admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge

Browse Source
This commit is contained in:
jensoliver 2020-01-08 14:20:38 +01:00
parent 363d6a0668
commit c59ddb561c
6542 changed files with 201456 additions and 8176 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
2004/2xxx/CVE-2004-2776.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2776",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/mikaku/Monitorix/issues/30",
"url": "https://github.com/mikaku/Monitorix/issues/30"
},
{
"refsource": "MISC",
"name": "http://openwall.com/lists/oss-security/2013/12/12/8",
"url": "http://openwall.com/lists/oss-security/2013/12/12/8"
},
{
"refsource": "MISC",
"name": "http://marc.info/?l=bugtraq&m=109164242705572&w=2",
"url": "http://marc.info/?l=bugtraq&m=109164242705572&w=2"
}
]
}

48
2007/0xxx/CVE-2007-0158.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0158",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "thttpd 2007 has buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://taviso.decsystem.org/research.t2t",
"refsource": "MISC",
"name": "http://taviso.decsystem.org/research.t2t"
}
]
}

48
2010/3xxx/CVE-2010-3782.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-3782",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to a bug in the REST api implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html",
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00001.html"
}
]
}

5
2010/3xxx/CVE-2010-3904.json
View File

@ -141,6 +141,11 @@
"name": "SUSE-SA:2010:053",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/155751/vReliable-Datagram-Sockets-RDS-rds_page_copy_user-Privilege-Escalation.html"
}
]
}

53
2011/1xxx/CVE-2011-1474.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1474",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A locally locally exploitable DOS vulnerability was found in pax-linux versions 2.6.32.33-test79.patch, 2.6.38-test3.patch, and 2.6.37.4-test14.patch. A bad bounds check in arch_get_unmapped_area_topdown triggered by programs doing an mmap after a MAP_GROWSDOWN mmap will create an infinite loop condition without releasing the VM semaphore eventually leading to a system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1474",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1474"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2011/q1/579",
"url": "http://seclists.org/oss-sec/2011/q1/579"
}
]
}

5
2011/3xxx/CVE-2011-3188.json
View File

@ -91,6 +91,11 @@
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=bc0b96b54a21246e377122d54569eef71cec535f"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/csp/article/K15301?utm_source=f5support&utm_medium=RSS",
"url": "https://support.f5.com/csp/article/K15301?utm_source=f5support&utm_medium=RSS"
}
]
}

70
2011/3xxx/CVE-2011-3585.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3585",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple race conditions in the (1) mount.cifs and (2) umount.cifs programs in Samba 3.6 allow local users to cause a denial of service (mounting outage) via a SIGKILL signal during a time window when the /etc/mtab~ file exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Race Condition"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Samba",
"product": {
"product_data": [
{
"product_name": "Samba",
"version": {
"version_data": [
{
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.samba.org/show_bug.cgi?id=7179",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=7179"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=742907",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742907"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/09/27/1",
"url": "https://www.openwall.com/lists/oss-security/2011/09/27/1"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2011/09/30/5",
"url": "https://www.openwall.com/lists/oss-security/2011/09/30/5"
},
{
"refsource": "MISC",
"name": "https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200",
"url": "https://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200"
}
]
}

5
2011/3xxx/CVE-2011-3624.json
View File

@ -69,6 +69,11 @@
"url": "https://access.redhat.com/security/cve/cve-2011-3624",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2011-3624"
},
{
"refsource": "MISC",
"name": "https://redmine.ruby-lang.org/issues/5418",
"url": "https://redmine.ruby-lang.org/issues/5418"
}
]
}

70
2012/1xxx/CVE-2012-1104.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1104",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jasig project",
"product": {
"product_data": [
{
"product_name": "phpCAS",
"version": {
"version_data": [
{
"version_value": "1.2.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper management of service proxying"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1104",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1104"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1104"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/05/7",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/52279",
"url": "https://www.securityfocus.com/bid/52279"
},
{
"refsource": "CONFIRM",
"name": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog",
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
}
]
}

70
2012/1xxx/CVE-2012-1105.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1105",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jasig Project",
"product": {
"product_data": [
{
"product_name": "php-pear-CAS",
"version": {
"version_data": [
{
"version_value": "1.2.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Debug log and proxy configuration session data stored in /tmp without proper protection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1105",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1105"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1105"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/7",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/05/7"
},
{
"refsource": "CONFIRM",
"name": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog",
"url": "https://gitlab.vsb.cz/kal0178/sixmon/blob/b18bcde090dc38fc968a0b1e38d1dab08b8c369e/web/lib/CAS/CAS-1.3.5/docs/ChangeLog"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/52280",
"url": "https://www.securityfocus.com/bid/52280"
}
]
}

95
2012/1xxx/CVE-2012-1114.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1114",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ldap-account-manager",
"product": {
"product_data": [
{
"product_name": "LDAP Account Manager (LAM)",
"version": {
"version_data": [
{
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,73 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1114",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1114"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1114"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/12/1",
"url": "http://www.openwall.com/lists/oss-security/2012/03/12/1"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/05/24",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/24"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/12/10",
"url": "http://www.openwall.com/lists/oss-security/2012/03/12/10"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52255",
"url": "http://www.securityfocus.com/bid/52255"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971"
}
]
}

100
2012/1xxx/CVE-2012-1115.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1115",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ldap-account-manager",
"product": {
"product_data": [
{
"product_name": "LDAP Account Manager (LAM) Pro",
"version": {
"version_data": [
{
"version_value": "3.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,78 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS flaws via 'export', 'add_value_form' and 'dn' variables"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089328.html"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1115",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1115"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1115"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/12/1"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089297.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089313.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/05/24",
"url": "http://www.openwall.com/lists/oss-security/2012/03/05/24"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/12/10",
"url": "http://www.openwall.com/lists/oss-security/2012/03/12/10"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52255",
"url": "http://www.securityfocus.com/bid/52255"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73971"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74357"
}
]
}

15
2012/1xxx/CVE-2012-1164.json
View File

@ -91,6 +91,21 @@
"name": "http://www.openldap.org/software/release/changes.html",
"refsource": "CONFIRM",
"url": "http://www.openldap.org/software/release/changes.html"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210788",
"url": "https://support.apple.com/kb/HT210788"
},
{
"refsource": "BUGTRAQ",
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
}
]
}

