admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:02:00 +00:00
parent 584121c3fb
commit cd8d1d0d9e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3380 additions and 3380 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2001/0xxx/CVE-2001-0021.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html"
},
{
"name" : "http://www.endymion.com/products/mailman/history.htm",
"refsource" : "CONFIRM",
"url" : "http://www.endymion.com/products/mailman/history.htm"
},
{
"name" : "2063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2063"
},
{
"name" : "mailman-alternate-templates(5649)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.endymion.com/products/mailman/history.htm",
"refsource": "CONFIRM",
"url": "http://www.endymion.com/products/mailman/history.htm"
},
{
"name": "2063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2063"
},
{
"name": "20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html"
},
{
"name": "mailman-alternate-templates(5649)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5649"
}
]
}
}

150
2001/0xxx/CVE-2001-0319.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010205 IBM NetCommerce Security",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name" : "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html",
"refsource" : "CONFIRM",
"url" : "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name" : "2350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2350"
},
{
"name" : "ibm-netcommerce-reveal-information(6067)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html",
"refsource": "CONFIRM",
"url": "http://www-4.ibm.com/software/webservers/commerce/netcomletter.html"
},
{
"name": "20010205 IBM NetCommerce Security",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html"
},
{
"name": "2350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2350"
},
{
"name": "ibm-netcommerce-reveal-information(6067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6067"
}
]
}
}

150
2001/0xxx/CVE-2001-0738.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=99258618906506&w=2"
},
{
"name" : "VU#249579",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/249579"
},
{
"name" : "IMNX-2001-70-026-01",
"refsource" : "IMMUNIX",
"url" : "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name" : "klogd-null-byte-dos(7098)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IMNX-2001-70-026-01",
"refsource": "IMMUNIX",
"url": "http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01"
},
{
"name": "VU#249579",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/249579"
},
{
"name": "klogd-null-byte-dos(7098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7098"
},
{
"name": "20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99258618906506&w=2"
}
]
}
}

140
2001/1xxx/CVE-2001-1085.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010705 lmail local root exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/195022"
},
{
"name" : "lmail-tmpfile-symlink(6809)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6809"
},
{
"name" : "2984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2984"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lmail-tmpfile-symlink(6809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6809"
},
{
"name": "20010705 lmail local root exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/195022"
},
{
"name": "2984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2984"
}
]
}
}

170
2001/1xxx/CVE-2001-1109.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010912 EFTP Version 2.0.7.337 vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/213647"
},
{
"name" : "http://www.eftp.org/releasehistory.html",
"refsource" : "MISC",
"url" : "http://www.eftp.org/releasehistory.html"
},
{
"name" : "eftp-list-directory-traversal(7113)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7113"
},
{
"name" : "eftp-quote-reveal-information(7114)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7114"
},
{
"name" : "3331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3331"
},
{
"name" : "3333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3333"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eftp.org/releasehistory.html",
"refsource": "MISC",
"url": "http://www.eftp.org/releasehistory.html"
},
{
"name": "eftp-list-directory-traversal(7113)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7113"
},
{
"name": "eftp-quote-reveal-information(7114)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7114"
},
{
"name": "3331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3331"
},
{
"name": "20010912 EFTP Version 2.0.7.337 vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/213647"
},
{
"name": "3333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3333"
}
]
}
}

180
2006/2xxx/CVE-2006-2993.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html"
},
{
"name" : "18418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18418"
},
{
"name" : "ADV-2006-2244",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2244"
},
{
"name" : "26281",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26281"
},
{
"name" : "26282",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26282"
},
{
"name" : "20554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20554"
},
{
"name" : "myphoto-displayview-sql-injection(27087)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27087"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2244",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2244"
},
{
"name": "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html"
},
{
"name": "26282",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26282"
},
{
"name": "myphoto-displayview-sql-injection(27087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27087"
},
{
"name": "26281",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26281"
},
{
"name": "20554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20554"
},
{
"name": "18418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18418"
}
]
}
}

