admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:50:42 +00:00
parent 4b048f204d
commit bf69a7dd1f
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3884 additions and 3884 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2002/1xxx/CVE-2002-1127.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1127",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1127",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter."
"lang": "eng",
"value": "Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long source (-s) command line parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html"
"name": "5745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5745"
},
{
"name" : "5745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5745"
"name": "20020918 iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0122.html"
},
{
"name" : "osf1-uucp-source-bo(10146)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10146.php"
"name": "osf1-uucp-source-bo(10146)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10146.php"
}
]
}

80
2002/1xxx/CVE-2002-1559.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1559",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1559",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20021101 ion-p.exe allows Remote File Retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html"
"name": "ion-ionp-view-files(10518)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10518.php"
},
{
"name" : "20021101 Re: ion-p.exe allows Remote File Retrieving",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html"
"name": "20021101 Re: ion-p.exe allows Remote File Retrieving",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0448.html"
},
{
"name" : "ion-ionp-view-files(10518)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10518.php"
"name": "6091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6091"
},
{
"name" : "6091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6091"
"name": "20021101 ion-p.exe allows Remote File Retrieving",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0447.html"
}
]
}

92
2003/0xxx/CVE-2003-0030.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0030",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0030",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select."
"lang": "eng",
"value": "Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension Feature (SEF) before 2.2.3.9 allow attackers with SQL access to execute arbitrary code via the extended stored procedures (1) xp_pty_checkusers, (2) xp_pty_insert, or (3) xp_pty_select."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#247545",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/247545"
"name": "VU#247545",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/247545"
},
{
"name" : "20030313 Protegrity buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104758650516677&w=2"
"name": "8294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8294"
},
{
"name" : "7083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7083"
"name": "7085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7085"
},
{
"name" : "7084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7084"
"name": "20030313 Protegrity buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104758650516677&w=2"
},
{
"name" : "7085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7085"
"name": "7084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7084"
},
{
"name" : "8294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8294"
"name": "7083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7083"
}
]
}

98
2003/0xxx/CVE-2003-0192.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0192",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0192",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite."
"lang": "eng",
"value": "Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle \"certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one,\" which could cause Apache to use the weak ciphersuite."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105776593602600&w=2"
"name": "MDKSA-2003:075",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075"
},
{
"name" : "MDKSA-2003:075",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:075"
"name": "RHSA-2003:240",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-240.html"
},
{
"name" : "RHSA-2003:240",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-240.html"
"name": "SCOSA-2004.6",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt"
},
{
"name" : "RHSA-2003:243",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-243.html"
"name": "RHSA-2003:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-243.html"
},
{
"name" : "RHSA-2003:244",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-244.html"
"name": "oval:org.mitre.oval:def:169",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169"
},
{
"name" : "SCOSA-2004.6",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.6/SCOSA-2004.6.txt"
"name": "RHSA-2003:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-244.html"
},
{
"name" : "oval:org.mitre.oval:def:169",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A169"
"name": "20030709 [ANNOUNCE][SECURITY] Apache 2.0.47 released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105776593602600&w=2"
}
]
}

98
2003/0xxx/CVE-2003-0531.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
"lang": "eng",
"value": "Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the \"Browser Cache Script Execution in My Computer Zone\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html",
"refsource" : "MISC",
"url" : "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
"name": "9580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/9580"
},
{
"name" : "MS03-032",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
"name": "CA-2003-22",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-22.html"
},
{
"name" : "CA-2003-22",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2003-22.html"
"name": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/english/snsadv_e/67_e.html"
},
{
"name" : "VU#205148",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/205148"
"name": "ie-cache-script-injection(12961)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
},
{
"name" : "8457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8457"
"name": "MS03-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-032"
},
{
"name" : "9580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/9580"
"name": "VU#205148",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/205148"
},
{
"name" : "ie-cache-script-injection(12961)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12961"
"name": "8457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8457"
}
]
}

62
2003/0xxx/CVE-2003-0750.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0750",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0750",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter."
"lang": "eng",
"value": "secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html"
"name": "20030826 [PHP] PY-Membres 4.2 : Admin Access, SQL Injection",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0089.html"
}
]
}

