admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:55:54 +00:00
parent 269ddf4b6d
commit c63ce1c781
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3949 additions and 3949 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
2001/0xxx/CVE-2001-0451.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0451", "ID": "CVE-2001-0451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010307 INDEXU Authentication By-Pass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/167172" "lang": "eng",
}, "value": "INDEXU 2.0 beta and earlier allows remote attackers to bypass authentication and gain privileges by setting the cookie_admin_authenticated cookie value to 1."
{ }
"name" : "indexu-gain-access(6202)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6202" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010307 INDEXU Authentication By-Pass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/167172"
},
{
"name": "indexu-gain-access(6202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6202"
}
]
}
} }

138
2001/0xxx/CVE-2001-0613.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0613", "ID": "CVE-2001-0613",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010515 OmniHTTPd Pro Denial of Service Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html" "lang": "eng",
}, "value": "Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request."
{ }
"name" : "omnihttpd-post-dos(6540)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6540" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2730", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2730" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "2730",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2730"
},
{
"name": "omnihttpd-post-dos(6540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6540"
},
{
"name": "20010515 OmniHTTPd Pro Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html"
}
]
}
} }

148
2001/0xxx/CVE-2001-0720.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0720", "ID": "CVE-2001-0720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-053", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053" "lang": "eng",
}, "value": "Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled."
{ }
"name" : "M-013", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/m-013.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ie-mac-downloaded-file-execution(7336)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7336" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3471", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3471" ]
} },
] "references": {
} "reference_data": [
{
"name": "MS01-053",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053"
},
{
"name": "ie-mac-downloaded-file-execution(7336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7336"
},
{
"name": "M-013",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-013.shtml"
},
{
"name": "3471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3471"
}
]
}
} }

138
2001/0xxx/CVE-2001-0724.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0724", "ID": "CVE-2001-0724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the \"Zone Spoofing Vulnerability variant\" of CVE-2001-0664."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS01-055", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055" "lang": "eng",
}, "value": "Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the \"Zone Spoofing Vulnerability variant\" of CVE-2001-0664."
{ }
"name" : "5556", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/5556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ie-incorrect-security-zone-variant(8471)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8471" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "5556",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5556"
},
{
"name": "MS01-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055"
},
{
"name": "ie-incorrect-security-zone-variant(8471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8471"
}
]
}
} }

148
2001/0xxx/CVE-2001-0946.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0946", "ID": "CVE-2001-0946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "apmscript in Apmd in Red Hat 7.2 \"Enigma\" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011204 Symlink attack with apmd of RH 7.2", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=100743394701962&w=2" "lang": "eng",
}, "value": "apmscript in Apmd in Red Hat 7.2 \"Enigma\" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins."
{ }
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389", ]
"refsource" : "MISC", },
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "apmd-apmscript-symlink(8268)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8268" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5493", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5493" ]
} },
] "references": {
} "reference_data": [
{
"name": "apmd-apmscript-symlink(8268)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8268"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389"
},
{
"name": "20011204 Symlink attack with apmd of RH 7.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100743394701962&w=2"
},
{
"name": "5493",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5493"
}
]
}
} }

128
2001/0xxx/CVE-2001-0967.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0967", "ID": "CVE-2001-0967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010817 Arkeia Possible remote root & information leakage", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html" "lang": "eng",
}, "value": "Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password guessing."
{ }
"name" : "3204", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3204" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3204"
},
{
"name": "20010817 Arkeia Possible remote root & information leakage",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-08/0228.html"
}
]
}
} }

148
2001/1xxx/CVE-2001-1174.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1174", "ID": "CVE-2001-1174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "RHSA-2001:091", "description_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2001-091.html" "lang": "eng",
}, "value": "Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header."
{ }
"name" : "MDKSA-2001:067", ]
"refsource" : "MANDRAKE", },
"url" : "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "elm-messageid-bo(6852)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6852" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5451", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/5451" ]
} },
] "references": {
} "reference_data": [
{
"name": "5451",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5451"
},
{
"name": "RHSA-2001:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-091.html"
},
{
"name": "elm-messageid-bo(6852)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6852"
},
{
"name": "MDKSA-2001:067",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php"
}
]
}
} }

148
2001/1xxx/CVE-2001-1194.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1194", "ID": "CVE-2001-1194",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0140.html" "lang": "eng",
}, "value": "Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose size exceeds 64 kilobytes after reassembly."
{ }
"name" : "20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0190.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3695", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3695" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "prestige-dsl-packet-length-dos(7704)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7704" ]
} },
] "references": {
} "reference_data": [
{
"name": "20011218 Re: Zyxel Prestige 681 and 1600 (possibly other?) remote DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0190.html"
},
{
"name": "prestige-dsl-packet-length-dos(7704)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7704"
},
{
"name": "20011214 Zyxel Prestige 681 and 1600 (possibly other?) remote DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0140.html"
},
{
"name": "3695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3695"
}
]
}
} }

