admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:31:47 +00:00
parent c47b890a80
commit c4361c45c1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3277 additions and 3277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0359.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0359",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102459162909825&w=2"
},
{
"name" : "20020606-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I"
},
{
"name" : "VU#521147",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/521147"
},
{
"name" : "irix-xfsmd-bypass-authentication(9401)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9401.php"
},
{
"name" : "5072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020606-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I"
},
{
"name": "20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102459162909825&w=2"
},
{
"name": "irix-xfsmd-bypass-authentication(9401)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9401.php"
},
{
"name": "5072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5072"
},
{
"name": "VU#521147",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/521147"
}
]
}
}

140
2002/0xxx/CVE-2002-0920.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/274727"
},
{
"name" : "4889",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4889"
},
{
"name" : "cgiscript-cspassword-tmpfile-access(9223)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9223.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CGIScript.net csPassword.cgi stores usernames and unencrypted passwords in the password.cgi.tmp temporary file while modifying data, which could allow local users (and possibly remote attackers) to gain privileges by stealing the file before it has been processed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4889"
},
{
"name": "20020529 CGIscript.net - csPassword.cgi - Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/274727"
},
{
"name": "cgiscript-cspassword-tmpfile-access(9223)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9223.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1068.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html"
},
{
"name" : "20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102779425117680&w=2"
},
{
"name" : "dlink-dp-post-dos(9703)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9703.php"
},
{
"name" : "5330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5330"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server for D-Link DP-300 print server allows remote attackers to cause a denial of service (hang) via a large HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5330"
},
{
"name": "20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102779425117680&w=2"
},
{
"name": "dlink-dp-post-dos(9703)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9703.php"
},
{
"name": "20020727 Phenoelit Advisory #0815 ++-+ dp_300 (DLINK)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html"
}
]
}
}

270
2002/1xxx/CVE-2002-1634.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0201.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0201.html"
},
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0203.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0203.html"
},
{
"name" : "http://www.securityfocus.com/advisories/4158",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/advisories/4158"
},
{
"name" : "http://www.securityfocus.com/advisories/4157",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/advisories/4157"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm"
},
{
"name" : "VU#159203",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/159203"
},
{
"name" : "4874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4874"
},
{
"name" : "17461",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17461"
},
{
"name" : "17462",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17462"
},
{
"name" : "17463",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17463"
},
{
"name" : "17464",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17464"
},
{
"name" : "17465",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17465"
},
{
"name" : "17466",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17466"
},
{
"name" : "17467",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17467"
},
{
"name" : "17468",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17468"
},
{
"name" : "netware-sample-information-disclosure(9212)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell NetWare 5.1 installs sample applications that allow remote attackers to obtain sensitive information via (1) ndsobj.nlm, (2) allfield.jse, (3) websinfo.bas, (4) ndslogin.pl, (5) volscgi.pl, (6) lancgi.pl, (7) test.jse, or (8) env.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netware-sample-information-disclosure(9212)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9212"
},
{
"name": "VU#159203",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/159203"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0203.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0203.html"
},
{
"name": "17464",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17464"
},
{
"name": "17465",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17465"
},
{
"name": "http://www.securityfocus.com/advisories/4158",
"refsource": "MISC",
"url": "http://www.securityfocus.com/advisories/4158"
},
{
"name": "17468",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17468"
},
{
"name": "17463",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17463"
},
{
"name": "http://www.securityfocus.com/advisories/4157",
"refsource": "MISC",
"url": "http://www.securityfocus.com/advisories/4157"
},
{
"name": "17466",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17466"
},
{
"name": "4874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4874"
},
{
"name": "17467",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17467"
},
{
"name": "http://www.procheckup.com/security_info/vuln_pr0201.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0201.html"
},
{
"name": "17461",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17461"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm"
},
{
"name": "17462",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17462"
}
]
}
}

150
2002/1xxx/CVE-2002-1898.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1898",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172",
"refsource" : "MISC",
"url" : "http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172"
},
{
"name" : "2002-09-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2002/Sep/msg00001.html"
},
{
"name" : "5768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5768"
},
{
"name" : "macos-terminal-url-link(10156)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10156.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a telnet:// link, which is executed by Terminal.app window."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2002-09-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2002/Sep/msg00001.html"
},
{
"name": "5768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5768"
},
{
"name": "macos-terminal-url-link(10156)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10156.php"
},
{
"name": "http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172",
"refsource": "MISC",
"url": "http://apple.slashdot.org/apple/02/09/21/122236.shtml?tid=172"
}
]
}
}