98
2003/1xxx/CVE-2003-1116.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1116",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1116",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener."
"lang": "eng",
"value": "The communications protocol for the Report Review Agent (RRA), aka FND File Server (FNDFS) program, in Oracle E-Business Suite 10.7, 11.0, and 11.5.1 to 11.5.8 allows remote attackers to bypass authentication and obtain sensitive information from the Oracle Applications Concurrent Manager by spoofing requests to the TNS Listener."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105012832418415&w=2"
"name": "20030411 Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105012832418415&w=2"
},
{
"name" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm",
"refsource" : "MISC",
"url" : "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm"
"name": "7325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7325"
},
{
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf",
"refsource" : "CONFIRM",
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf"
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert53.pdf"
},
{
"name" : "VU#168873",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/168873"
"name": "oracle-rra-authentication-bypass(11768)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11768"
},
{
"name" : "7325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7325"
"name": "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm",
"refsource": "MISC",
"url": "http://www.integrigy.com/alerts/FNDFS_Vulnerability.htm"
},
{
"name" : "1006550",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1006550"
"name": "VU#168873",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/168873"
},
{
"name" : "oracle-rra-authentication-bypass(11768)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11768"
"name": "1006550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1006550"
}
]
}

86
2003/1xxx/CVE-2003-1153.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1153",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1153",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php."
"lang": "eng",
"value": "byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files and directories via a direct request to files.inc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20031027 Bytehoard File Disclosure VUlnerability Sequel",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012801.html"
"name": "20031027 Bytehoard File Disclosure VUlnerability Sequel",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012801.html"
},
{
"name" : "8910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8910"
"name": "10082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10082"
},
{
"name" : "2700",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/2700"
"name": "8910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8910"
},
{
"name" : "10082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10082"
"name": "bytehoard-view-file(13531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13531"
},
{
"name" : "bytehoard-view-file(13531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13531"
"name": "2700",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/2700"
}
]
}

68
2003/1xxx/CVE-2003-1460.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1460",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1460",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information."
"lang": "eng",
"value": "Worker Filemanager 1.0 through 2.7 sets the permissions on the destination directory to world-readable and executable while copying data, which could allow local users to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en",
"refsource" : "CONFIRM",
"url" : "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en"
"name": "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en",
"refsource": "CONFIRM",
"url": "http://www.boomerangsworld.de/worker/wchanges.php3?lang=en"
},
{
"name" : "7460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7460"
"name": "7460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7460"
}
]
}

92
2004/2xxx/CVE-2004-2047.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2047",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2047",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20040724 EasyWeb FileManager Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109068482605241&w=2"
"name": "20040724 EasyWeb FileManager Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109068482605241&w=2"
},
{
"name" : "http://www.cirt.net/advisories/ew_file_manager.shtml",
"refsource" : "MISC",
"url" : "http://www.cirt.net/advisories/ew_file_manager.shtml"
"name": "8193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8193"
},
{
"name" : "10792",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10792"
"name": "http://www.cirt.net/advisories/ew_file_manager.shtml",
"refsource": "MISC",
"url": "http://www.cirt.net/advisories/ew_file_manager.shtml"
},
{
"name" : "8193",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8193"
"name": "10792",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10792"
},
{
"name" : "12151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12151"
"name": "filemanager-pathext-view-directory-traversal(16806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16806"
},
{
"name" : "filemanager-pathext-view-directory-traversal(16806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16806"
"name": "12151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12151"
}
]
}

74
2004/2xxx/CVE-2004-2779.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2779",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2779",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS)."
"lang": "eng",
"value": "id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913"
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=162647",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=162647"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=162647",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=162647"
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=304913"
},
{
"name" : "https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/",
"refsource" : "MISC",
"url" : "https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/"
"name": "https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/",
"refsource": "MISC",
"url": "https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/"
}
]
}

74
2008/2xxx/CVE-2008-2031.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2031",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2031",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "28967",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28967"
"name": "28967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28967"
},
{
"name" : "29943",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29943"
"name": "29943",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29943"
},
{
"name" : "vicftps-list-dos(42074)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42074"
"name": "vicftps-list-dos(42074)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42074"
}
]
}

80
2012/0xxx/CVE-2012-0257.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0257",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0257",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite."
"lang": "eng",
"value": "Heap-based buffer overflow in the WWCabFile ActiveX component in the Wonderware System Platform in Invensys Wonderware Application Server 2012 and earlier, Foxboro Control Software 3.1 and earlier, InFusion CE/FE/SCADA 2.5 and earlier, Wonderware Information Server 4.5 and earlier, ArchestrA Application Object Toolkit 3.2 and earlier, and InTouch 10.0 through 10.5 might allow remote attackers to execute arbitrary code via a long string to the Open member, leading to a function-pointer overwrite."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf"
"name": "https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf",
"refsource": "MISC",
"url": "https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf"
},
{
"name" : "https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf",
"refsource" : "MISC",
"url" : "https://wdnresource.wonderware.com/support/docs/_SecurityBulletins/Security_Bulletin_LFSEC00000071.pdf"
"name": "80891",
"refsource": "OSVDB",
"url": "http://osvdb.org/80891"
},
{
"name" : "80891",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80891"
"name": "48675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48675"
},
{
"name" : "48675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48675"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-081-01.pdf"
}
]
}