138
2001/1xxx/CVE-2001-1367.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1367", "ID": "CVE-2001-1367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://phpslice.org/comments.php?aid=1031&", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://phpslice.org/comments.php?aid=1031&" "lang": "eng",
}, "value": "The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges."
{ }
"name" : "20010719 [VulnWatch] Changelog maddness (14 various broken apps)", ]
"refsource" : "VULNWATCH", },
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpslice-checkaccess-function-privileges(9649)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9649" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20010719 [VulnWatch] Changelog maddness (14 various broken apps)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html"
},
{
"name": "http://phpslice.org/comments.php?aid=1031&",
"refsource": "CONFIRM",
"url": "http://phpslice.org/comments.php?aid=1031&"
},
{
"name": "phpslice-checkaccess-function-privileges(9649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9649"
}
]
}
} }

168
2006/2xxx/CVE-2006-2004.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2004", "ID": "CVE-2006-2004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060423 RIblog Remote SQL Injection Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/431868/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote attackers to execute arbitrary SQL command via the (1) username or (2) password fields."
{ }
"name" : "http://colander.altervista.org/advisory/riblog.txt", ]
"refsource" : "MISC", },
"url" : "http://colander.altervista.org/advisory/riblog.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17654", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17654" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-1489", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/1489" ]
}, },
{ "references": {
"name" : "19783", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19783" "name": "ADV-2006-1489",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/1489"
"name" : "riblog-login-sql-injection(26132)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26132" "name": "17654",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/17654"
} },
{
"name": "20060423 RIblog Remote SQL Injection Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/431868/100/0/threaded"
},
{
"name": "http://colander.altervista.org/advisory/riblog.txt",
"refsource": "MISC",
"url": "http://colander.altervista.org/advisory/riblog.txt"
},
{
"name": "19783",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19783"
},
{
"name": "riblog-login-sql-injection(26132)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26132"
}
]
}
} }

178
2006/2xxx/CVE-2006-2884.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2884", "ID": "CVE-2006-2884",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060605 Kmita FAQ v1.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435982/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter."
{ }
"name" : "18282", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/18282" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2006-2165", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2165" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1016226", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1016226" ]
}, },
{ "references": {
"name" : "20471", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20471" "name": "20471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20471"
"name" : "1055", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/1055" "name": "kmitafaq-index-sql-injection(26987)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26987"
"name" : "kmitafaq-index-sql-injection(26987)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26987" "name": "20060605 Kmita FAQ v1.0",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/435982/100/0/threaded"
} },
{
"name": "ADV-2006-2165",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2165"
},
{
"name": "1016226",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016226"
},
{
"name": "1055",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1055"
},
{
"name": "18282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18282"
}
]
}
} }

138
2006/2xxx/CVE-2006-2886.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2886", "ID": "CVE-2006-2886",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html" "lang": "eng",
}, "value": "view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS."
{ }
"name" : "26297", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/26297" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "knowledgetree-view-path-disclosure(26943)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26943" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "knowledgetree-view-path-disclosure(26943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26943"
},
{
"name": "26297",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26297"
},
{
"name": "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/knowledgetree-open-source-xss-vuln.html"
}
]
}
} }

148
2008/5xxx/CVE-2008-5215.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5215", "ID": "CVE-2008-5215",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5595", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5595" "lang": "eng",
}, "value": "SQL injection vulnerability in service/profil.php in ClanLite 2.2006.05.20 allows remote attackers to execute arbitrary SQL commands via the link parameter."
{ }
"name" : "29156", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29156" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4628", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4628" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "clanlite-profil-sql-injection(42330)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42330" ]
} },
] "references": {
} "reference_data": [
{
"name": "4628",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4628"
},
{
"name": "29156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29156"
},
{
"name": "clanlite-profil-sql-injection(42330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42330"
},
{
"name": "5595",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5595"
}
]
}
} }

148
2008/5xxx/CVE-2008-5528.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5528", "ID": "CVE-2008-5528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded" "lang": "eng",
}, "value": "Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
{ }
"name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4723", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4723" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "multiple-antivirus-mzheader-code-execution(47435)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435" ]
} },
] "references": {
} "reference_data": [
{
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name": "4723",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4723"
},
{
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
]
}
} }

138
2008/5xxx/CVE-2008-5902.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5902", "ID": "CVE-2008-5902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090112 CVE request: xrdp", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2009/01/12/3" "lang": "eng",
}, "value": "Buffer overflow in the xrdp_bitmap_invalidate function in xrdp/xrdp_bitmap.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via a crafted request."
{ }
"name" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SR:2009:003", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html"
},
{
"name": "[oss-security] 20090112 CVE request: xrdp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/12/3"
},
{
"name": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0812-advisories/VA_VD_87_08_XRDP.pdf"
}
]
}
} }

148
2008/5xxx/CVE-2008-5991.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5991", "ID": "CVE-2008-5991",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6552", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6552" "lang": "eng",
}, "value": "Directory traversal vulnerability in docs.php in MailWatch for MailScanner 1.0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the doc parameter."
{ }
"name" : "31378", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31378" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31994", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31994" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mailwatch-docs-file-include(45393)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45393" ]
} },
] "references": {
} "reference_data": [
{
"name": "31378",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31378"
},
{
"name": "6552",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6552"
},
{
"name": "31994",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31994"
},
{
"name": "mailwatch-docs-file-include(45393)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45393"
}
]
}
} }