160
2002/2xxx/CVE-2002-2400.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021113 Remote Buffer Overflow vulnerability in Lib HTTPd.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103720432411860&w=2"
},
{
"name" : "20021124 LibHTTPD Vulnerability and fix",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0305.html"
},
{
"name" : "http://www.securiteam.com/unixfocus/6H00I2060I.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/6H00I2060I.html"
},
{
"name" : "6172",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6172"
},
{
"name" : "libhttpd-httpdprocessrequest-bo(10615)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10615.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021113 Remote Buffer Overflow vulnerability in Lib HTTPd.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103720432411860&w=2"
},
{
"name": "20021124 LibHTTPD Vulnerability and fix",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0305.html"
},
{
"name": "libhttpd-httpdprocessrequest-bo(10615)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10615.php"
},
{
"name": "6172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6172"
},
{
"name": "http://www.securiteam.com/unixfocus/6H00I2060I.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6H00I2060I.html"
}
]
}
}

150
2003/0xxx/CVE-2003-0174.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030407-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P"
},
{
"name" : "N-084",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/n-084.shtml"
},
{
"name" : "7442",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7442"
},
{
"name" : "irix-ldap-authentication-bypass(11860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not properly verify if the USERPASSWORD attribute has been provided by an LDAP server, which could allow attackers to log in without a password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7442",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7442"
},
{
"name": "irix-ldap-authentication-bypass(11860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11860"
},
{
"name": "20030407-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030407-01-P"
},
{
"name": "N-084",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-084.shtml"
}
]
}
}

150
2003/0xxx/CVE-2003-0440.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-339",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-339"
},
{
"name" : "RHSA-2003:231",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-231.html"
},
{
"name" : "RHSA-2003:234",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-234.html"
},
{
"name" : "oval:org.mitre.oval:def:569",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:569",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A569"
},
{
"name": "RHSA-2003:231",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-231.html"
},
{
"name": "DSA-339",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-339"
},
{
"name": "RHSA-2003:234",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-234.html"
}
]
}
}

34
2003/0xxx/CVE-2003-0873.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0873",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-0873",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2003. Notes: none."
}
]
}
}

160
2003/0xxx/CVE-2003-0974.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107004362416252&w=2"
},
{
"name" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt",
"refsource" : "MISC",
"url" : "http://www.bugtraq.org/advisories/_BSSADV-0000.txt"
},
{
"name" : "20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107005523025918&w=2"
},
{
"name" : "20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=107031196324376&w=2"
},
{
"name" : "9124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9124"
},
{
"name": "http://www.bugtraq.org/advisories/_BSSADV-0000.txt",
"refsource": "MISC",
"url": "http://www.bugtraq.org/advisories/_BSSADV-0000.txt"
},
{
"name": "20031128 Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107004362416252&w=2"
},
{
"name": "20031128 Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107005523025918&w=2"
},
{
"name": "20031201 Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107031196324376&w=2"
}
]
}
}

170
2009/1xxx/CVE-2009-1013.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1013",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1014."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "53756",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53756"
},
{
"name" : "1022057",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022057"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1014."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "1022057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022057"
},
{
"name": "53756",
"refsource": "OSVDB",
"url": "http://osvdb.org/53756"
}
]
}
}

150
2009/5xxx/CVE-2009-5012.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/pyftpdlib/issues/detail?id=114",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
},
{
"name" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name" : "http://code.google.com/p/pyftpdlib/source/detail?r=596",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"name" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ftpserver.py in pyftpdlib before 0.5.2 does not require the l permission for the MLST command, which allows remote authenticated users to bypass intended access restrictions and list the root directory via an FTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/browse/trunk/HISTORY"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/detail?r=596",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/detail?r=596"
},
{
"name": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/source/diff?spec=svn596&r=596&format=side&path=/trunk/pyftpdlib/ftpserver.py"
},
{
"name": "http://code.google.com/p/pyftpdlib/issues/detail?id=114",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/pyftpdlib/issues/detail?id=114"
}
]
}
}

34
2012/0xxx/CVE-2012-0166.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0166",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-0166",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