68
2012/0xxx/CVE-2012-0303.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0303",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0303",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00"
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00"
},
{
"name" : "54133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54133"
"name": "54133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54133"
}
]
}

80
2012/0xxx/CVE-2012-0325.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0325",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-0325",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource" : "CONFIRM",
"url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-03-05.cb"
},
{
"name" : "JVN#79950061",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79950061/index.html"
"name": "JVN#79950061",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79950061/index.html"
},
{
"name" : "JVNDB-2012-000023",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
"name": "52384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52384"
},
{
"name" : "52384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52384"
"name": "JVNDB-2012-000023",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000023"
}
]
}

22
2012/0xxx/CVE-2012-0350.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0350",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0350",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2012/0xxx/CVE-2012-0737.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0737",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-0737",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188"
"name": "appscan-enterprise-xss(74560)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
},
{
"name" : "53247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53247"
"name": "48967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48967"
},
{
"name" : "48967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48967"
"name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
},
{
"name" : "48968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48968"
"name": "48968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48968"
},
{
"name" : "appscan-enterprise-xss(74560)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74560"
"name": "53247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53247"
}
]
}

110
2012/0xxx/CVE-2012-0911.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0911",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0911",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function."
"lang": "eng",
"value": "TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) printpages or (3) printstructures parameter to (a) tiki-print_multi_pages.php or (b) tiki-print_pages.php; or (4) sendpages, (5) sendstructures, or (6) sendarticles parameter to tiki-send_objects.php, which is not properly handled when processed by the unserialize function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 \"unserialize()\" PHP Code Execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
"name": "19630",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19630"
},
{
"name" : "19573",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19573"
"name": "19573",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/19573"
},
{
"name" : "19630",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/19630"
"name": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
},
{
"name" : "http://dev.tiki.org/item4109",
"refsource" : "CONFIRM",
"url" : "http://dev.tiki.org/item4109"
"name": "54298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54298"
},
{
"name" : "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS",
"refsource" : "CONFIRM",
"url" : "http://info.tiki.org/article190-Tiki-Wiki-CMS-Groupware-Updates-Tiki-6-7-LTS"
"name": "http://dev.tiki.org/item4109",
"refsource": "CONFIRM",
"url": "http://dev.tiki.org/item4109"
},
{
"name" : "http://info.tiki.org/article191-Tiki-Releases-8-4",
"refsource" : "CONFIRM",
"url" : "http://info.tiki.org/article191-Tiki-Releases-8-4"
"name": "83534",
"refsource": "OSVDB",
"url": "http://osvdb.org/83534"
},
{
"name" : "54298",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54298"
"name": "20120704 [CVE-2012-0911] Tiki Wiki CMS Groupware <= 8.3 \"unserialize()\" PHP Code Execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0020.html"
},
{
"name" : "83534",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83534"
"name": "tikiwiki-unserialize-code-exec(76758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
},
{
"name" : "tikiwiki-unserialize-code-exec(76758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76758"
"name": "http://info.tiki.org/article191-Tiki-Releases-8-4",
"refsource": "CONFIRM",
"url": "http://info.tiki.org/article191-Tiki-Releases-8-4"
}
]
}

62
2012/1xxx/CVE-2012-1064.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1064",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1064",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before 5.2SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
"name": "20130131 ESA-2013-002: RSA Archer GRC Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0001.html"
}
]
}

116
2012/1xxx/CVE-2012-1293.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1293",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1293",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
"name": "DSA-2414",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2414"
},
{
"name" : "20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
"name": "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource": "CONFIRM",
"url": "http://fex.rus.uni-stuttgart.de/fex.html"
},
{
"name" : "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/8"
"name": "20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0112.html"
},
{
"name" : "[oss-security] 20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/20/1"
"name": "47971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47971"
},
{
"name" : "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/23/2"
"name": "[oss-security] 20120223 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/23/2"
},
{
"name" : "http://fex.rus.uni-stuttgart.de/fex.html",
"refsource" : "CONFIRM",
"url" : "http://fex.rus.uni-stuttgart.de/fex.html"
"name": "[oss-security] 20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/1"
},
{
"name" : "DSA-2414",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2414"
"name": "79420",
"refsource": "OSVDB",
"url": "http://osvdb.org/79420"
},
{
"name" : "52085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52085"
"name": "[oss-security] 20120220 Re: Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/20/8"
},
{
"name" : "79420",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/79420"
"name": "52085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52085"
},
{
"name" : "47971",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47971"
"name": "20120220 Vulnerabilitites in Debian F*EX <= 20100208 and F*EX 20111129-2.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-02/0109.html"
}
]
}