65
2012/1xxx/CVE-2012-1577.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1577",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "dietlibc",
"product": {
"product_data": [
{
"product_name": "dietlibc",
"version": {
"version_data": [
{
"version_value": "before 0.33"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Random Number Generation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1577",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1577"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/23/14",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/14"
},
{
"refsource": "CONFIRM",
"name": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16",
"url": "http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16"
},
{
"refsource": "MISC",
"name": "https://github.com/ensc/dietlibc/blob/master/CHANGES",
"url": "https://github.com/ensc/dietlibc/blob/master/CHANGES"
}
]
}

65
2012/1xxx/CVE-2012-1592.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1592",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libstruts1.2-java",
"version": {
"version_data": [
{
"version_value": "1.2-"
}
]
}
}
]
},
"vendor_name": "libstruts1.2-java"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "xsltResult local code execution flaw"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-1592",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-1592"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1592"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-1592",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-1592"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/03/28/12",
"url": "http://www.openwall.com/lists/oss-security/2012/03/28/12"
}
]
}

75
2012/1xxx/CVE-2012-1615.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1615",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sectool",
"version": {
"version_data": [
{
"version_value": "through 2012-04-03"
}
]
}
}
]
},
"vendor_name": "sectool"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Privilege Escalation vulnerability exits in Fedoraproject Sectool due to an incorrect DBus file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1615"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/076873.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081113.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/04/04/2",
"url": "http://www.openwall.com/lists/oss-security/2012/04/04/2"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52884",
"url": "http://www.securityfocus.com/bid/52884"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74655"
}
]
}

65
2012/2xxx/CVE-2012-2092.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2092",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Ubuntu",
"product": {
"product_data": [
{
"product_name": "Cobbler",
"version": {
"version_data": [
{
"version_value": "before 2.2.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Security Bypass vulnerability exists in Ubuntu Cobbler before 2,2,2 in the cobbler-ubuntu-import script due to an error when verifying the GPG signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2092",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2092"
},
{
"url": "http://www.securityfocus.com/bid/52971",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/52971"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/04/10/14",
"url": "http://www.openwall.com/lists/oss-security/2012/04/10/14"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74789",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74789"
}
]
}

75
2012/2xxx/CVE-2012-2130.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2130",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "polarssl",
"product": {
"product_data": [
{
"product_name": "polarssl",
"version": {
"version_data": [
{
"version_value": "0.99pre4 through 1.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A Security Bypass vulnerability exists in PolarSSL 0.99pre4 through 1.1.1 due to a weak encryption error when generating Diffie-Hellman values and RSA keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "weak key generation in 0.99pre4 throught to 1.1.1"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2130",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2130"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2130"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2012-2130"
},
{
"refsource": "MISC",
"name": "http://security.gentoo.org/glsa/glsa-201310-10.xml",
"url": "http://security.gentoo.org/glsa/glsa-201310-10.xml"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/53610",
"url": "http://www.securityfocus.com/bid/53610"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75726"
}
]
}

60
2012/2xxx/CVE-2012-2148.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2148",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "jbossas4",
"product": {
"product_data": [
{
"product_name": "AS",
"version": {
"version_data": [
{
"version_value": "7.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2148",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2148"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2148",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2148"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2148",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2148"
}
]
}

70
2012/2xxx/CVE-2012-2237.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2237",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,71 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mahara",
"product": {
"product_data": [
{
"product_name": "Mahara",
"version": {
"version_data": [
{
"version_value": "1.4.x before 1.4.3 and 1.5.x before 1.5.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/mahara/+bug/1009774",
"url": "https://bugs.launchpad.net/mahara/+bug/1009774"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/mahara/+bug/1009777",
"url": "https://bugs.launchpad.net/mahara/+bug/1009777"
},
{
"refsource": "MISC",
"name": "https://bugs.launchpad.net/mahara/+bug/1009784",
"url": "https://bugs.launchpad.net/mahara/+bug/1009784"
},
{
"refsource": "MISC",
"name": "https://mahara.org/interaction/forum/topic.php?id=4748",
"url": "https://mahara.org/interaction/forum/topic.php?id=4748"
},
{
"refsource": "MISC",
"name": "http://www.debian.org/security/2012/dsa-2540",
"url": "http://www.debian.org/security/2012/dsa-2540"
}
]
}

60
2012/2xxx/CVE-2012-2312.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2312",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "JBoss AS 7",
"product": {
"product_data": [
{
"product_name": "JBoss",
"version": {
"version_data": [
{
"version_value": "AS 7 Community Release"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2312"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2312",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2312"
}
]
}

70
2012/2xxx/CVE-2012-2656.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2656",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "www.restlet.org/",
"product": {
"product_data": [
{
"product_name": "Restlet",
"version": {
"version_data": [
{
"version_value": "1.1.10"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "vulnerability in Restlet"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2656",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2656"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2656"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2656",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2656"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/9",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/29/9"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/05/29/11",
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/11"
}
]
}

15
2012/2xxx/CVE-2012-2668.json
View File

@ -111,6 +111,21 @@
"name": "53823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53823"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210788",
"url": "https://support.apple.com/kb/HT210788"
},
{
"refsource": "BUGTRAQ",
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
}
]
}

85
2012/2xxx/CVE-2012-2736.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2736",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "network-manager",
"product": {
"product_data": [
{
"product_name": "network-manager",
"version": {
"version_data": [
{
"version_value": "0.9.2.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-2736",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-2736"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-2736",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-2736"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/15/2",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/06/15/4",
"url": "http://www.openwall.com/lists/oss-security/2012/06/15/4"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1483-1",
"url": "http://www.ubuntu.com/usn/USN-1483-1"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-1483-2",
"url": "http://www.ubuntu.com/usn/USN-1483-2"
}
]
}

75
2012/3xxx/CVE-2012-3409.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3409",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ecryptfs-utils",
"product": {
"product_data": [
{
"product_name": "ecryptfs-utils",
"version": {
"version_data": [
{
"version_value": "< 99"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "suid helper does not restrict mounting filesystems with nosuid,nodev leading to possible privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-3409",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-3409"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3409"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/07/12/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/12/1"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/11/23",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/23"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/07/13/5",
"url": "http://www.openwall.com/lists/oss-security/2012/07/13/5"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-3409"
}
]
}