260
2012/0xxx/CVE-2012-0444.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-07.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719612",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=719612"
},
{
"name" : "DSA-2400",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2400"
},
{
"name" : "DSA-2402",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2402"
},
{
"name" : "DSA-2406",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2406"
},
{
"name" : "MDVSA-2012:013",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
},
{
"name" : "SUSE-SU-2012:0198",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html"
},
{
"name" : "SUSE-SU-2012:0221",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html"
},
{
"name" : "openSUSE-SU-2012:0234",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
},
{
"name" : "USN-1370-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1370-1"
},
{
"name" : "51753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51753"
},
{
"name" : "oval:org.mitre.oval:def:14464",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464"
},
{
"name" : "48043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48043"
},
{
"name" : "48095",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48095"
},
{
"name" : "mozilla-nschildview-code-exec(72858)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48043"
},
{
"name": "48095",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48095"
},
{
"name": "DSA-2402",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2402"
},
{
"name": "51753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51753"
},
{
"name": "oval:org.mitre.oval:def:14464",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14464"
},
{
"name": "DSA-2400",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2400"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-07.html"
},
{
"name": "SUSE-SU-2012:0198",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00003.html"
},
{
"name": "MDVSA-2012:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:013"
},
{
"name": "DSA-2406",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2406"
},
{
"name": "SUSE-SU-2012:0221",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00007.html"
},
{
"name": "USN-1370-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1370-1"
},
{
"name": "mozilla-nschildview-code-exec(72858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72858"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=719612",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=719612"
},
{
"name": "openSUSE-SU-2012:0234",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00011.html"
}
]
}
}

450
2012/0xxx/CVE-2012-0455.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0455",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a \"DragAndDropJacking\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0455",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-13.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-13.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=704354",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=704354"
},
{
"name" : "DSA-2433",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2433"
},
{
"name" : "DSA-2458",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2458"
},
{
"name" : "MDVSA-2012:031",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
},
{
"name" : "MDVSA-2012:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
},
{
"name" : "RHSA-2012:0387",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
},
{
"name" : "RHSA-2012:0388",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
},
{
"name" : "openSUSE-SU-2012:0417",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
},
{
"name" : "SUSE-SU-2012:0424",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
},
{
"name" : "SUSE-SU-2012:0425",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
},
{
"name" : "USN-1400-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1400-3"
},
{
"name" : "USN-1400-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1400-4"
},
{
"name" : "USN-1400-5",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1400-5"
},
{
"name" : "USN-1400-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1400-2"
},
{
"name" : "USN-1401-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1401-1"
},
{
"name" : "USN-1400-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1400-1"
},
{
"name" : "52458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52458"
},
{
"name" : "oval:org.mitre.oval:def:14829",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829"
},
{
"name" : "1026804",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026804"
},
{
"name" : "1026801",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026801"
},
{
"name" : "1026803",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026803"
},
{
"name" : "48629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48629"
},
{
"name" : "48513",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48513"
},
{
"name" : "48495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48495"
},
{
"name" : "48496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48496"
},
{
"name" : "48553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48553"
},
{
"name" : "48561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48561"
},
{
"name" : "48624",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48624"
},
{
"name" : "48823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48823"
},
{
"name" : "48920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48920"
},
{
"name" : "48402",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48402"
},
{
"name" : "48359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48359"
},
{
"name" : "48414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x before 10.0.3, Thunderbird before 3.1.20 and 5.0 through 10.0, Thunderbird ESR 10.x before 10.0.3, and SeaMonkey before 2.8 do not properly restrict drag-and-drop operations on javascript: URLs, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web page, related to a \"DragAndDropJacking\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2012:0417",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-03/msg00042.html"
},
{
"name": "48402",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48402"
},
{
"name": "MDVSA-2012:031",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:031"
},
{
"name": "48624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48624"
},
{
"name": "SUSE-SU-2012:0424",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00014.html"
},
{
"name": "USN-1400-5",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1400-5"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=704354",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=704354"
},
{
"name": "48414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48414"
},
{
"name": "48359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48359"
},
{
"name": "48823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48823"
},
{
"name": "USN-1401-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1401-1"
},
{
"name": "USN-1400-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1400-4"
},
{
"name": "48629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48629"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-13.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-13.html"
},
{
"name": "USN-1400-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1400-3"
},
{
"name": "RHSA-2012:0387",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0387.html"
},
{
"name": "48496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48496"
},
{
"name": "52458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52458"
},
{
"name": "SUSE-SU-2012:0425",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00015.html"
},
{
"name": "USN-1400-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1400-2"
},
{
"name": "DSA-2458",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2458"
},
{
"name": "48920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48920"
},
{
"name": "oval:org.mitre.oval:def:14829",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14829"
},
{
"name": "DSA-2433",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2433"
},
{
"name": "MDVSA-2012:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:032"
},
{
"name": "1026803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026803"
},
{
"name": "48495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48495"
},
{
"name": "48553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48553"
},
{
"name": "USN-1400-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1400-1"
},
{
"name": "48561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48561"
},
{
"name": "RHSA-2012:0388",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0388.html"
},
{
"name": "1026801",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026801"
},
{
"name": "1026804",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026804"
},
{
"name": "48513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48513"
}
]
}
}