68
2012/1xxx/CVE-2012-1436.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1436",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1436",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\2D\\6C\\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
"lang": "eng",
"value": "The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \\2D\\6C\\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522005"
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name" : "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource" : "MISC",
"url" : "http://www.ieee-security.org/TC/SP2012/program.html"
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}

22
2012/1xxx/CVE-2012-1542.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1542",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1542",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

98
2012/1xxx/CVE-2012-1627.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1627",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1627",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in vud_term.module in the Vote Up/Down module 6.x-2.x before 6.x-2.8 and 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via taxonomy terms."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
"name": "http://drupalcode.org/project/vote_up_down.git/commit/fe83aa4b8fa44d83a01494870a80d4651434f4c0",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/vote_up_down.git/commit/fe83aa4b8fa44d83a01494870a80d4651434f4c0"
},
{
"name" : "http://drupal.org/node/1401580",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1401580"
"name": "http://drupal.org/node/1401580",
"refsource": "MISC",
"url": "http://drupal.org/node/1401580"
},
{
"name" : "http://drupal.org/node/1400528",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1400528"
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1400530",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1400530"
"name": "http://drupal.org/node/1400530",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1400530"
},
{
"name" : "http://drupalcode.org/project/vote_up_down.git/commit/fe83aa4b8fa44d83a01494870a80d4651434f4c0",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/vote_up_down.git/commit/fe83aa4b8fa44d83a01494870a80d4651434f4c0"
"name": "http://drupal.org/node/1400528",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1400528"
},
{
"name" : "51376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51376"
"name": "51376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51376"
},
{
"name" : "47549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47549"
"name": "47549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47549"
}
]
}

80
2012/1xxx/CVE-2012-1815.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-1815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
"name": "82011",
"refsource": "OSVDB",
"url": "http://osvdb.org/82011"
},
{
"name" : "53591",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53591"
"name": "49210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49210"
},
{
"name" : "82011",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82011"
"name": "53591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53591"
},
{
"name" : "49210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49210"
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-138-01.pdf"
}
]
}

74
2012/4xxx/CVE-2012-4160.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4160",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4160",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159."
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
"name": "oval:org.mitre.oval:def:15968",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15968"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "oval:org.mitre.oval:def:15968",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15968"
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}

98
2012/4xxx/CVE-2012-4507.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4507",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4507",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email."
"lang": "eng",
"value": "The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20121009 CVE Request -- claws-mail -- NULL pointer derefence while processing email content.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/09/3"
"name": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743",
"refsource": "CONFIRM",
"url": "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743"
},
{
"name" : "[oss-security] 20121009 Claws-mail security issue in message processing",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/09/1"
"name": "[oss-security] 20121009 Claws-mail security issue in message processing",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/09/1"
},
{
"name" : "[oss-security] 20121009 Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/10/3"
"name": "openSUSE-SU-2012:1374",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=862578",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=862578"
"name": "[oss-security] 20121009 Re: CVE Request -- claws-mail -- NULL pointer derefence while processing email content.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/10/3"
},
{
"name" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743",
"refsource" : "CONFIRM",
"url" : "http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743"
"name": "[oss-security] 20121009 CVE Request -- claws-mail -- NULL pointer derefence while processing email content.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/09/3"
},
{
"name" : "openSUSE-SU-2012:1374",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00064.html"
"name": "55837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55837"
},
{
"name" : "55837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55837"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=862578",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=862578"
}
]
}