60
2012/3xxx/CVE-2012-3462.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3462",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "sssd",
"product": {
"product_data": [
{
"product_name": "sssd",
"version": {
"version_data": [
{
"version_value": "1.9.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3462"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-3462",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-3462"
},
{
"refsource": "MISC",
"name": "https://pagure.io/SSSD/sssd/issue/1470",
"url": "https://pagure.io/SSSD/sssd/issue/1470"
}
]
}

80
2012/4xxx/CVE-2012-4420.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4420",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "java-1.7.0-openjdk",
"product": {
"product_data": [
{
"product_name": "java-1.7.0-openjdk",
"version": {
"version_data": [
{
"version_value": "1.7.0_04 to 1.7.0_10"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information disclosure flaw was found in the way the Java Virtual Machine (JVM) implementation of Java SE 7 as provided by OpenJDK 7 incorrectly initialized integer arrays after memory allocation (in certain circumstances they had nonzero elements right after the allocation). A remote attacker could use this flaw to obtain potentially sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4420"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-4420",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-4420"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78693"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/09/13/3",
"url": "http://www.openwall.com/lists/oss-security/2012/09/13/3"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55538",
"url": "http://www.securityfocus.com/bid/55538"
},
{
"refsource": "MISC",
"name": "https://www.openwall.com/lists/oss-security/2012/09/12/4",
"url": "https://www.openwall.com/lists/oss-security/2012/09/12/4"
},
{
"refsource": "MISC",
"name": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857",
"url": "https://bugs.java.com/bugdatabase/view_bug.do?bug_id=7196857"
}
]
}

85
2012/4xxx/CVE-2012-4451.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4451",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,86 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\\PubSubHubbub, (3) Log\\Formatter\\Xml, (4) Tag\\Cloud\\Decorator, (5) Uri, (6) View\\Helper\\HeadStyle, (7) View\\Helper\\Navigation\\Sitemap, or (8) View\\Helper\\Placeholder\\Container\\AbstractStandalone, related to Escaper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zend Technologies",
"product": {
"product_data": [
{
"product_name": "Zend Framework",
"version": {
"version_data": [
{
"version_value": "2.0.x before 2.0.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688946#10"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=436210",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=436210"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2012/q3/571",
"url": "http://seclists.org/oss-sec/2012/q3/571"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2012/q3/573",
"url": "http://seclists.org/oss-sec/2012/q3/573"
},
{
"refsource": "MISC",
"name": "http://framework.zend.com/security/advisory/ZF2012-03",
"url": "http://framework.zend.com/security/advisory/ZF2012-03"
},
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=860738",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=860738"
},
{
"refsource": "MISC",
"name": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733",
"url": "https://github.com/zendframework/zf2/commit/27131ca9520bdf1d4c774c71459eba32f2b10733"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/55636",
"url": "http://www.securityfocus.com/bid/55636"
}
]
}

53
2012/4xxx/CVE-2012-4980.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4980",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple stack-based buffer overflows in CFProfile.exe in Toshiba ConfigFree Utility 8.0.38 allow user-assisted attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "BID",
"name": "55644",
"url": "http://www.securityfocus.com/bid/55644"
},
{
"refsource": "XF",
"name": "78801",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78801"
}
]
}

65
2012/5xxx/CVE-2012-5474.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5474",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-django-horizon",
"product": {
"product_data": [
{
"product_name": "python-django-horizon",
"version": {
"version_data": [
{
"version_value": "before 2012.1.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret key value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dashboard /etc/openstack-dashboard/local_settings secret key exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5474",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5474"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5474"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5474",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5474"
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html",
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2012-November/092841.html"
}
]
}

60
2012/5xxx/CVE-2012-5476.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5476",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openstack-dashboard",
"product": {
"product_data": [
{
"product_name": "openstack-dashboard",
"version": {
"version_data": [
{
"version_value": "RHOS Essex Preview (2012.2)"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5476",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5476"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5476"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5476",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5476"
}
]
}

14
2012/5xxx/CVE-2012-5620.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5620",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-5620",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

65
2012/5xxx/CVE-2012-5639.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5639",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "LibreOffice; OpenOffice",
"product": {
"product_data": [
{
"product_name": "LibreOffice, OpenOffice",
"version": {
"version_data": [
{
"version_value": "through at least 2012-12-15"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "LibreOffice and OpenOffice automatically open embedded content"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5639",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5639"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5639"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/14/1",
"url": "http://www.openwall.com/lists/oss-security/2012/12/14/1"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-5639"
}
]
}

110
2012/5xxx/CVE-2012-5645.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5645",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "freeciv",
"product": {
"product_data": [
{
"product_name": "freeciv",
"version": {
"version_data": [
{
"version_value": "before 2.3.4"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,88 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A denial of service flaw was found in the way the server component of Freeciv before 2.3.4 processed certain packets. A remote attacker could send a specially-crafted packet that, when processed would lead to memory exhaustion or excessive CPU consumption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS (memory exhaustion or excessive CPU consumption) via malformed network packets"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5645",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5645"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5645"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5645",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5645"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/12/18/5",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/18/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/31/2",
"url": "http://www.openwall.com/lists/oss-security/2012/12/31/2"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095378.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/095381.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-January/096391.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/22/4",
"url": "http://www.openwall.com/lists/oss-security/2012/12/22/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/30/11",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/11"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/30/8",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/8"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/41352",
"url": "http://www.securityfocus.com/bid/41352"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696306"
}
]
}

70
2012/5xxx/CVE-2012-5663.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5663",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "textproc/isearch package",
"product": {
"product_data": [
{
"product_name": "textproc/isearch package",
"version": {
"version_data": [
{
"version_value": "before 1.47.01nb1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The isearch package (textproc/isearch) before 1.47.01nb1 uses the tempnam() function to create insecure temporary files into a publicly-writable area (/tmp)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-5663",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-5663"
},
{
"url": "https://access.redhat.com/security/cve/cve-2012-5663",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2012-5663"
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/12/21/2",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/21/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2012/12/21/3",
"url": "http://www.openwall.com/lists/oss-security/2012/12/21/3"
},
{
"refsource": "MISC",
"name": "http://gnats.netbsd.org/47360",
"url": "http://gnats.netbsd.org/47360"
}
]
}

