrary file download is possible with a crafted URL when logged in as any user",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0163.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10020"
}
]
}
}

140
2012/4xxx/CVE-2012-4787.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka \"Improper Ref Counting Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-4787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-077",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-077"
},
{
"name" : "TA12-346A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name" : "oval:org.mitre.oval:def:16211",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16211"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka \"Improper Ref Counting Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-346A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-346A.html"
},
{
"name": "MS12-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-077"
},
{
"name": "oval:org.mitre.oval:def:16211",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16211"
}
]
}
}

150
2012/5xxx/CVE-2012-5006.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5006",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5006",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.caminova.com/en/downloads/download.aspx?id=1",
"refsource" : "CONFIRM",
"url" : "http://www.caminova.com/en/downloads/download.aspx?id=1"
},
{
"name" : "51675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51675"
},
{
"name" : "78526",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78526"
},
{
"name" : "46091",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser Plug-in 6.1.4 Build 27351 and other versions before 6.1.4.27993 allows remote attackers to execute arbitrary code via a crafted Sjbz chunk in a djvu file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51675"
},
{
"name": "46091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46091"
},
{
"name": "http://www.caminova.com/en/downloads/download.aspx?id=1",
"refsource": "CONFIRM",
"url": "http://www.caminova.com/en/downloads/download.aspx?id=1"
},
{
"name": "78526",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78526"
}
]
}
}

150
2012/5xxx/CVE-2012-5471.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121119 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/11/19/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=216155",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=216155"
},
{
"name" : "56505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56505"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=216155",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=216155"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872"
},
{
"name": "[oss-security] 20121119 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/11/19/1"
}
]
}
}

190
2012/5xxx/CVE-2012-5610.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5610",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name" : "http://owncloud.org/changelog/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/changelog/"
},
{
"name" : "http://owncloud.org/security/advisories/oc-sa-2012-005/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"name" : "https://github.com/owncloud/core/commit/3cd416b667",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/3cd416b667"
},
{
"name" : "https://github.com/owncloud/core/commit/4b86c43",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/4b86c43"
},
{
"name" : "https://github.com/owncloud/core/commit/6540c0fc63",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"name" : "https://github.com/owncloud/core/commit/f599267",
"refsource" : "CONFIRM",
"url" : "https://github.com/owncloud/core/commit/f599267"
},
{
"name" : "51357",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud before 4.0.9 and 4.5.x before 4.5.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a special crafted name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51357",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51357"
},
{
"name": "https://github.com/owncloud/core/commit/f599267",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/f599267"
},
{
"name": "http://owncloud.org/security/advisories/oc-sa-2012-005/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/security/advisories/oc-sa-2012-005/"
},
{
"name": "[oss-security] 20121130 Re: CVE Request: owncloud",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/30/3"
},
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
},
{
"name": "https://github.com/owncloud/core/commit/6540c0fc63",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/6540c0fc63"
},
{
"name": "https://github.com/owncloud/core/commit/4b86c43",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/4b86c43"
},
{
"name": "https://github.com/owncloud/core/commit/3cd416b667",
"refsource": "CONFIRM",
"url": "https://github.com/owncloud/core/commit/3cd416b667"
}
]
}
}

128
2017/1002xxx/CVE-2017-1002153.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-09-19T16:52Z",
"ID" : "CVE-2017-1002153",
"REQUESTER" : "patrick@puiterwijk.org",
"STATE" : "PUBLIC",
"UPDATED" : "2017-09-19T20:44Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Koji",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "1.13.0"
}
]
}
}
]
},
"vendor_name" : "Koji Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "patrick@puiterwijk.org",
"DATE_ASSIGNED": "2017-09-19T16:52Z",
"ID": "CVE-2017-1002153",
"REQUESTER": "patrick@puiterwijk.org",
"STATE": "PUBLIC",
"UPDATED": "2017-09-19T20:44Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Koji",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.13.0"
}
]
}
}
]
},
"vendor_name": "Koji Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pagure.io/koji/issue/563",
"refsource" : "CONFIRM",
"url" : "https://pagure.io/koji/issue/563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/koji/issue/563",
"refsource": "CONFIRM",
"url": "https://pagure.io/koji/issue/563"
}
]
}
}