92
2012/4xxx/CVE-2012-4737.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4737",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4737",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
"lang": "eng",
"value": "channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and 10.x before 10.7.1, Certified Asterisk 1.8.11 before 1.8.11-cert7, Asterisk Digiumphones 10.x.x-digiumphones before 10.7.1-digiumphones, and Asterisk Business Edition C.3.x before C.3.7.6 does not enforce ACL rules during certain uses of peer credentials, which allows remote authenticated users to bypass intended outbound-call restrictions by leveraging the availability of these credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-013.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
"name": "http://downloads.asterisk.org/pub/security/AST-2012-013.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-013.html"
},
{
"name" : "DSA-2550",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2550"
"name": "50687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50687"
},
{
"name" : "55335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55335"
"name": "50756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50756"
},
{
"name" : "1027461",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027461"
"name": "1027461",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027461"
},
{
"name" : "50687",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50687"
"name": "DSA-2550",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2550"
},
{
"name" : "50756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50756"
"name": "55335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55335"
}
]
}

74
2012/5xxx/CVE-2012-5536.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5536",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5536",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo."
"lang": "eng",
"value": "A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privileges via crafted use of an application that relies on this module, as demonstrated by su and sudo."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa",
"refsource" : "CONFIRM",
"url" : "http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa"
"name": "RHSA-2013:0519",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0519.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=834618",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=834618"
"name": "http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa",
"refsource": "CONFIRM",
"url": "http://pkgs.fedoraproject.org/cgit/openssh.git/commit/?id=4f4687ce8045418f678c323bb22c837f35d7b9fa"
},
{
"name" : "RHSA-2013:0519",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0519.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=834618",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=834618"
}
]
}

22
2012/5xxx/CVE-2012-5774.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5774",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-5774",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}

76
2017/1002xxx/CVE-2017-1002023.json
View File

@ -1,70 +1,70 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-05-24",
"ID" : "CVE-2017-1002023",
"REQUESTER" : "kurt@seifried.org",
"STATE" : "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z"
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2017-05-24",
"ID": "CVE-2017-1002023",
"REQUESTER": "kurt@seifried.org",
"STATE": "PUBLIC",
"UPDATED": "2017-08-10T14:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Easy Team Manager",
"version" : {
"version_data" : [
"product_name": "Easy Team Manager",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "1.3.2"
"version_affected": "<",
"version_value": "1.3.2"
}
]
}
}
]
},
"vendor_name" : "Daisy Themes"
"vendor_name": "Daisy Themes"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php"
"lang": "eng",
"value": "Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code does not sanitize id before making it part of an SQL statement in file ./easy-team-manager/inc/easy_team_manager_desc_edit.php"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "SQL Injection"
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=194",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=194"
"name": "https://wordpress.org/plugins/easy-team-manager/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy-team-manager/"
},
{
"name" : "https://wordpress.org/plugins/easy-team-manager/",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/easy-team-manager/"
"name": "http://www.vapidlabs.com/advisory.php?v=194",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=194"
}
]
}

92
2017/3xxx/CVE-2017-3068.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-3068",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-3068",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Flash Player 25.0.0.148 and earlier.",
"version" : {
"version_data" : [
"product_name": "Adobe Flash Player 25.0.0.148 and earlier.",
"version": {
"version_data": [
{
"version_value" : "Adobe Flash Player 25.0.0.148 and earlier."
"version_value": "Adobe Flash Player 25.0.0.148 and earlier."
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Memory Corruption"
"lang": "eng",
"value": "Memory Corruption"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42017",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42017/"
"name": "GLSA-201705-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-12"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb17-15.html"
},
{
"name" : "GLSA-201705-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-12"
"name": "98349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98349"
},
{
"name" : "RHSA-2017:1219",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1219"
"name": "42017",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42017/"
},
{
"name" : "98349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98349"
"name": "RHSA-2017:1219",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1219"
},
{
"name" : "1038427",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038427"
"name": "1038427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038427"
}
]
}

82
2017/3xxx/CVE-2017-3118.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"DATE_PUBLIC" : "2017-08-08T00:00:00",
"ID" : "CVE-2017-3118",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-3118",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Acrobat Reader",
"version" : {
"version_data" : [
"product_name": "Acrobat Reader",
"version": {
"version_data": [
{
"version_value" : "2017.009.20058 and earlier"
"version_value": "2017.009.20058 and earlier"
},
{
"version_value" : "2017.008.30051 and earlier"
"version_value": "2017.008.30051 and earlier"
},
{
"version_value" : "2015.006.30306 and earlier"
"version_value": "2015.006.30306 and earlier"
},
{
"version_value" : "11.0.20 and earlier"
"version_value": "11.0.20 and earlier"
}
]
}
}
]
},
"vendor_name" : "Adobe Systems Incorporated"
"vendor_name": "Adobe Systems Incorporated"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments."
"lang": "eng",
"value": "Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has a security bypass vulnerability related to execution of malicious attachments."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Security Bypass"
"lang": "eng",
"value": "Security Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-24.html"
},
{
"name" : "100189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100189"
"name": "1039098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039098"
},
{
"name" : "1039098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039098"
"name": "100189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100189"
}
]
}