48
2012/5xxx/CVE-2012-5693.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5693",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddressTB parameter to (1) remoteAttack.pl or (2) guessPassword.pl in frameworkgui/; the filename parameter to (3) CSAttack.pl or (4) SEAttack.pl in frameworkgui/; the phNo2Attack parameter to (5) CSAttack.pl or (6) SEAttack.pl in frameworkgui/; the (7) platformDD2 parameter to frameworkgui/SEAttack.pl; the (8) agentURLPath or (9) agentControlKey parameter to frameworkgui/attach2agents.pl; or the (10) controlKey parameter to frameworkgui/attachMobileModem.pl. NOTE: The hostingPath parameter to CSAttack.pl and SEAttack.pl vectors and the appURLPath parameter to attachMobileModem.pl vector are covered by CVE-2012-5878."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23123",
"url": "https://www.htbridge.com/advisory/HTB23123"
}
]
}

53
2012/5xxx/CVE-2012-5878.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5878",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath parameter to frameworkgui/attachMobileModem.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23123",
"url": "https://www.htbridge.com/advisory/HTB23123"
},
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23127",
"url": "https://www.htbridge.com/advisory/HTB23127"
}
]
}

80
2012/6xxx/CVE-2012-6094.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6094",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cups",
"product": {
"product_data": [
{
"product_name": "cups",
"version": {
"version_data": [
{
"version_value": "<= 1.7.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which could provide unauthorized access to the system"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "'Listen localhost:631' option not honoured correctly on IPv6-enabled systems when systemd used for CUPS socket activation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6094",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6094"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6094"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6094"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82451",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82451"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/04/5",
"url": "http://www.openwall.com/lists/oss-security/2013/01/04/5"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57158",
"url": "http://www.securityfocus.com/bid/57158"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-6094"
}
]
}

65
2012/6xxx/CVE-2012-6111.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6111",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gnome-keyring",
"product": {
"product_data": [
{
"product_name": "gnome-keyring",
"version": {
"version_data": [
{
"version_value": "Fixed 3.14.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gnome-keyring does not discard stored secrets when using gnome_keyring_lock_all_sync function"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "does not discard stored secrets in some cases"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6111",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2012-6111"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/17/4",
"url": "http://www.openwall.com/lists/oss-security/2013/01/17/4"
},
{
"refsource": "REDHAT",
"name": "Red Hat",
"url": "https://access.redhat.com/security/cve/cve-2012-6111"
},
{
"refsource": "MISC",
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=690466",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=690466"
}
]
}

55
2013/0xxx/CVE-2013-0163.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0163",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OpenShift haproxy cartridge",
"version": {
"version_data": [
{
"version_value": "through 2013-01-08"
}
]
}
}
]
},
"vendor_name": "OpenShift haproxy cartridge"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenShift haproxy cartridge: predictable /tmp in set-proxy connection hook which could facilitate DoS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "predictable /tmp in set-proxy connection hook"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0163"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0163",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0163"
}
]
}

55
2013/0xxx/CVE-2013-0196.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0196",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "OpenShift",
"product": {
"product_data": [
{
"product_name": "OpenShift Enterprise",
"version": {
"version_data": [
{
"version_value": "1.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A CSRF issue was found in OpenShift Enterprise 1.2. The web console is using 'Basic authentication' and the REST API has no CSRF attack protection mechanism. This can allow an attacker to obtain the credential and the Authorization: header when requesting the REST API via web browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0196"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0196",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0196"
}
]
}

61
2013/0xxx/CVE-2013-0202.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0202",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,62 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in ownCloud 4.5.5, 4.0.10, and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to core/ajax/sharing.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "ownCloud",
"product": {
"product_data": [
{
"product_name": "ownCloud",
"version": {
"version_data": [
{
"version_value": "4.5.5"
},
{
"version_value": "4.0.10"
},
{
"version_value": "and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81476"
},
{
"refsource": "MISC",
"name": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/",
"url": "https://owncloud.org/security/advisories/multiple-xss-vulnerabilities-3/"
}
]
}

60
2013/0xxx/CVE-2013-0243.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0243",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "haskell-tls-extra",
"product": {
"product_data": [
{
"product_name": "haskell-tls-extra",
"version": {
"version_data": [
{
"version_value": "< 0.6.1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "haskell-tls-extra before 0.6.1 has Basic Constraints attribute vulnerability may lead to Man in the Middle attacks on TLS connections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "constraints vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0243",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0243"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0243",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0243"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/01/30/6",
"url": "http://www.openwall.com/lists/oss-security/2013/01/30/6"
}
]
}

55
2013/0xxx/CVE-2013-0264.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0264",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "cumin",
"product": {
"product_data": [
{
"product_name": "cumin",
"version": {
"version_data": [
{
"version_value": "r5310"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An import error was introduced in Cumin in the code refactoring in r5310. Server certificate validation is always disabled when connecting to Aviary servers, even if the installed packages on a system support it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "General Configuration Problem"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0264",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0264"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0264",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0264"
}
]
}

55
2013/0xxx/CVE-2013-0283.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0283",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Katello",
"version": {
"version_data": [
{
"version_value": "through 2013-02-13"
}
]
}
}
]
},
"vendor_name": "Katello"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Katello: Username in Notification page has cross site scripting"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Username in Notification page XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0283"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0283",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0283"
}
]
}

70
2013/0xxx/CVE-2013-0293.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0293",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "oVirt Node",
"product": {
"product_data": [
{
"product_name": "oVirt Node",
"version": {
"version_data": [
{
"version_value": "2.6.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "oVirt Node: Lock screen accepts F2 to drop to shell causing privilege escalation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "screen accepts F2 to drop to shell"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0293",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0293"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0293",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0293"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/28/13",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/13"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/58227",
"url": "http://www.securityfocus.com/bid/58227"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82474",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82474"
}
]
}

65
2013/0xxx/CVE-2013-0326.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0326",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openstack-nova",
"product": {
"product_data": [
{
"product_name": "openstack-nova",
"version": {
"version_data": [
{
"version_value": "3.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "OpenStack nova base images permissions are world readable"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "images permissions world readable"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-0326",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-0326"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0326",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0326"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-0326",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-0326"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-0326",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-0326"
}
]
}

80
2013/0xxx/CVE-2013-0342.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0342",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,81 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The CreateID function in packet.py in pyrad before 2.1 uses sequential packet IDs, which makes it easier for remote attackers to spoof packets by predicting the next ID, a different vulnerability than CVE-2013-0294."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptography"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "pyrad",
"product": {
"product_data": [
{
"product_name": "pyrad",
"version": {
"version_data": [
{
"version_value": "before 2.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=911685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=911685"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/15/9",
"url": "http://www.openwall.com/lists/oss-security/2013/02/15/9"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/22/2",
"url": "http://www.openwall.com/lists/oss-security/2013/02/22/2"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/02/21/27",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/27"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/57984",
"url": "http://www.securityfocus.com/bid/57984"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82134"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5",
"url": "https://github.com/pyradius/pyrad/commit/38f74b36814ca5b1a27d9898141126af4953bee5"
}
]
}