188
2011/2xxx/CVE-2011-2022.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2022", "ID": "CVE-2011-2022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20110414 [PATCH] char: agp: fix arbitrary kernel memory writes", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lkml.org/lkml/2011/4/14/293" "lang": "eng",
}, "value": "The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745."
{ }
"name" : "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2011/04/21/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp", "description": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2011/04/22/7" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce", ]
"refsource" : "CONFIRM", }
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce" ]
}, },
{ "references": {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5" "name": "RHSA-2011:0927",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=698996", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=698996" "name": "[oss-security] 20110421 CVE request: kernel: buffer overflow and DoS issues in agp",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2011/04/21/4"
"name" : "RHSA-2011:0927", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=698996",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=698996"
"name" : "47843", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/47843" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce"
} },
{
"name": "[linux-kernel] 20110414 [PATCH] char: agp: fix arbitrary kernel memory writes",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2011/4/14/293"
},
{
"name": "[oss-security] 20110422 Re: CVE request: kernel: buffer overflow and DoS issues in agp",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/04/22/7"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.38.5"
},
{
"name": "47843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47843"
}
]
}
} }

158
2011/2xxx/CVE-2011-2088.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2088", "ID": "CVE-2011-2088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/518066/100/0/threaded" "lang": "eng",
}, "value": "XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in OpenSymphony WebWork, allows remote attackers to obtain potentially sensitive information about internal Java class paths via vectors involving an s:submit element and a nonexistent method, a different vulnerability than CVE-2011-1772.3."
{ }
"name" : "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html", ]
"refsource" : "MISC", },
"url" : "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html", "description": [
"refsource" : "MISC", {
"url" : "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.ventuneac.net/security-advisories/MVSA-11-006", ]
"refsource" : "MISC", }
"url" : "http://www.ventuneac.net/security-advisories/MVSA-11-006" ]
}, },
{ "references": {
"name" : "https://issues.apache.org/jira/browse/WW-3579", "reference_data": [
"refsource" : "MISC", {
"url" : "https://issues.apache.org/jira/browse/WW-3579" "name": "https://issues.apache.org/jira/browse/WW-3579",
} "refsource": "MISC",
] "url": "https://issues.apache.org/jira/browse/WW-3579"
} },
{
"name": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/Struts_2_XWork_WebWork_XSS_in_error_pages.html"
},
{
"name": "http://www.ventuneac.net/security-advisories/MVSA-11-006",
"refsource": "MISC",
"url": "http://www.ventuneac.net/security-advisories/MVSA-11-006"
},
{
"name": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html",
"refsource": "MISC",
"url": "http://secureappdev.blogspot.com/2011/05/apache-struts-2-xwork-webwork-reflected.html"
},
{
"name": "20110518 Apache Struts 2, XWork, OpenSymphony WebWork Java Class Path Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518066/100/0/threaded"
}
]
}
} }

138
2011/2xxx/CVE-2011-2638.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2638", "ID": "CVE-2011-2638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.opera.com/docs/changelogs/mac/1110/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/mac/1110/" "lang": "eng",
}, "value": "Unspecified vulnerability in Opera before 11.10 allows remote attackers to cause a denial of service (application crash) via unknown content on a web page, as demonstrated by games on zylom.com."
{ }
"name" : "http://www.opera.com/docs/changelogs/unix/1110/", ]
"refsource" : "CONFIRM", },
"url" : "http://www.opera.com/docs/changelogs/unix/1110/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.opera.com/docs/changelogs/windows/1110/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.opera.com/docs/changelogs/windows/1110/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/windows/1110/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1110/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1110/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1110/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1110/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1110/"
}
]
}
} }

32
2011/2xxx/CVE-2011-2670.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2670", "ID": "CVE-2011-2670",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

208
2011/2xxx/CVE-2011-2687.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2687", "ID": "CVE-2011-2687",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110711 CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/07/11/2" "lang": "eng",
}, "value": "Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table."
{ }
"name" : "[oss-security] 20110712 Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2011/07/12/16" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupal.org/node/1204582", ]
"refsource" : "CONFIRM", }
"url" : "http://drupal.org/node/1204582" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=717874", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=717874" "name": "FEDORA-2011-8879",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html"
"name" : "FEDORA-2011-8878", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html" "name": "45081",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/45081"
"name" : "FEDORA-2011-8879", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062714.html" "name": "48505",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/48505"
"name" : "48505", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/48505" "name": "FEDORA-2011-8878",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062722.html"
"name" : "45081", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45081" "name": "http://drupal.org/node/1204582",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/node/1204582"
"name" : "45291", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/45291" "name": "[oss-security] 20110712 Re: CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2011/07/12/16"
} },
{
"name": "[oss-security] 20110711 CVE Request -- Drupal 7 -- Access bypass in node listings (SA-CORE-2011-002)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/07/11/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633385"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=717874",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=717874"
},
{
"name": "45291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45291"
}
]
}
} }

128
2011/2xxx/CVE-2011-2882.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2882", "ID": "CVE-2011-2882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110714 Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=929" "lang": "eng",
}, "value": "Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data."
{ }
"name" : "8358", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/8358" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8358",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8358"
},
{
"name": "20110714 Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=929"
}
]
}
} }