90
2017/3xxx/CVE-2017-3574.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3574",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3574",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Hospitality OPERA 5 Property Services",
"version" : {
"version_data" : [
"product_name": "Hospitality OPERA 5 Property Services",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "5.4.0.x"
"version_affected": "=",
"version_value": "5.4.0.x"
},
{
"version_affected" : "=",
"version_value" : "5.4.1.x"
"version_affected": "=",
"version_value": "5.4.1.x"
},
{
"version_affected" : "=",
"version_value" : "5.4.2.x"
"version_affected": "=",
"version_value": "5.4.2.x"
},
{
"version_affected" : "=",
"version_value" : "5.4.3.x"
"version_affected": "=",
"version_value": "5.4.3.x"
},
{
"version_affected" : "=",
"version_value" : "5.5.0.x"
"version_affected": "=",
"version_value": "5.5.0.x"
},
{
"version_affected" : "=",
"version_value" : "5.5.1.x"
"version_affected": "=",
"version_value": "5.5.1.x"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA License code configuration). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data."
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5 Property Services. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 Property Services accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality OPERA 5 Property Services accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
"name": "97866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97866"
},
{
"name" : "97866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97866"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
}
]
}

74
2017/6xxx/CVE-2017-6445.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6445",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6445",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely."
"lang": "eng",
"value": "The auto-update feature of Open Embedded Linux Entertainment Center (OpenELEC) 6.0.3, 7.0.1, and 8.0.4 uses neither encrypted connections nor signed updates. A man-in-the-middle attacker could manipulate the update packages to gain root access remotely."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited",
"refsource" : "MISC",
"url" : "https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited"
"name": "https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle",
"refsource": "MISC",
"url": "https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle"
},
{
"name" : "https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle",
"refsource" : "MISC",
"url" : "https://tech.feedyourhead.at/content/openelec-remote-code-execution-vulnerability-through-man-in-the-middle"
"name": "https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited",
"refsource": "MISC",
"url": "https://tech.feedyourhead.at/content/openelec-cve-2017-6445-revisited"
},
{
"name" : "96580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96580"
"name": "96580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96580"
}
]
}

92
2017/6xxx/CVE-2017-6797.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6797",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6797",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter."
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mantisbt.org/bugs/view.php?id=22486",
"refsource" : "CONFIRM",
"url" : "http://www.mantisbt.org/bugs/view.php?id=22486"
"name": "https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/03/10/1",
"refsource" : "CONFIRM",
"url" : "http://www.openwall.com/lists/oss-security/2017/03/10/1"
"name": "1037978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037978"
},
{
"name" : "https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f"
"name": "http://www.mantisbt.org/bugs/view.php?id=22486",
"refsource": "CONFIRM",
"url": "http://www.mantisbt.org/bugs/view.php?id=22486"
},
{
"name" : "https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e",
"refsource" : "CONFIRM",
"url" : "https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e"
"name": "96818",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96818"
},
{
"name" : "96818",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96818"
"name": "https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e",
"refsource": "CONFIRM",
"url": "https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e"
},
{
"name" : "1037978",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037978"
"name": "http://www.openwall.com/lists/oss-security/2017/03/10/1",
"refsource": "CONFIRM",
"url": "http://www.openwall.com/lists/oss-security/2017/03/10/1"
}
]
}

68
2017/7xxx/CVE-2017-7369.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2017-7369",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2017-7369",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption."
"lang": "eng",
"value": "In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in ALSA"
"lang": "eng",
"value": "Improper Validation of Array Index in ALSA"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}

138
2017/7xxx/CVE-2017-7751.json
View File

@ -1,129 +1,129 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7751",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7751",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "54"
"version_affected": "<",
"version_value": "54"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52.2"
"version_affected": "<",
"version_value": "52.2"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "52.2"
"version_affected": "<",
"version_value": "52.2"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
"vendor_name": "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
"lang": "eng",
"value": "A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use-after-free with content viewer listeners"
"lang": "eng",
"value": "Use-after-free with content viewer listeners"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1363396",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1363396"
"name": "99057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99057"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1363396",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1363396"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-16/"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-17/"
"name": "DSA-3918",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3918"
},
{
"name" : "DSA-3881",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3881"
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name" : "DSA-3918",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3918"
"name": "DSA-3881",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3881"
},
{
"name" : "RHSA-2017:1440",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1440"
"name": "RHSA-2017:1440",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1440"
},
{
"name" : "RHSA-2017:1561",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1561"
"name": "RHSA-2017:1561",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1561"
},
{
"name" : "99057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99057"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-17/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-17/"
},
{
"name" : "1038689",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038689"
"name": "https://www.mozilla.org/security/advisories/mfsa2017-16/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-16/"
}
]
}