50
2013/0xxx/CVE-2013-0737.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-0737",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "BoltWire",
"product": {
"product_data": [
{
"product_name": "BoltWire",
"version": {
"version_data": [
{
"version_value": "3.5 and earlier"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84698"
}
]
}

58
2013/1xxx/CVE-2013-1420.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1420",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to backup-edit.php; (2) title or (3) menu parameter to edit.php; or (4) path or (5) returnid parameter to filebrowser.php in admin/. NOTE: the path parameter in admin/upload.php vector is already covered by CVE-2012-6621."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.htbridge.com/advisory/HTB23141",
"url": "https://www.htbridge.com/advisory/HTB23141"
},
{
"refsource": "MISC",
"name": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-05/0005.html"
},
{
"refsource": "MISC",
"name": "http://get-simple.info/changelog",
"url": "http://get-simple.info/changelog"
}
]
}

58
2013/1xxx/CVE-2013-1642.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1642",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,8 +11,62 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) dir, (2) item, (3) order, (4) searchitem, (5) selitems[], or (6) srt parameter to index.php or (7) the QUERY_STRING to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://github.com/realtimeprojects/quixplorer",
"url": "https://github.com/realtimeprojects/quixplorer"
},
{
"refsource": "MISC",
"name": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt",
"url": "https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-030.txt"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89056",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89056"
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}
}

55
2013/1xxx/CVE-2013-1689.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1689",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Mozilla",
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_value": "20.0a1"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Mozilla Firefox 20.0a1 and earlier allows remote attackers to cause a denial of service (crash), related to event handling with frames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-1689",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-1689"
},
{
"refsource": "CONFIRM",
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=817219",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=817219"
}
]
}

55
2013/1xxx/CVE-2013-1793.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1793",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "openstack-utils",
"product": {
"product_data": [
{
"product_name": "openstack-db program",
"version": {
"version_data": [
{
"version_value": "through 2013-02-28"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "openstack-utils openstack-db has insecure password creation"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "openstack-db insecure password creation for services"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1793",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1793"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-1793",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-1793"
}
]
}

65
2013/2xxx/CVE-2013-2011.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2011",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Super Cache Plugin",
"product": {
"product_data": [
{
"product_name": "Super Cache Plugin",
"version": {
"version_data": [
{
"version_value": "1.3.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. This issue exists because of an incomplete fix for CVE-2013-2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2011",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2011"
},
{
"url": "http://www.securityfocus.com/bid/59473",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59473"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/25/4",
"url": "http://www.openwall.com/lists/oss-security/2013/04/25/4"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83800"
}
]
}

90
2013/2xxx/CVE-2013-2016.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2016",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "qemu",
"product": {
"product_data": [
{
"product_name": "qemu (virtio-rng)",
"version": {
"version_data": [
{
"version_value": "v1.3.0 and later"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A flaw was found in the way qemu v1.3.0 and later (virtio-rng) validates addresses when guest accesses the config space of a virtio device. If the virtio device has zero/small sized config space, such as virtio-rng, a privileged guest user could use this flaw to access the matching host's qemu address space and thus increase their privileges on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2016",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2016"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2016"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2016",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2016"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-05/msg00002.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/5",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/5"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/04/29/6",
"url": "http://www.openwall.com/lists/oss-security/2013/04/29/6"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/59541",
"url": "http://www.securityfocus.com/bid/59541"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83850"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d",
"url": "https://github.com/qemu/qemu/commit/5f5a1318653c08e435cfa52f60b6a712815b659d"
}
]
}

55
2013/2xxx/CVE-2013-2095.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2095",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "rubygem-openshift-origin-controller",
"version": {
"version_data": [
{
"version_value": "through 2013-05-15"
}
]
}
}
]
},
"vendor_name": "rubygem-openshift-origin-controller"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "rubygem-openshift-origin-controller: API can be used to create applications via cartridge_cache.rb URI.prase() to perform command injection"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cartridge_cache.rb URI.prase() command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2095",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2095"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2095",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2095"
}
]
}

65
2013/2xxx/CVE-2013-2159.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2159",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "monkey",
"product": {
"product_data": [
{
"product_name": "monkey",
"version": {
"version_data": [
{
"version_value": "< 1.2.2"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Monkey HTTP Daemon: broken user name authentication"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "broken authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2159",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2159"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/07/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/07/4"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60415",
"url": "http://www.securityfocus.com/bid/60415"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85138",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85138"
}
]
}

85
2013/2xxx/CVE-2013-2166.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2166",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-keystoneclient",
"product": {
"product_data": [
{
"product_name": "python-keystoneclient",
"version": {
"version_data": [
{
"version_value": "< 0.2.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache encryption bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memcache encryption bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2166",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2166"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2166"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-2166"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2166",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2166"
},
{
"url": "http://www.securityfocus.com/bid/60684",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60684"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
}
]
}

90
2013/2xxx/CVE-2013-2167.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2167",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "python-keystoneclient",
"product": {
"product_data": [
{
"product_name": "python-keystoneclient",
"version": {
"version_data": [
{
"version_value": "< 0.2.6"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,68 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "python-keystoneclient version 0.2.3 to 0.2.5 has middleware memcache signing bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "memcache signing bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2167",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2167"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2167"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-2167",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-2167"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-2167"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113944.html"
},
{
"refsource": "MISC",
"name": "http://rhn.redhat.com/errata/RHSA-2013-0992.html",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0992.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/19/5",
"url": "http://www.openwall.com/lists/oss-security/2013/06/19/5"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60680",
"url": "http://www.securityfocus.com/bid/60680"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85492"
}
]
}

65
2013/2xxx/CVE-2013-2183.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2183",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "monkey",
"product": {
"product_data": [
{
"product_name": "monkey",
"version": {
"version_data": [
{
"version_value": "through 2013-06-14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Monkey HTTP Daemon has local security bypass"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-2183",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-2183"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/06/14/13",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/14/13"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/06/14/12",
"url": "http://www.openwall.com/lists/oss-security/2013/06/14/12"
},
{
"refsource": "MISC",
"name": "https://www.securityfocus.com/bid/60589",
"url": "https://www.securityfocus.com/bid/60589"
}
]
}