188
2011/2xxx/CVE-2011-2988.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-2988", "ID": "CVE-2011-2988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html" "lang": "eng",
}, "value": "Buffer overflow in an unspecified string class in the WebGL shader implementation in Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x before 2.3, and possibly other products allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long source-code block for a shader."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665936", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=665936" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html" ]
}, },
{ "references": {
"name" : "SUSE-SA:2011:037", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-31.html"
"name" : "49242", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/49242" "name": "oval:org.mitre.oval:def:14270",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270"
"name" : "oval:org.mitre.oval:def:14270", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14270" "name": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2011/mfsa2011-33.html"
"name" : "49055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49055" "name": "SUSE-SA:2011:037",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2011-08/msg00023.html"
} },
{
"name": "49055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49055"
},
{
"name": "49242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49242"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=665936",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=665936"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-29.html"
}
]
}
} }

32
2011/3xxx/CVE-2011-3582.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3582", "ID": "CVE-2011-3582",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2011/3xxx/CVE-2011-3761.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3761", "ID": "CVE-2011-3761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "NuSOAP 0.9.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by nuSOAP/classes/class.wsdl.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "nusoap-classwsdl-path-disclosure(70611)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70611" ]
} },
] "references": {
} "reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/NuSOAP"
},
{
"name": "nusoap-classwsdl-path-disclosure(70611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70611"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
} }

118
2011/3xxx/CVE-2011-3861.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3861", "ID": "CVE-2011-3861",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sitewat.ch/en/Advisories/19", "description_data": [
"refsource" : "MISC", {
"url" : "https://sitewat.ch/en/Advisories/19" "lang": "eng",
} "value": "Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sitewat.ch/en/Advisories/19",
"refsource": "MISC",
"url": "https://sitewat.ch/en/Advisories/19"
}
]
}
} }

128
2011/3xxx/CVE-2011-3950.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2011-3950", "ID": "CVE-2011-3950",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813" "lang": "eng",
}, "value": "The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg before 0.10 allows remote attackers to have an unspecified impact via a crafted value in the reference pictures number."
{ }
"name" : "http://www.ffmpeg.org/security.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.ffmpeg.org/security.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ddf0c1d86ad8e1df5ab3265206aef493a1bdc813"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
}
]
}
} }

138
2013/0xxx/CVE-2013-0015.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-0015", "ID": "CVE-2013-0015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka \"Shift JIS Character Encoding Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-009", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not properly perform auto-selection of the Shift JIS encoding, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers cross-domain scrolling events, aka \"Shift JIS Character Encoding Vulnerability.\""
{ }
"name" : "TA13-043B", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043B.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16371", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16371" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-009"
},
{
"name": "oval:org.mitre.oval:def:16371",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16371"
},
{
"name": "TA13-043B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043B.html"
}
]
}
} }

178
2013/0xxx/CVE-2013-0274.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0274", "ID": "CVE-2013-0274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3" "lang": "eng",
}, "value": "upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service (application crash) by leveraging access to the local network."
{ }
"name" : "http://www.pidgin.im/news/security/?id=68", ]
"refsource" : "CONFIRM", },
"url" : "http://www.pidgin.im/news/security/?id=68" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0388", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0405", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0407", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html" "name": "SUSE-SU-2013:0388",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00003.html"
"name" : "USN-1746-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1746-1" "name": "http://www.pidgin.im/news/security/?id=68",
}, "refsource": "CONFIRM",
{ "url": "http://www.pidgin.im/news/security/?id=68"
"name" : "oval:org.mitre.oval:def:18221", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221" "name": "USN-1746-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1746-1"
} },
{
"name": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3",
"refsource": "CONFIRM",
"url": "http://hg.pidgin.im/pidgin/main/rev/ad7e7fb98db3"
},
{
"name": "openSUSE-SU-2013:0405",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00006.html"
},
{
"name": "openSUSE-SU-2013:0407",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00007.html"
},
{
"name": "oval:org.mitre.oval:def:18221",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18221"
}
]
}
} }

238
2013/0xxx/CVE-2013-0338.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0338", "ID": "CVE-2013-0338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=912400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=912400" "lang": "eng",
}, "value": "libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, aka \"internal entity expansion\" with linear complexity."
{ }
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab", ]
"refsource" : "CONFIRM", },
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2652", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2652" ]
}, },
{ "references": {
"name" : "HPSBGN03302", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142798889927587&w=2" "name": "52662",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52662"
"name" : "SSRT101996", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=142798889927587&w=2" "name": "openSUSE-SU-2013:0555",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html"
"name" : "MDVSA-2013:056", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056" "name": "SUSE-SU-2013:1627",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html"
"name" : "openSUSE-SU-2013:0552", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=912400",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=912400"
"name" : "openSUSE-SU-2013:0555", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00114.html" "name": "openSUSE-SU-2013:0552",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00112.html"
"name" : "SUSE-SU-2013:1627", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00002.html" "name": "SSRT101996",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"
"name" : "USN-1782-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1782-1" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
"name" : "52662", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52662" "name": "DSA-2652",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2652"
"name" : "55568", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55568" "name": "HPSBGN03302",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=142798889927587&w=2"
} },
{
"name": "55568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55568"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=23f05e0c33987d6605387b300c4be5da2120a7ab"
},
{
"name": "USN-1782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1782-1"
},
{
"name": "MDVSA-2013:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:056"
}
]
}
} }