74
2017/7xxx/CVE-2017-7853.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7853",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7853",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS."
"lang": "eng",
"value": "In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can lead to a heap buffer overflow in the msg_osip_body_parse() function defined in osipparser2/osip_message_parse.c, resulting in a remote DoS."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://savannah.gnu.org/support/index.php?109265",
"refsource" : "CONFIRM",
"url" : "https://savannah.gnu.org/support/index.php?109265"
"name": "DSA-3879",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3879"
},
{
"name" : "DSA-3879",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3879"
"name": "97644",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97644"
},
{
"name" : "97644",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97644"
"name": "https://savannah.gnu.org/support/index.php?109265",
"refsource": "CONFIRM",
"url": "https://savannah.gnu.org/support/index.php?109265"
}
]
}

122
2017/7xxx/CVE-2017-7889.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7889",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7889",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c."
"lang": "eng",
"value": "The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94"
"name": "https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/04/16/4",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/04/16/4"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a4866aa812518ed1a37d8ea0c881dc946409de94"
},
{
"name" : "https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/a4866aa812518ed1a37d8ea0c881dc946409de94"
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name" : "DSA-3945",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3945"
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name" : "RHSA-2017:2669",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2669"
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name" : "RHSA-2017:1842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1842"
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name" : "RHSA-2017:2077",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
"name": "DSA-3945",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3945"
},
{
"name" : "RHSA-2018:1854",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1854"
"name": "97690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97690"
},
{
"name" : "USN-3583-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3583-1/"
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "USN-3583-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3583-2/"
"name": "http://www.openwall.com/lists/oss-security/2017/04/16/4",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/04/16/4"
},
{
"name" : "97690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97690"
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
]
}

68
2017/7xxx/CVE-2017-7909.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7909",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7909",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Advantech B+B SmartWorx MESR901",
"version" : {
"version_data" : [
"product_name": "Advantech B+B SmartWorx MESR901",
"version": {
"version_data": [
{
"version_value" : "Advantech B+B SmartWorx MESR901"
"version_value": "Advantech B+B SmartWorx MESR901"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
"lang": "eng",
"value": "A Use of Client-Side Authentication issue was discovered in Advantech B+B SmartWorx MESR901 firmware versions 1.5.2 and prior. The web interface uses JavaScript to check client authentication and redirect unauthorized users. Attackers may intercept requests and bypass authentication to access restricted web pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-603"
"lang": "eng",
"value": "CWE-603"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-122-03"
},
{
"name" : "98257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98257"
"name": "98257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98257"
}
]
}

74
2017/8xxx/CVE-2017-8492.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8492",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8492",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Windows",
"version" : {
"version_data" : [
"product_name": "Microsoft Windows",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
"lang": "eng",
"value": "The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka \"Windows Kernel Information Disclosure Vulnerability,\" a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42216",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42216/"
"name": "98870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98870"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8492",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8492"
"name": "42216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42216/"
},
{
"name" : "98870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98870"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8492",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8492"
}
]
}

80
2017/8xxx/CVE-2017-8535.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2017-8535",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2017-8535",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Malware Protection Engine",
"version" : {
"version_data" : [
"product_name": "Malware Protection Engine",
"version": {
"version_data": [
{
"version_value" : "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
"version_value": "Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
"lang": "eng",
"value": "The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka \"Microsoft Malware Protection Engine Denial of Service Vulnerability\", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Server"
"lang": "eng",
"value": "Denial of Server"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42081",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42081/"
"name": "42081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42081/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
"name": "98702",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98702"
},
{
"name" : "98702",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98702"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8535"
},
{
"name" : "1038571",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038571"
"name": "1038571",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038571"
}
]
}

22
2018/10xxx/CVE-2018-10171.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10171",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10171",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/10xxx/CVE-2018-10318.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10318",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10318",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata."
"lang": "eng",
"value": "Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] parameter, aka Edit Page Metadata."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/philippe/FrogCMS/issues/6",
"refsource" : "MISC",
"url" : "https://github.com/philippe/FrogCMS/issues/6"
"name": "https://github.com/philippe/FrogCMS/issues/6",
"refsource": "MISC",
"url": "https://github.com/philippe/FrogCMS/issues/6"
}
]
}