48
2013/3xxx/CVE-2013-3085.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3085",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,51 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authentication bypass exists in the web management interface in Belkin F5D8236-4 v2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.ise.io/research/studies-and-papers/belkin_f5d8236-4v2/",
"url": "https://www.ise.io/research/studies-and-papers/belkin_f5d8236-4v2/"
}
]
}

53
2013/3xxx/CVE-2013-3088.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3088",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Belkin N900 router (F9K1104v1) contains an Authentication Bypass using \"Javascript debugging\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php",
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"refsource": "MISC",
"name": "https://www.ise.io/research/studies-and-papers/belkin_n900/",
"url": "https://www.ise.io/research/studies-and-papers/belkin_n900/"
}
]
}

55
2013/3xxx/CVE-2013-3246.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3246",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted image layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84643"
}
]
}

55
2013/3xxx/CVE-2013-3247.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3247",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.03 allows remote attackers to execute arbitrary code via a crafted RLE compressed layer in an XCF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.03"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml",
"url": "http://www.fuzzmyapp.com/advisories/FMA-2013-003/FMA-2013-003-EN.xml"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84642"
}
]
}

53
2013/3xxx/CVE-2013-3542.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3542",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models with firmware 1.0.4.11, have a hardcoded account \"!#/\" with the same password, which makes it easier for remote attackers to obtain access via a TELNET session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Jun/84",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=XkCBs4lenhI",
"url": "https://www.youtube.com/watch?v=XkCBs4lenhI"
}
]
}

70
2013/3xxx/CVE-2013-3619.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3619",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supermicro",
"product": {
"product_data": [
{
"product_name": "IPMI",
"version": {
"version_data": [
{
"version_value": "before SMT_X9_317 and before SMT X8 312"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before SMT_X9_317 and firmware for Supermicro X8 generation motherboards before SMT X8 312 contain harcoded private encryption keys for the (1) Lighttpd web server SSL interface and the (2) Dropbear SSH daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.citrix.com/article/CTX216642",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"refsource": "CONFIRM",
"name": "http://support.citrix.com/article/CTX216642",
"url": "http://support.citrix.com/article/CTX216642"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89044"
},
{
"refsource": "CONFIRM",
"name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
}
]
}

70
2013/3xxx/CVE-2013-3620.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3620",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Supermicro",
"product": {
"product_data": [
{
"product_name": "IPMI",
"version": {
"version_data": [
{
"version_value": "before 3.15 (SMT_X9_315) and before SMT X8 312"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Hardcoded WSMan credentials in Intelligent Platform Management Interface (IPMI) with firmware for Supermicro X9 generation motherboards before 3.15 (SMT_X9_315) and firmware for Supermicro X8 generation motherboards before SMT X8 312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://support.citrix.com/article/CTX216642",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"refsource": "CONFIRM",
"name": "http://support.citrix.com/article/CTX216642",
"url": "http://support.citrix.com/article/CTX216642"
},
{
"url": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities",
"refsource": "MISC",
"name": "https://community.rapid7.com/community/metasploit/blog/2013/11/05/supermicro-ipmi-firmware-vulnerabilities"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89045",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89045"
},
{
"refsource": "CONFIRM",
"name": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf",
"url": "https://www.supermicro.com/products/nfo/files/IPMI/CVE_Update.pdf"
}
]
}

14
2013/3xxx/CVE-2013-3621.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3621",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-3621",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-3607. Reason: This candidate is a reservation duplicate of CVE-2013-3607. Notes: All CVE users should reference CVE-2013-3607 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

28
2013/3xxx/CVE-2013-3633.json
View File

@ -4,6 +4,9 @@
"ID": "CVE-2013-3633",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
@ -27,17 +30,6 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 relies on client-side privilege checks, which allows remote authenticated users to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -50,12 +42,20 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The user privileges for the web interface are only enforced on client side and not properly verified on server side. Therefore, an attacker is able to execute privileged commands using an unprivileged account."
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}

28
2013/3xxx/CVE-2013-3634.json
View File

@ -4,6 +4,9 @@
"ID": "CVE-2013-3634",
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_version": "4.0",
"data_type": "CVE",
"affects": {
"vendor": {
"vendor_data": [
@ -27,17 +30,6 @@
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SNMPv3 functionality on Siemens Scalance X200 IRT switches with firmware before X-200IRT 5.1.0 does not properly validate credentials, which allows remote attackers to execute arbitrary SNMP commands by leveraging knowledge of a username."
}
]
},
"problemtype": {
"problemtype_data": [
{
@ -50,12 +42,20 @@
}
]
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (Versions < V5.0.0 for CVE-2013-3633 and versions < V4.5.0 for CVE-2013-3634), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.1.0). The implementation of SNMPv3 does not check the user credentials sufficiently. Therefore, an attacker is able to execute SNMP commands without correct credentials."
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-170686.pdf"
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170686.pdf"
}
]
}

53
2013/3xxx/CVE-2013-3691.json
View File

@ -2,7 +2,7 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3691",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2013/Jun/84",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
},
{
"refsource": "MISC",
"name": "https://www.youtube.com/watch?v=2UCAHSVqfuE",
"url": "https://www.youtube.com/watch?v=2UCAHSVqfuE"
}
]
}

60
2013/3xxx/CVE-2013-3931.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3931",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jomres",
"product": {
"product_data": [
{
"product_name": "Jomres component for Joomla!",
"version": {
"version_data": [
{
"version_value": "before 7.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61634",
"url": "http://www.securityfocus.com/bid/61634"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86251",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86251"
},
{
"refsource": "MISC",
"name": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html",
"url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"
}
]
}

60
2013/3xxx/CVE-2013-3932.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3932",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Jomres",
"product": {
"product_data": [
{
"product_name": "Jomres component for Joomla!",
"version": {
"version_data": [
{
"version_value": "before 7.3.1"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61635",
"url": "http://www.securityfocus.com/bid/61635"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"
},
{
"refsource": "MISC",
"name": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html",
"url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"
}
]
}