34
2012/0xxx/CVE-2012-0482.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0482",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0482",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/1xxx/CVE-2012-1079.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/",
"refsource" : "MISC",
"url" : "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name" : "51843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51843"
},
{
"name" : "78792",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78792"
},
{
"name" : "typo3-webservices-unspecified-code-execution(72965)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/"
},
{
"name": "78792",
"refsource": "OSVDB",
"url": "http://osvdb.org/78792"
},
{
"name": "51843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51843"
},
{
"name": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/typo3_webservice/0.3.8/"
},
{
"name": "typo3-webservices-unspecified-code-execution(72965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72965"
}
]
}
}

34
2012/1xxx/CVE-2012-1228.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1228",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1228",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/3xxx/CVE-2012-3034.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/PT-2012-45",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified methods in ActiveX controls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2012-45",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-45"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-864051.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-256-01.pdf"
}
]
}
}

130
2012/3xxx/CVE-2012-3088.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3088",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"name" : "cisco-anyconnect-unspecified(78920)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and 3.2.x, does not check whether an HTTP request originally contains ScanSafe headers, which allows remote attackers to have an unspecified impact via a crafted request, aka Bug ID CSCua13166."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html"
},
{
"name": "cisco-anyconnect-unspecified(78920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78920"
}
]
}
}

130
2012/3xxx/CVE-2012-3139.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3305.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21611313",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21611313"
},
{
"name" : "PM62467",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62467"
},
{
"name" : "was-dir-traversal-overwrite(77477)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77477"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to overwrite arbitrary files via a crafted application file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PM62467",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM62467"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21611313",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21611313"
},
{
"name": "was-dir-traversal-overwrite(77477)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77477"
}
]
}
}

34
2012/3xxx/CVE-2012-3804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/4xxx/CVE-2012-4809.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4809",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4809",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

130
2012/4xxx/CVE-2012-4904.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by \"Universal XSS (UXSS)\" attacks against the current tab."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=138035",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=138035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by \"Universal XSS (UXSS)\" attacks against the current tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=138035",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=138035"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html"
}
]
}
}

120
2012/4xxx/CVE-2012-4964.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#281284",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/281284"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#281284",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/281284"
}
]
}
}

34
2017/2xxx/CVE-2017-2018.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2018",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2018",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2205",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/2xxx/CVE-2017-2404.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/",
"refsource" : "MISC",
"url" : "https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97138",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97138"
},
{
"name" : "1038139",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038139"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves the \"Quick Look\" component. It allows remote attackers to trigger telephone calls to arbitrary numbers via a tel: URL in a PDF document, as exploited in the wild in October 2016."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/",
"refsource": "MISC",
"url": "https://www.engadget.com/2017/03/31/apple-fixes-ios-loophole-911-overload/"
},
{
"name": "1038139",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038139"
},
{
"name": "97138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97138"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

126
2017/2xxx/CVE-2017-2806.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2017-2806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Perceptive Document Filters ",
"version" : {
"version_data" : [
{
"version_value" : "11.3.0.2228"
},
{
"version_value" : "11.3.0.2400"
}
]
}
}
]
},
"vendor_name" : "Lexmark"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Perceptive Document Filters ",
"version": {
"version_data": [
{
"version_value": "11.3.0.2228"
},
{
"version_value": "11.3.0.2400"
}
]
}
}
]
},
"vendor_name": "Lexmark"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2017-0302/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2017-0302/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable arbitrary read exists in the XLS parsing of the Lexmark Perspective Document Filters conversion functionality. A crafted XLS document can lead to a arbitrary read resulting in memory disclosure. The vulnerability was confirmed on versions 11.3.0.2228 and 11.3.0.2400"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2017-0302/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2017-0302/"
}
]
}
}