188
2013/0xxx/CVE-2013-0618.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-0618", "ID": "CVE-2013-0618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a \"logic error,\" a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code via unspecified vectors, related to a \"logic error,\" a different vulnerability than CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, and CVE-2013-0614."
{ }
"name" : "GLSA-201308-03", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0150", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:0044", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2013:0047", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" "name": "SUSE-SU-2013:0044",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
"name" : "openSUSE-SU-2013:0138", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" "name": "oval:org.mitre.oval:def:15822",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15822"
"name" : "openSUSE-SU-2013:0193", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" "name": "SUSE-SU-2013:0047",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
"name" : "oval:org.mitre.oval:def:15822", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15822" "name": "openSUSE-SU-2013:0193",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
} },
{
"name": "openSUSE-SU-2013:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
},
{
"name": "RHSA-2013:0150",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
} }

178
2013/1xxx/CVE-2013-1668.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-1668", "ID": "CVE-2013-1668",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130306 OS Command Injection in CosCms", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html" "lang": "eng",
}, "value": "The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file."
{ }
"name" : "24629", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/24629" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.htbridge.com/advisory/HTB23145", "description": [
"refsource" : "MISC", {
"url" : "https://www.htbridge.com/advisory/HTB23145" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.coscms.org/blog/view/4/Version-1.822", ]
"refsource" : "CONFIRM", }
"url" : "http://www.coscms.org/blog/view/4/Version-1.822" ]
}, },
{ "references": {
"name" : "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c" "name": "90927",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/90927"
"name" : "58332", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58332" "name": "http://www.coscms.org/blog/view/4/Version-1.822",
}, "refsource": "CONFIRM",
{ "url": "http://www.coscms.org/blog/view/4/Version-1.822"
"name" : "90927", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/90927" "name": "58332",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/58332"
} },
{
"name": "https://www.htbridge.com/advisory/HTB23145",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23145"
},
{
"name": "20130306 OS Command Injection in CosCms",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html"
},
{
"name": "24629",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24629"
},
{
"name": "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c",
"refsource": "CONFIRM",
"url": "https://github.com/diversen/gallery/commit/7d58f870e8edc6597485dd1b80ea9fb78580190c"
}
]
}
} }

208
2013/1xxx/CVE-2013-1789.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1789", "ID": "CVE-2013-1789",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/02/28/4" "lang": "eng",
}, "value": "splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransformMask, (2) Splash::blitMask, and (3) Splash::scaleMaskYuXu functions."
{ }
"name" : "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/02/28/8" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://j00ru.vexillium.org/?p=1507", "description": [
"refsource" : "MISC", {
"url" : "http://j00ru.vexillium.org/?p=1507" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec", ]
"refsource" : "CONFIRM", }
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec" ]
}, },
{ "references": {
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2" "name": "FEDORA-2013-3457",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=917109", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=917109" "name": "FEDORA-2013-3473",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html"
"name" : "FEDORA-2013-3457", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100090.html" "name": "USN-1785-1",
}, "refsource": "UBUNTU",
{ "url": "http://ubuntu.com/usn/usn-1785-1"
"name" : "FEDORA-2013-3473", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-March/100081.html" "name": "http://j00ru.vexillium.org/?p=1507",
}, "refsource": "MISC",
{ "url": "http://j00ru.vexillium.org/?p=1507"
"name" : "USN-1785-1", },
"refsource" : "UBUNTU", {
"url" : "http://ubuntu.com/usn/usn-1785-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=917109",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=917109"
"name" : "52846", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52846" "name": "52846",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/52846"
} },
{
"name": "[oss-security] 20130228 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/8"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a205e71a2dbe0c8d4f4905a76a3f79ec522eacec"
},
{
"name": "[oss-security] 20130227 Re: CVE Request: poppler 0.22.1 security fixes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/28/4"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?h=poppler-0.22&id=a9b8ab4657dec65b8b86c225d12c533ad7e984e2"
}
]
}
} }

188
2013/1xxx/CVE-2013-1942.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-1942", "ID": "CVE-2013-1942",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130421 Vulnerabilities in jPlayer", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Apr/192" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) jQuery or (2) id parameters, as demonstrated using document.write in the jQuery parameter, a different vulnerability than CVE-2013-2022 and CVE-2013-2023."
{ }
"name" : "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS", ]
"refsource" : "MLIST", },
"url" : "http://marc.info/?l=oss-security&m=136570964825921&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=136726705917858&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS", ]
"refsource" : "MLIST", }
"url" : "http://marc.info/?l=oss-security&m=136773622321563&w=2" ]
}, },
{ "references": {
"name" : "http://www.jplayer.org/2.3.0/release-notes/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.jplayer.org/2.3.0/release-notes/" "name": "59030",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/59030"
"name" : "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d" "name": "[oss-security] 20130505 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=136773622321563&w=2"
"name" : "http://owncloud.org/about/security/advisories/oC-SA-2013-014/", },
"refsource" : "CONFIRM", {
"url" : "http://owncloud.org/about/security/advisories/oC-SA-2013-014/" "name": "[oss-security] 20130411 CVE-2013-1942 jPlayer 2.2.19 XSS",
}, "refsource": "MLIST",
{ "url": "http://marc.info/?l=oss-security&m=136570964825921&w=2"
"name" : "59030", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59030" "name": "http://www.jplayer.org/2.3.0/release-notes/",
} "refsource": "CONFIRM",
] "url": "http://www.jplayer.org/2.3.0/release-notes/"
} },
{
"name": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/about/security/advisories/oC-SA-2013-014/"
},
{
"name": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d",
"refsource": "CONFIRM",
"url": "https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d"
},
{
"name": "20130421 Vulnerabilities in jPlayer",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Apr/192"
},
{
"name": "[oss-security] 20130429 Re: CVE-2013-1942 jPlayer 2.2.19 XSS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=136726705917858&w=2"
}
]
}
} }