152
2017/3xxx/CVE-2017-3331.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.7.11 to 5.7.17"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.11 to 5.7.17"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "RHSA-2017:2886",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2886"
},
{
"name" : "97772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97772"
},
{
"name" : "1038287",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). The supported version that is affected is 5.7.11 to 5.7.17. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038287",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038287"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "97772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97772"
},
{
"name": "RHSA-2017:2886",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2886"
}
]
}
}

140
2017/3xxx/CVE-2017-3368.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iStore 12.1.1;12.1.2;12.1.3;12.2.3;12.2.4;12.2.5;12.2.6",
"version" : {
"version_data" : [
{
"version_value" : "iStore 12.1.1;12.1.2;12.1.3;12.2.3;12.2.4;12.2.5;12.2.6"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Address Book). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iStore 12.1.1;12.1.2;12.1.3;12.2.3;12.2.4;12.2.5;12.2.6",
"version": {
"version_data": [
{
"version_value": "iStore 12.1.1;12.1.2;12.1.3;12.2.3;12.2.4;12.2.5;12.2.6"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95605"
},
{
"name" : "1037639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Address Book). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95605"
},
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

166
2017/3xxx/CVE-2017-3426.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "One-to-One Fulfillment",
"version" : {
"version_data" : [
{
"version_value" : "12.1.1"
},
{
"version_value" : "12.1.2"
},
{
"version_value" : "12.1.3"
},
{
"version_value" : "12.2.3"
},
{
"version_value" : "12.2.4"
},
{
"version_value" : "12.2.5"
},
{
"version_value" : "12.2.6"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "One-to-One Fulfillment",
"version": {
"version_data": [
{
"version_value": "12.1.1"
},
{
"version_value": "12.1.2"
},
{
"version_value": "12.1.3"
},
{
"version_value": "12.2.3"
},
{
"version_value": "12.2.4"
},
{
"version_value": "12.2.5"
},
{
"version_value": "12.2.6"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95569"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
}

34
2017/6xxx/CVE-2017-6203.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6203",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6203",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/6xxx/CVE-2017-6529.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41578",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41578/"
},
{
"name" : "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/",
"refsource" : "MISC",
"url" : "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/"
},
{
"name" : "96823",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96823"
},
{
"name": "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/",
"refsource": "MISC",
"url": "https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/"
},
{
"name": "41578",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41578/"
}
]
}
}

34
2017/6xxx/CVE-2017-6581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6581",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2017/7xxx/CVE-2017-7272.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"
},
{
"name" : "https://bugs.php.net/bug.php?id=74216",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=74216"
},
{
"name" : "https://bugs.php.net/bug.php?id=75505",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=75505"
},
{
"name" : "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a",
"refsource" : "CONFIRM",
"url" : "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name" : "97178",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97178"
},
{
"name" : "1038158",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97178"
},
{
"name": "1038158",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038158"
},
{
"name": "https://bugs.php.net/bug.php?id=75505",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=75505"
},
{
"name": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a",
"refsource": "CONFIRM",
"url": "https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180112-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180112-0001/"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170403-0_PHP_Misbehavior_of_fsockopen_function_v10.txt"
},
{
"name": "https://bugs.php.net/bug.php?id=74216",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=74216"
}
]
}
}

150
2017/7xxx/CVE-2017-7611.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c"
},
{
"name" : "GLSA-201710-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-10"
},
{
"name" : "USN-3670-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3670-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The check_symtab_shndx function in elflint.c in elfutils 0.168 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3670-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3670-1/"
},
{
"name": "[debian-lts-announce] 20190225 [SECURITY] [DLA 1689-1] elfutils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html"
},
{
"name": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c"
},
{
"name": "GLSA-201710-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-10"
}
]
}
}