132
2017/2xxx/CVE-2017-2846.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-06-19T00:00:00",
"ID" : "CVE-2017-2846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Indoor IP Camera C1 Series",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Foscam"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-19T00:00:00",
"ID": "CVE-2017-2846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Indoor IP Camera C1 Series",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Foscam"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
},
{
"name" : "99184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0348"
},
{
"name": "99184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99184"
}
]
}
}

34
2017/6xxx/CVE-2017-6117.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6117",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6117",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/6xxx/CVE-2017-6151.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2017-12-20T00:00:00",
"ID" : "CVE-2017-6151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2017-12-20T00:00:00",
"ID": "CVE-2017-6151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe",
"version": {
"version_data": [
{
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K07369970",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K07369970"
},
{
"name" : "1040052",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040052"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator and WebSafe software version 13.0.0, undisclosed requests made to BIG-IP virtual servers which make use of the \"HTTP/2 profile\" may result in a disruption of service to TMM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040052"
},
{
"name": "https://support.f5.com/csp/article/K07369970",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K07369970"
}
]
}
}

34
2017/6xxx/CVE-2017-6246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6246",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6246",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/6xxx/CVE-2017-6502.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df"
},
{
"name" : "96763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ImageMagick 6.9.7. A specially crafted webp file could lead to a file-descriptor leak in libmagickcore (thus, a DoS)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df"
},
{
"name": "96763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96763"
}
]
}
}

140
2017/6xxx/CVE-2017-6648.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-6648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco TelePresence Endpoint Denial of Service Vulnerability",
"version" : {
"version_data" : [
{
"version_value" : "Cisco TelePresence Endpoint Denial of Service Vulnerability"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-6648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco TelePresence Endpoint Denial of Service Vulnerability",
"version": {
"version_data": [
{
"version_value": "Cisco TelePresence Endpoint Denial of Service Vulnerability"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"name" : "98934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98934"
},
{
"name" : "1038624",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition. The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition. This vulnerability affects the following Cisco TC and CE platforms when running software versions prior to TC 7.3.8 and CE 8.3.0. Cisco Bug IDs: CSCux94002."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"
},
{
"name": "98934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98934"
},
{
"name": "1038624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038624"
}
]
}
}

120
2017/7xxx/CVE-2017-7226.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20905",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=20905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pe_ILF_object_p function in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, is vulnerable to a heap-based buffer over-read of size 4049 because it uses the strlen function instead of strnlen, leading to program crashes in several utilities such as addr2line, size, and strings. It could lead to information disclosure as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=20905"
}
]
}
}

140
2017/7xxx/CVE-2017-7264.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27",
"refsource" : "MISC",
"url" : "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/"
},
{
"name" : "97111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the fz_subsample_pixmap function in fitz/pixmap.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/"
},
{
"name": "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27",
"refsource": "MISC",
"url": "http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27"
},
{
"name": "97111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97111"
}
]
}
}

130
2017/7xxx/CVE-2017-7341.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2017-7341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/psirt/FG-IR-17-119",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/psirt/FG-IR-17-119"
},
{
"name" : "101273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 through 6.1-5, 7.0-7 through 7.0-10, 8.0 through 8.2, and 8.3.0 through 8.3.2 file management AP script download webUI page allows an authenticated admin user to execute arbitrary system console commands via crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-119",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-119"
},
{
"name": "101273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101273"
}
]
}
}

132
2017/7xxx/CVE-2017-7364.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-06-01T00:00:00",
"ID" : "CVE-2017-7364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "All Qualcomm products",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Video"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2017-06-01T00:00:00",
"ID": "CVE-2017-7364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "All Qualcomm products",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-06-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name" : "1038623",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an error condition, this user-provided address will be freed (arbitrary free), and continued operation could result in use after free condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Video"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-06-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-06-01"
},
{
"name": "1038623",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038623"
}
]
}
}

130
2018/10xxx/CVE-2018-10109.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44502",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44502/"
},
{
"name" : "https://github.com/monstra-cms/monstra/issues/435",
"refsource" : "MISC",
"url" : "https://github.com/monstra-cms/monstra/issues/435"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44502",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44502/"
},
{
"name": "https://github.com/monstra-cms/monstra/issues/435",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/435"
}
]
}
}