168
2013/4xxx/CVE-2013-4223.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4223", "ID": "CVE-2013-4223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q3/337" "lang": "eng",
}, "value": "The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file."
{ }
"name" : "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2013/q3/339" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=480376", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=480376" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61743", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/61743" ]
}, },
{ "references": {
"name" : "96177", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/96177" "name": "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes",
}, "refsource": "MLIST",
{ "url": "http://seclists.org/oss-sec/2013/q3/337"
"name" : "nullmailer-cve20134223-insecure-permissions(86384)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86384" "name": "nullmailer-cve20134223-insecure-permissions(86384)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86384"
} },
{
"name": "[oss-security] 20130809 Re: CVE request: nullmailer world readable /etc/nullmailer/remotes",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/339"
},
{
"name": "61743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61743"
},
{
"name": "96177",
"refsource": "OSVDB",
"url": "http://osvdb.org/96177"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=480376",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=480376"
}
]
}
} }

158
2013/5xxx/CVE-2013-5329.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-5329", "ID": "CVE-2013-5329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-26.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-26.html" "lang": "eng",
}, "value": "Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330."
{ }
"name" : "RHSA-2013:1518", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1518.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:1716", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00015.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:1717", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00016.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1737", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00019.html" "name": "RHSA-2013:1518",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1518.html"
} },
{
"name": "SUSE-SU-2013:1716",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00015.html"
},
{
"name": "openSUSE-SU-2013:1717",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00016.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-26.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-26.html"
},
{
"name": "openSUSE-SU-2013:1737",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00019.html"
}
]
}
} }

148
2013/5xxx/CVE-2013-5385.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5385", "ID": "CVE-2013-5385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309" "lang": "eng",
}, "value": "The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kb.cert.org/vuls/id/BLUU-985QTG", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/BLUU-985QTG" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#229804", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/229804" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=nas8N1010309"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1019716"
},
{
"name": "VU#229804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/229804"
},
{
"name": "http://www.kb.cert.org/vuls/id/BLUU-985QTG",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/BLUU-985QTG"
}
]
}
} }

118
2013/5xxx/CVE-2013-5478.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-5478", "ID": "CVE-2013-5478",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130925 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp" "lang": "eng",
} "value": "Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via crafted UDP RSVP packets, aka Bug ID CSCuf17023."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130925 Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp"
}
]
}
} }

158
2013/5xxx/CVE-2013-5952.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5952", "ID": "CVE-2013-5952",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20140315 [CVE-2013-5952] Multiple Cross Site Scripting Vulnerabilities in Freichat", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0275.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) xhash parameter to client/chat.php or (3) toname parameter to client/plugins/upload/upload.php."
{ }
"name" : "http://packetstormsecurity.com/files/125737", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/125737" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "66254", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66254" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57361", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/57361" ]
}, },
{ "references": {
"name" : "freichat-cve20135952-xss(91824)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/91824" "name": "57361",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/57361"
} },
{
"name": "http://packetstormsecurity.com/files/125737",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/125737"
},
{
"name": "66254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66254"
},
{
"name": "20140315 [CVE-2013-5952] Multiple Cross Site Scripting Vulnerabilities in Freichat",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2014-03/0275.html"
},
{
"name": "freichat-cve20135952-xss(91824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91824"
}
]
}
} }

32
2014/2xxx/CVE-2014-2225.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2225", "ID": "CVE-2014-2225",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2017/0xxx/CVE-2017-0292.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-0292", "ID": "CVE-2017-0292",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows PDF", "product_name": "Windows PDF",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016" "version_value": "Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0291."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292" "lang": "eng",
}, "value": "Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows remote code execution if a user opens a specially crafted PDF file, aka \"Windows PDF Remote Code Execution Vulnerability\". This CVE ID is unique from CVE-2017-0291."
{ }
"name" : "98836", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98836" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038678", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038678" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "98836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98836"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0292"
},
{
"name": "1038678",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038678"
}
]
}
} }