150
2017/7xxx/CVE-2017-7865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"
},
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452"
},
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb",
"refsource" : "MISC",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb"
},
{
"name" : "97685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97685"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=452"
},
{
"name": "97685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97685"
}
]
}
}

120
2018/10xxx/CVE-2018-10320.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/philippe/FrogCMS/issues/8",
"refsource" : "MISC",
"url" : "https://github.com/philippe/FrogCMS/issues/8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] parameter, aka Edit Layout."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/philippe/FrogCMS/issues/8",
"refsource": "MISC",
"url": "https://github.com/philippe/FrogCMS/issues/8"
}
]
}
}

34
2018/10xxx/CVE-2018-10450.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10450",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10450",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/10xxx/CVE-2018-10670.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10670",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10670",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14271.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-731",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-731"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-731",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-731"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/14xxx/CVE-2018-14763.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14763",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14763",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2018/14xxx/CVE-2018-14773.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
},
{
"name" : "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b",
"refsource" : "CONFIRM",
"url" : "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"
},
{
"name" : "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers",
"refsource" : "CONFIRM",
"url" : "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"
},
{
"name" : "https://www.drupal.org/SA-CORE-2018-005",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/SA-CORE-2018-005"
},
{
"name" : "104943",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104943"
},
{
"name" : "1041405",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises from support for a (legacy) IIS header that lets users override the path in the request URL via the X-Original-URL or X-Rewrite-URL HTTP request header. These headers are designed for IIS support, but it's not verified that the server is in fact running IIS, which means anybody who can send these requests to an application can trigger this. This affects \\Symfony\\Component\\HttpFoundation\\Request::prepareRequestUri() where X-Original-URL and X_REWRITE_URL are both used. The fix drops support for these methods so that they cannot be used as attack vectors such as web cache poisoning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104943",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104943"
},
{
"name": "https://www.drupal.org/SA-CORE-2018-005",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/SA-CORE-2018-005"
},
{
"name": "[debian-lts-announce] 20190310 [SECURITY] [DLA 1707-1] symfony security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00009.html"
},
{
"name": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers",
"refsource": "CONFIRM",
"url": "https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers"
},
{
"name": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b",
"refsource": "CONFIRM",
"url": "https://github.com/symfony/symfony/commit/e447e8b92148ddb3d1956b96638600ec95e08f6b"
},
{
"name": "1041405",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041405"
}
]
}
}

120
2018/20xxx/CVE-2018-20566.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in \"Smarty error: unable to read resource\" error messages for a crafted installation page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#information-disclosure",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#information-disclosure"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in DouCo DouPHP 1.5 20181221. It allows full path disclosure in \"Smarty error: unable to read resource\" error messages for a crafted installation page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#information-disclosure",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#information-disclosure"
}
]
}
}

130
2018/9xxx/CVE-2018-9038.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44512",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44512/"
},
{
"name" : "https://github.com/monstra-cms/monstra/issues/434",
"refsource" : "MISC",
"url" : "https://github.com/monstra-cms/monstra/issues/434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44512",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44512/"
},
{
"name": "https://github.com/monstra-cms/monstra/issues/434",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/434"
}
]
}
}

34
2018/9xxx/CVE-2018-9341.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9341",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9341",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9345.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9345",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9345",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2018/9xxx/CVE-2018-9415.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-9415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android kernel"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-07-01"
},
{
"name" : "USN-3752-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-1/"
},
{
"name" : "USN-3752-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-2/"
},
{
"name" : "USN-3752-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3752-3/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In driver_override_store and driver_override_show of bus.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-69129004 References: Upstream kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-07-01"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
}
]
}
}

142
2018/9xxx/CVE-2018-9499.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00",
"ID" : "CVE-2018-9499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-9499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1",
"refsource" : "MISC",
"url" : "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1"
},
{
"name" : "https://source.android.com/security/bulletin/2018-10-01,",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name" : "105481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-10-01,",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-10-01,"
},
{
"name": "105481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105481"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1"
}
]
}
}