140
2018/10xxx/CVE-2018-10377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://releases.portswigger.net/2018/06/1734.html",
"refsource" : "MISC",
"url" : "http://releases.portswigger.net/2018/06/1734.html"
},
{
"name" : "https://hackerone.com/reports/337680",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/337680"
},
{
"name" : "https://integritylabs.io/advisories/cve-2018-10377",
"refsource" : "MISC",
"url" : "https://integritylabs.io/advisories/cve-2018-10377"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow man-in-the-middle attackers to obtain interaction data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://releases.portswigger.net/2018/06/1734.html",
"refsource": "MISC",
"url": "http://releases.portswigger.net/2018/06/1734.html"
},
{
"name": "https://hackerone.com/reports/337680",
"refsource": "MISC",
"url": "https://hackerone.com/reports/337680"
},
{
"name": "https://integritylabs.io/advisories/cve-2018-10377",
"refsource": "MISC",
"url": "https://integritylabs.io/advisories/cve-2018-10377"
}
]
}
}

120
2018/10xxx/CVE-2018-10515.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CMS Made Simple (CMSMS) through 2.2.7, the \"file unpack\" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md",
"refsource" : "MISC",
"url" : "https://github.com/itodaro/cmsms_cve/blob/master/README.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CMS Made Simple (CMSMS) through 2.2.7, the \"file unpack\" operation in the admin dashboard contains a remote code execution vulnerability exploitable by an admin user because a .php file can be present in the extracted ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/itodaro/cmsms_cve/blob/master/README.md",
"refsource": "MISC",
"url": "https://github.com/itodaro/cmsms_cve/blob/master/README.md"
}
]
}
}

34
2018/14xxx/CVE-2018-14182.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14182",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14182",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14276.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-736",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-736"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the submitForm method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6039."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-736",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-736"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/14xxx/CVE-2018-14628.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14628",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14628",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14713.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14713",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14713",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15204.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15204",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15204",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15246",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15246",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15332.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2018-15332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (APM), BIG-IP APM Clients, BIG-IP Edge Client",
"version" : {
"version_data" : [
{
"version_value" : "APM Client 7.1.5 - 7.1.7.1, Edge Client 7101 - 7150"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2018-15332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (APM), BIG-IP APM Clients, BIG-IP Edge Client",
"version": {
"version_data": [
{
"version_value": "APM Client 7.1.5 - 7.1.7.1, Edge Client 7101 - 7150"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K12130880",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K12130880"
},
{
"name" : "106135",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on the local client host in a race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K12130880",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K12130880"
},
{
"name": "106135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106135"
}
]
}
}

154
2018/15xxx/CVE-2018-15368.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-26T16:00:00-0500",
"ID" : "CVE-2018-15368",
"STATE" : "PUBLIC",
"TITLE" : "Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS XE Software",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.7",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-15368",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180926 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-privesc"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180926-privesc",
"defect" : [
[
"CSCuw45594"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the CLI parser of Cisco IOS XE Software could allow an authenticated, local attacker to gain access to the underlying Linux shell of an affected device and execute arbitrary commands with root privileges on the device. The vulnerability is due to the affected software improperly sanitizing command arguments to prevent modifications to the underlying Linux filesystem on a device. An attacker who has privileged EXEC mode (privilege level 15) access to an affected device could exploit this vulnerability on the device by executing CLI commands that contain crafted arguments. A successful exploit could allow the attacker to gain access to the underlying Linux shell of the affected device and execute arbitrary commands with root privileges on the device."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.7",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS XE Software Privileged EXEC Mode Root Shell Access Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-privesc"
}
]
},
"source": {
"advisory": "cisco-sa-20180926-privesc",
"defect": [
[
"CSCuw45594"
]
],
"discovery": "UNKNOWN"
}
}

130
2018/20xxx/CVE-2018-20099.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Exiv2/exiv2/issues/590",
"refsource" : "MISC",
"url" : "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an infinite loop in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/590",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
}
]
}
}

120
2018/20xxx/CVE-2018-20161.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.)"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Jacquais/BlinkVuln",
"refsource" : "MISC",
"url" : "https://github.com/Jacquais/BlinkVuln"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the Wi-Fi network. (Access to live video from the app also becomes unavailable.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Jacquais/BlinkVuln",
"refsource": "MISC",
"url": "https://github.com/Jacquais/BlinkVuln"
}
]
}
}

120
2018/20xxx/CVE-2018-20605.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20605",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20605",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#getshell",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#getshell"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "imcat 4.4 allows remote attackers to execute arbitrary PHP code by using root/run/adm.php to modify the boot/bootskip.php file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#getshell",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/imcat.md#getshell"
}
]
}
}

34
2018/9xxx/CVE-2018-9229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9229",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9229",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9254.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9254",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9254",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}