122
2017/1000xxx/CVE-2017-1000020.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-05-06T20:43:28.271028", "DATE_ASSIGNED": "2017-05-06T20:43:28.271028",
"ID" : "CVE-2017-1000020", "ID": "CVE-2017-1000020",
"REQUESTER" : "niteshvai67@gmail.com", "REQUESTER": "niteshvai67@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "eCos Embedded - SOHO Routers manufactured by TOTOLINK, GREATEK and others.", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1 and other" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ECos" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ecos.sourceware.org/ecos/problemreport.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://ecos.sourceware.org/ecos/problemreport.html" "lang": "eng",
} "value": "SYN Flood or FIN Flood attack in ECos 1 and other versions embedded devices results in web Authentication Bypass. \"eCos Embedded Web Servers used by Multiple Routers and Home devices, while sending SYN Flood or FIN Flood packets fails to validate and handle the packets and does not ask for any sign of authentication resulting in Authentication Bypass. An attacker can take complete advantage of this bug and take over the device remotely or locally. The bug has been successfully tested and reproduced in some versions of SOHO Routers manufactured by TOTOLINK, GREATEK and others.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ecos.sourceware.org/ecos/problemreport.html",
"refsource": "MISC",
"url": "http://ecos.sourceware.org/ecos/problemreport.html"
}
]
}
} }

132
2017/1000xxx/CVE-2017-1000477.json
View File

@ -1,69 +1,69 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2017-12-29", "DATE_ASSIGNED": "2017-12-29",
"ID" : "CVE-2017-1000477", "ID": "CVE-2017-1000477",
"REQUESTER" : "sajeeb.lohani@bulletproof.sh", "REQUESTER": "sajeeb.lohani@bulletproof.sh",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "XMLBundle", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "0.1.7" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "XMLBundle" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/pravednik/xmlBundle", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/pravednik/xmlBundle" "lang": "eng",
}, "value": "XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks."
{ }
"name" : "https://github.com/pravednik/xmlBundle/issues/2", ]
"refsource" : "MISC", },
"url" : "https://github.com/pravednik/xmlBundle/issues/2" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pravednik/xmlBundle",
"refsource": "MISC",
"url": "https://github.com/pravednik/xmlBundle"
},
{
"name": "https://github.com/pravednik/xmlBundle/issues/2",
"refsource": "MISC",
"url": "https://github.com/pravednik/xmlBundle/issues/2"
}
]
}
} }

178
2017/12xxx/CVE-2017-12985.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12985", "ID": "CVE-2017-12985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tcpdump.org/tcpdump-changes.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.tcpdump.org/tcpdump-changes.txt" "lang": "eng",
}, "value": "The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in print-ip6.c:ip6_print()."
{ }
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208221", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3971", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3971" ]
}, },
{ "references": {
"name" : "GLSA-201709-23", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201709-23" "name": "GLSA-201709-23",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201709-23"
"name" : "RHEA-2018:0705", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHEA-2018:0705" "name": "https://support.apple.com/HT208221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208221"
"name" : "1039307", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039307" "name": "DSA-3971",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2017/dsa-3971"
} },
{
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/66df248b49095c261138b5a5e34d341a6bf9ac7f"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
} }

208
2017/13xxx/CVE-2017-13672.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13672", "ID": "CVE-2017-13672",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/08/30/3" "lang": "eng",
}, "value": "QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update."
{ }
"name" : "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions", ]
"refsource" : "MLIST", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1486560", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1486560" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-3991", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-3991" ]
}, },
{ "references": {
"name" : "RHSA-2018:0816", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0816" "name": "RHSA-2018:2162",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2162"
"name" : "RHSA-2018:1104", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1104" "name": "[qemu-devel] 20170824 [PATCH] vga: stop passing pointers to vga_draw_line* functions",
}, "refsource": "MLIST",
{ "url": "https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html"
"name" : "RHSA-2018:1113", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1113" "name": "RHSA-2018:0816",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0816"
"name" : "RHSA-2018:2162", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2162" "name": "DSA-3991",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3991"
"name" : "USN-3575-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3575-1/" "name": "RHSA-2018:1104",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1104"
"name" : "100540", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100540" "name": "RHSA-2018:1113",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:1113"
} },
{
"name": "USN-3575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3575-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1486560"
},
{
"name": "100540",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100540"
},
{
"name": "[oss-security] 20170830 CVE-2017-13672 Qemu: vga: OOB read access during display update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/08/30/3"
}
]
}
} }

130
2017/16xxx/CVE-2017-16006.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16006", "ID": "CVE-2017-16006",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "remarkable node module", "product_name": "remarkable node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=1.6.2" "version_value": "<=1.6.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/jonschlinkert/remarkable/issues/227", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/jonschlinkert/remarkable/issues/227" "lang": "eng",
}, "value": "Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript."
{ }
"name" : "https://nodesecurity.io/advisories/319", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/319" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Generic (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jonschlinkert/remarkable/issues/227",
"refsource": "MISC",
"url": "https://github.com/jonschlinkert/remarkable/issues/227"
},
{
"name": "https://nodesecurity.io/advisories/319",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/319"
}
]
}
} }

32
2017/16xxx/CVE-2017-16422.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16422", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16422",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4031.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4031", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4031",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4220.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4220", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4220",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4249.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4249", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4249",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4828.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4828", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4828",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