62
2018/10xxx/CVE-2018-10746.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10746",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10746",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
"lang": "eng",
"value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'get' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'get <node_name attr>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/get.md",
"refsource" : "MISC",
"url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/get.md"
"name": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/get.md",
"refsource": "MISC",
"url": "https://github.com/kgsdy/D-Link-DSL-3782-EU/blob/master/get.md"
}
]
}

68
2018/13xxx/CVE-2018-13492.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13492",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13492",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for naga, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/naga",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/naga"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/naga",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/naga"
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
}
]
}

62
2018/17xxx/CVE-2018-17045.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17045",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17045",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update."
"lang": "eng",
"value": "An issue was discovered in CMS MaeloStore V.1.5.0. There is a CSRF vulnerability that can change the administrator password via admin/modul/users/aksi_users.php?act=update."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/maelosoki/MaeloStore/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/maelosoki/MaeloStore/issues/1"
"name": "https://github.com/maelosoki/MaeloStore/issues/1",
"refsource": "MISC",
"url": "https://github.com/maelosoki/MaeloStore/issues/1"
}
]
}

62
2018/17xxx/CVE-2018-17231.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17231",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17231",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an \"Edit color palette\" search that triggers an \"index out of range\" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary."
"lang": "eng",
"value": "** DISPUTED ** Telegram Desktop (aka tdesktop) 1.3.14 might allow attackers to cause a denial of service (assertion failure and application exit) via an \"Edit color palette\" search that triggers an \"index out of range\" condition. NOTE: this issue is disputed by multiple third parties because the described attack scenario does not cross a privilege boundary."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.openwall.com/lists/oss-security/2018/09/19/8",
"refsource" : "MISC",
"url" : "https://www.openwall.com/lists/oss-security/2018/09/19/8"
"name": "https://www.openwall.com/lists/oss-security/2018/09/19/8",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2018/09/19/8"
}
]
}

22
2018/17xxx/CVE-2018-17518.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17518",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17518",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/17xxx/CVE-2018-17827.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17827",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17827",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php."
"lang": "eng",
"value": "HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf",
"refsource" : "MISC",
"url" : "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf"
"name": "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf",
"refsource": "MISC",
"url": "https://github.com/rakjong/vuln/blob/master/hisiphp_hetshell_2.pdf"
}
]
}

22
2018/20xxx/CVE-2018-20040.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20040",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20040",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/20xxx/CVE-2018-20079.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20079",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20079",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/20xxx/CVE-2018-20380.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20380",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20380",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests."
"lang": "eng",
"value": "Ambit DDW2600 5.100.1009, DDW2602 5.105.1003, T60C926 4.64.1012, and U10C019 5.66.1026 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv",
"refsource" : "MISC",
"url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"
"name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv",
"refsource": "MISC",
"url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"
},
{
"name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html",
"refsource" : "MISC",
"url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"
"name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"
}
]
}

62
2018/9xxx/CVE-2018-9330.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9330",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9330",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942."
"lang": "eng",
"value": "register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.youtube.com/watch?v=LRK3c_DhXn4",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=LRK3c_DhXn4"
"name": "https://www.youtube.com/watch?v=LRK3c_DhXn4",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=LRK3c_DhXn4"
}
]
}

70
2018/9xxx/CVE-2018-9361.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-9361",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9361",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
"version_value": "Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041."
"lang": "eng",
"value": "In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74202041."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information disclosure"
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/2018-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-06-01"
"name": "https://source.android.com/security/bulletin/2018-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-06-01"
},
{
"name" : "104461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104461"
"name": "104461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104461"
}
]
}

22
2018/9xxx/CVE-2018-9669.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9669",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9669",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/9xxx/CVE-2018-9745.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9745",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9745",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/9xxx/CVE-2018-9810.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9810",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9810",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/9xxx/CVE-2018-9857.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9857",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9857",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the \"View Search By Id\" screen)."
"lang": "eng",
"value": "PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the \"View Search By Id\" screen)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44486",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44486/"
"name": "https://pastebin.com/Y9uEC4nu",
"refsource": "MISC",
"url": "https://pastebin.com/Y9uEC4nu"
},
{
"name" : "https://pastebin.com/Y9uEC4nu",
"refsource" : "MISC",
"url" : "https://pastebin.com/Y9uEC4nu"
"name": "44486",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44486/"
}
]
}