65
2013/3xxx/CVE-2013-3935.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3935",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.1 and Opsview Core before 20130522 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery "
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opsview",
"product": {
"product_data": [
{
"product_name": "Opsview",
"version": {
"version_data": [
{
"version_value": "before 4.4.1"
}
]
}
},
{
"product_name": "Opsview Core",
"version": {
"version_data": [
{
"version_value": "before 20130522"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes",
"url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes"
},
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822",
"url": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822"
}
]
}

65
2013/3xxx/CVE-2013-3936.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3936",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,66 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Opsview",
"product": {
"product_data": [
{
"product_name": "Opsview",
"version": {
"version_data": [
{
"version_value": "before 4.4.1"
}
]
}
},
{
"product_name": "Opsview Core",
"version": {
"version_data": [
{
"version_value": "before 20130522"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes",
"url": "http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes"
},
{
"refsource": "MISC",
"name": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822",
"url": "http://docs.opsview.com/doku.php?id=opsview-core:changes#opsview_core_20130822"
}
]
}

55
2013/3xxx/CVE-2013-3937.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3937",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in xnview.exe in XnView before 2.13 allows remote attackers to execute arbitrary code via the biBitCount field in a BMP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "SECUNIA",
"name": "52101",
"url": "http://secunia.com/advisories/52101"
},
{
"refsource": "CONFIRM",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
}
]
}

55
2013/3xxx/CVE-2013-3939.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3939",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "SECUNIA",
"name": "52101",
"url": "http://secunia.com/advisories/52101"
},
{
"refsource": "CONFIRM",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
}
]
}

55
2013/3xxx/CVE-2013-3941.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3941",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,56 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "XnView",
"product": {
"product_data": [
{
"product_name": "XnView",
"version": {
"version_data": [
{
"version_value": "before 2.13"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087",
"url": "http://newsgroup.xnview.com/viewtopic.php?f=35&t=29087"
},
{
"refsource": "MISC",
"name": "http://secunia.com/advisories/52101",
"url": "http://secunia.com/advisories/52101"
}
]
}

60
2013/3xxx/CVE-2013-3944.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3944",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,61 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/64385",
"url": "http://www.securityfocus.com/bid/64385"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89804"
}
]
}

55
2013/3xxx/CVE-2013-3945.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3945",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a nband tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89805"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}

55
2013/3xxx/CVE-2013-3946.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3946",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "IrfanView",
"product": {
"product_data": [
{
"product_name": "MrSID plugin",
"version": {
"version_data": [
{
"version_value": "before 4.37"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89806"
},
{
"refsource": "CONFIRM",
"name": "https://www.irfanview.com/history_old.htm",
"url": "https://www.irfanview.com/history_old.htm"
}
]
}

55
2013/4xxx/CVE-2013-4120.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4120",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Katello",
"version": {
"version_data": [
{
"version_value": "through 2013-07-12"
}
]
}
}
]
},
"vendor_name": "Katello"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Katello has a Denial of Service vulnerability in API OAuth authentication"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS in API OAuth authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4120"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4120",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4120"
}
]
}

80
2013/4xxx/CVE-2013-4133.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4133",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "kde-workspace",
"product": {
"product_data": [
{
"product_name": "kde-workspace",
"version": {
"version_data": [
{
"version_value": "< 4.10.5"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "kde-workspace before 4.10.5 has a memory leak in plasma desktop"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4133",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4133"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4133"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4133",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4133"
},
{
"url": "http://www.openwall.com/lists/oss-security/2013/07/16/4",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/07/16/4"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00002.html"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61201",
"url": "http://www.securityfocus.com/bid/61201"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85797",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85797"
}
]
}

85
2013/4xxx/CVE-2013-4158.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4158",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "smokeping",
"product": {
"product_data": [
{
"product_name": "smokeping",
"version": {
"version_data": [
{
"version_value": "< 2.6.9"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,63 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS flaw (incomplete fix for CVE-2012-0790)"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4158",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4158"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4158",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4158"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4158",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4158"
},
{
"url": "http://www.securityfocus.com/bid/61371",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61371"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113987.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/114008.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/07/20/2",
"url": "http://www.openwall.com/lists/oss-security/2013/07/20/2"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85887",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85887"
}
]
}

70
2013/4xxx/CVE-2013-4161.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4161",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "gksu-polkit-0.0.3-6.fc18",
"product": {
"product_data": [
{
"product_name": "gksu-polkit-0.0.3-6.fc18",
"version": {
"version_data": [
{
"version_value": "0.0.3-6.fc18"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,48 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "gksu-polkit-0.0.3-6.fc18 was reported as fixing the issue in CVE-2012-5617 but the patch was improperly applied and it did not fixed the security issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4161",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4161"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4161"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4161",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4161"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113182.html"
},
{
"refsource": "MISC",
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-August/113218.html"
}
]
}

80
2013/4xxx/CVE-2013-4184.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4184",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "libdata-uuid-perl",
"product": {
"product_data": [
{
"product_name": "libdata-uuid-perl",
"version": {
"version_data": [
{
"version_value": "1.219"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Perl module Data::UUID from CPAN version 1.219 vulnerable to symlink attacks"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "attacks"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4184",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4184"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4184"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4184",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4184"
},
{
"refsource": "MISC",
"name": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2013-4184"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/07/31/4",
"url": "http://www.openwall.com/lists/oss-security/2013/07/31/4"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/61534",
"url": "http://www.securityfocus.com/bid/61534"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86103",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86103"
}
]
}

65
2013/4xxx/CVE-2013-4245.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4245",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Orca",
"product": {
"product_data": [
{
"product_name": "Orca",
"version": {
"version_data": [
{
"version_value": "3.14.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Orca has arbitrary code execution due to insecure Python module load"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution due to insecure CWD Python module load"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4245",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4245"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4245"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4245"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4245",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4245"
}
]
}

76
2013/4xxx/CVE-2013-4303.json
View File

@ -1,8 +1,8 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4303",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +11,77 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Wikimedia Foundation",
"product": {
"product_data": [
{
"product_name": "MediaWiki",
"version": {
"version_data": [
{
"version_value": "1.19.x before 1.19.8"
},
{
"version_value": "1.20.x before 1.20.7"
},
{
"version_value": "and 1.21.x before 1.21.2"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
},
{
"refsource": "MISC",
"name": "http://seclists.org/oss-sec/2013/q3/553",
"url": "http://seclists.org/oss-sec/2013/q3/553"
},
{
"refsource": "MISC",
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=52746"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/62194",
"url": "http://www.securityfocus.com/bid/62194"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86897"
}
]
}