264
2018/18xxx/CVE-2018-18813.json
View File

@ -1,135 +1,135 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@tibco.com", "ASSIGNER": "security@tibco.com",
"DATE_PUBLIC" : "2019-01-16T17:00:00.000Z", "DATE_PUBLIC": "2019-01-16T17:00:00.000Z",
"ID" : "CVE-2018-18813", "ID": "CVE-2018-18813",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities" "TITLE": "TIBCO Spotfire Reflected and Persistent Cross-Site Scripting Vulnerabilities"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TIBCO Spotfire Analytics Platform for AWS Marketplace", "product_name": "TIBCO Spotfire Analytics Platform for AWS Marketplace",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "10.0.0" "version_value": "10.0.0"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO Spotfire Server", "product_name": "TIBCO Spotfire Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "7.10.1" "version_value": "7.10.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.11.0" "version_value": "7.11.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.11.1" "version_value": "7.11.1"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.12.0" "version_value": "7.12.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.13.0" "version_value": "7.13.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "7.14.0" "version_value": "7.14.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "10.0.0" "version_value": "10.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "TIBCO Software Inc." "vendor_name": "TIBCO Software Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.tibco.com/services/support/advisories", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.tibco.com/services/support/advisories" "lang": "eng",
}, "value": "The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks. Affected releases are TIBCO Software Inc. TIBCO Spotfire Analytics Platform for AWS Marketplace: versions up to and including 10.0.0, and TIBCO Spotfire Server: versions up to and including 7.10.1; 7.11.0; 7.11.1; 7.12.0; 7.13.0; 7.14.0; 10.0.0."
{ }
"name" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813", ]
"refsource" : "CONFIRM", },
"url" : "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813" "impact": {
}, "cvss": {
{ "attackComplexity": "LOW",
"name" : "106635", "attackVector": "NETWORK",
"refsource" : "BID", "availabilityImpact": "HIGH",
"url" : "http://www.securityfocus.com/bid/106635" "baseScore": 8.8,
} "baseSeverity": "HIGH",
] "confidentialityImpact": "HIGH",
}, "integrityImpact": "HIGH",
"solution" : [ "privilegesRequired": "NONE",
{ "scope": "UNCHANGED",
"lang" : "eng", "userInteraction": "REQUIRED",
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n" "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
} "version": "3.0"
], }
"source" : { },
"discovery" : "USER" "problemtype": {
} "problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact of this vulnerability includes the theoretical possibility that an unauthenticated attacker could perform administrative functions provided by the web interface of the affected component."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106635"
},
{
"name": "http://www.tibco.com/services/support/advisories",
"refsource": "MISC",
"url": "http://www.tibco.com/services/support/advisories"
},
{
"name": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2019/01/tibco-security-advisory-january-16-2019-tibco-spotfire-2018-18813"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO Spotfire Analytics Platform for AWS Marketplace versions 10.0.0 and below update to version 10.0.1 or higher\nTIBCO Spotfire Server versions 7.10.1 and below update to version 7.10.2 or higher\nTIBCO Spotfire Server versions 7.11.0, and 7.11.1 update to version 7.11.2 or higher\nTIBCO Spotfire Server versions 7.12.0, 7.13.0, 7.14.0, and 10.0.0 update to version 10.0.1 or higher\n"
}
],
"source": {
"discovery": "USER"
}
} }

128
2018/5xxx/CVE-2018-5041.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-5041", "ID": "CVE-2018-5041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "1041250", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041250" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
}
]
}
} }

138
2018/5xxx/CVE-2018-5046.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-5046", "ID": "CVE-2018-5046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "104699", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104699" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041250", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041250" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "104699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104699"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
}
]
}
} }

148
2018/5xxx/CVE-2018-5804.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2018-5804", "ID": "CVE-2018-5804",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LibRaw", "product_name": "LibRaw",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Prior to 0.18.8" "version_value": "Prior to 0.18.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A type confusion error within the \"identify()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS (Denial of Service) through division by zero"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" "lang": "eng",
}, "value": "A type confusion error within the \"identify()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero."
{ }
"name" : "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff", ]
"refsource" : "MISC", },
"url" : "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/", "description": [
"refsource" : "MISC", {
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/" "lang": "eng",
}, "value": "DoS (Denial of Service) through division by zero"
{ }
"name" : "81000", ]
"refsource" : "SECUNIA", }
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/81000/" ]
} },
] "references": {
} "reference_data": [
{
"name": "81000",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81000/"
},
{
"name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"name": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/commit/9f26ce37f5be86ea11bfc6831366558650b1f6ff"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-3/"
}
]
}
} }

148
2018/5xxx/CVE-2018-5809.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "PSIRT-CNA@flexerasoftware.com", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2018-5809", "ID": "CVE-2018-5809",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LibRaw", "product_name": "LibRaw",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Prior to 0.18.9" "version_value": "Prior to 0.18.9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An error within the \"LibRaw::parse_exif()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary code execution through stack-based buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt" "lang": "eng",
}, "value": "An error within the \"LibRaw::parse_exif()\" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code."
{ }
"name" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9", ]
"refsource" : "MISC", },
"url" : "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/", "description": [
"refsource" : "MISC", {
"url" : "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/" "lang": "eng",
}, "value": "Arbitrary code execution through stack-based buffer overflow"
{ }
"name" : "81800", ]
"refsource" : "SECUNIA", }
"url" : "https://secuniaresearch.flexerasoftware.com/advisories/81800/" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/blob/master/Changelog.txt"
},
{
"name": "81800",
"refsource": "SECUNIA",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/81800/"
},
{
"name": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2018-9/"
}
]
}
} }