55
2013/4xxx/CVE-2013-4318.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4318",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Features",
"product": {
"product_data": [
{
"product_name": "Features",
"version": {
"version_data": [
{
"version_value": "0.3.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "File injection vulnerability in Ruby gem Features 0.3.0 allows remote attackers to inject malicious html in the /tmp directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4318",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4318"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/09/10",
"url": "http://www.openwall.com/lists/oss-security/2013/09/09/10"
}
]
}

120
2013/4xxx/CVE-2013-4357.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4357",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "eglibc",
"product": {
"product_data": [
{
"product_name": "eglibc",
"version": {
"version_data": [
{
"version_value": "before 2.14"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,98 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4357",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4357"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4357"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4357"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4357",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4357"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/28/18",
"url": "http://www.openwall.com/lists/oss-security/2015/01/28/18"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/01/29/21",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/21"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2015/02/24/3",
"url": "http://www.openwall.com/lists/oss-security/2015/02/24/3"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95103"
},
{
"refsource": "MISC",
"name": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00020.html"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/4",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/4"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/09/17/8",
"url": "http://www.openwall.com/lists/oss-security/2013/09/17/8"
},
{
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/67992",
"url": "http://www.securityfocus.com/bid/67992"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-1",
"url": "http://www.ubuntu.com/usn/USN-2306-1"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-2",
"url": "http://www.ubuntu.com/usn/USN-2306-2"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2306-3",
"url": "http://www.ubuntu.com/usn/USN-2306-3"
}
]
}

15
2013/4xxx/CVE-2013-4449.json
View File

@ -116,6 +116,21 @@
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735"
},
{
"refsource": "CONFIRM",
"name": "https://support.apple.com/kb/HT210788",
"url": "https://support.apple.com/kb/HT210788"
},
{
"refsource": "BUGTRAQ",
"name": "20191211 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "https://seclists.org/bugtraq/2019/Dec/23"
},
{
"refsource": "FULLDISC",
"name": "20191213 APPLE-SA-2019-12-10-3 macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra",
"url": "http://seclists.org/fulldisclosure/2019/Dec/26"
}
]
}

80
2013/4xxx/CVE-2013-4532.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4532",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "qemu",
"product": {
"product_data": [
{
"product_name": "qemu",
"version": {
"version_data": [
{
"version_value": "1.1.2+dfsg to 2.1+dfsg"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Qemu 1.1.2+dfsg to 2.1+dfsg suffers from a buffer overrun which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4532",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4532"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532",
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532",
"refsource": "MISC",
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-4532"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4532",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4532"
},
{
"refsource": "MISC",
"name": "http://www.ubuntu.com/usn/USN-2342-1",
"url": "http://www.ubuntu.com/usn/USN-2342-1"
},
{
"refsource": "MISC",
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739589"
},
{
"refsource": "MISC",
"name": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2",
"url": "https://github.com/qemu/qemu/commit/2e1198672759eda6e122ff38fcf6df06f27e0fe2"
}
]
}

65
2013/4xxx/CVE-2013-4593.json
View File

@ -1,8 +1,31 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4593",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "omniauth-facebook",
"product": {
"product_data": [
{
"product_name": "omniauth-facebook",
"version": {
"version_data": [
{
"version_value": "<= 1.5.0"
}
]
}
}
]
}
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,43 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "RubyGem omniauth-facebook has an access token security vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "UNKNOWN_TYPE"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://security-tracker.debian.org/tracker/CVE-2013-4593",
"refsource": "MISC",
"name": "https://security-tracker.debian.org/tracker/CVE-2013-4593"
},
{
"url": "https://access.redhat.com/security/cve/cve-2013-4593",
"refsource": "MISC",
"name": "https://access.redhat.com/security/cve/cve-2013-4593"
},
{
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2013/11/18/6",
"url": "http://www.openwall.com/lists/oss-security/2013/11/18/6"
},
{
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89040",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89040"
}
]
}

53
2013/4xxx/CVE-2013-4621.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4621",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.securityfocus.com/bid/60761",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60761"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85252",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85252"
}
]
}

58
2013/4xxx/CVE-2013-4664.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4664",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SPBAS Business Automation Software 2012 has XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.offcon.org/research.html",
"refsource": "MISC",
"name": "http://www.offcon.org/research.html"
},
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/26244",
"url": "https://www.exploit-db.com/exploits/26244"
},
{
"refsource": "MISC",
"name": "https://www.exploit-database.net/?id=48229",
"url": "https://www.exploit-database.net/?id=48229"
}
]
}

53
2013/4xxx/CVE-2013-4665.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4665",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SPBAS Business Automation Software 2012 has CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://www.exploit-db.com/exploits/26244",
"url": "https://www.exploit-db.com/exploits/26244"
},
{
"refsource": "MISC",
"name": "https://www.exploit-database.net/?id=48229",
"url": "https://www.exploit-database.net/?id=48229"
}
]
}

48
2013/4xxx/CVE-2013-4691.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4691",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Sencha Labs Connect has XSS with connect.methodOverride()"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://github.com/senchalabs/connect/issues/831",
"refsource": "MISC",
"name": "http://github.com/senchalabs/connect/issues/831"
}
]
}

58
2013/4xxx/CVE-2013-4692.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4692",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122224/Xorbin-Analog-Flash-Clock-1.0-For-Joomla-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122224/Xorbin-Analog-Flash-Clock-1.0-For-Joomla-XSS.html"
},
{
"url": "http://www.securityfocus.com/bid/60860",
"refsource": "MISC",
"name": "http://www.securityfocus.com/bid/60860"
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85418",
"refsource": "MISC",
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85418"
}
]
}

48
2013/4xxx/CVE-2013-4693.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4693",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,28 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "WordPress Xorbin Digital Flash Clock 1.0 has XSS"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/122223/Xorbin-Digital-Flash-Clock-1.0-For-WordPress-XSS.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/122223/Xorbin-Digital-Flash-Clock-1.0-For-WordPress-XSS.html"
}
]
}

53
2013/4xxx/CVE-2013-4695.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4695",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://www.exploit-db.com/exploits/26557",
"refsource": "MISC",
"name": "http://www.exploit-db.com/exploits/26557"
},
{
"url": "http://www.securitytracker.com/id/1030107",
"refsource": "MISC",
"name": "http://www.securitytracker.com/id/1030107"
}
]
}

Some files were not shown because too many files have changed in this diff Show More