320
2008/1xxx/CVE-2008-1218.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080312 rPSA-2008-0108-1 dovecot",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489481/100/0/threaded"
},
{
"name" : "5257",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5257"
},
{
"name" : "[Dovecot-news] 20080309 v1.0.13 and v1.1.rc3 released",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot-news/2008-March/000065.html"
},
{
"name" : "[Dovecot-news] 20080309 Security hole #6: Some passdbs allowed users to log in without a valid password",
"refsource" : "MLIST",
"url" : "http://www.dovecot.org/list/dovecot-news/2008-March/000064.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108",
"refsource" : "MISC",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2341",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2341"
},
{
"name" : "DSA-1516",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1516"
},
{
"name" : "FEDORA-2008-2464",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html"
},
{
"name" : "FEDORA-2008-2475",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html"
},
{
"name" : "GLSA-200803-25",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200803-25.xml"
},
{
"name" : "SUSE-SR:2008:020",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name" : "USN-593-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/593-1/"
},
{
"name" : "28181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28181"
},
{
"name" : "29295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29295"
},
{
"name" : "29226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29226"
},
{
"name" : "29364",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29364"
},
{
"name" : "29385",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29385"
},
{
"name" : "29396",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29396"
},
{
"name" : "29557",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29557"
},
{
"name" : "32151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32151"
},
{
"name" : "dovecot-tab-authentication-bypass(41085)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-25.xml"
},
{
"name": "29295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29295"
},
{
"name": "dovecot-tab-authentication-bypass(41085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41085"
},
{
"name": "5257",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5257"
},
{
"name": "29557",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29557"
},
{
"name": "DSA-1516",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1516"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0108"
},
{
"name": "USN-593-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/593-1/"
},
{
"name": "FEDORA-2008-2475",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00381.html"
},
{
"name": "29364",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29364"
},
{
"name": "SUSE-SR:2008:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-2341",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2341"
},
{
"name": "[Dovecot-news] 20080309 Security hole #6: Some passdbs allowed users to log in without a valid password",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot-news/2008-March/000064.html"
},
{
"name": "[Dovecot-news] 20080309 v1.0.13 and v1.1.rc3 released",
"refsource": "MLIST",
"url": "http://www.dovecot.org/list/dovecot-news/2008-March/000065.html"
},
{
"name": "29226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29226"
},
{
"name": "20080312 rPSA-2008-0108-1 dovecot",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489481/100/0/threaded"
},
{
"name": "32151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32151"
},
{
"name": "29385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29385"
},
{
"name": "FEDORA-2008-2464",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00358.html"
},
{
"name": "28181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28181"
},
{
"name": "29396",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29396"
}
]
}
}

230
2008/5xxx/CVE-2008-5660.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081209 CORE-2008-1127 - Vinagre show_error() format string vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499057/100/0/threaded"
},
{
"name" : "7401",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7401"
},
{
"name" : "http://www.coresecurity.com/content/vinagre-format-string",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/vinagre-format-string"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=475070",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=475070"
},
{
"name" : "FEDORA-2008-10932",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html"
},
{
"name" : "FEDORA-2008-10941",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html"
},
{
"name" : "MDVSA-2008:240",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:240"
},
{
"name" : "USN-689-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-689-1"
},
{
"name" : "33046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33046"
},
{
"name" : "ADV-2008-3362",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3362"
},
{
"name" : "33041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33041"
},
{
"name" : "33082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7401",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7401"
},
{
"name": "FEDORA-2008-10932",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html"
},
{
"name": "20081209 CORE-2008-1127 - Vinagre show_error() format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499057/100/0/threaded"
},
{
"name": "33041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33041"
},
{
"name": "http://www.coresecurity.com/content/vinagre-format-string",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vinagre-format-string"
},
{
"name": "33082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33082"
},
{
"name": "MDVSA-2008:240",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:240"
},
{
"name": "ADV-2008-3362",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3362"
},
{
"name": "33046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33046"
},
{
"name": "FEDORA-2008-10941",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html"
},
{
"name": "USN-689-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-689-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=475070",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=475070"
}
]
}
}

140
2008/5xxx/CVE-2008-5815.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7621",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7621"
},
{
"name" : "33055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33055"
},
{
"name" : "4859",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Acomment.php in phpAlumni allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33055"
},
{
"name": "4859",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4859"
},
{
"name": "7621",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7621"
}
]
}
}

140
2008/5xxx/CVE-2008-5967.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5967",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5967",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6519",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6519"
},
{
"name" : "31944",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31944"
},
{
"name" : "phpicalendar-index-file-upload(48323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not require administrative authentication for an addupdate action, which allows remote attackers to upload a calendar (aka .ics) file with arbitrary content to the calendars/ directory outside the web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6519",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6519"
},
{
"name": "31944",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31944"
},
{
"name": "phpicalendar-index-file-upload(48323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48323"
}
]
}
}

240
2011/2xxx/CVE-2011-2193.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110713 Torque Server Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
},
{
"name" : "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
},
{
"name" : "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=711463",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
},
{
"name" : "DSA-2329",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2329"
},
{
"name" : "FEDORA-2011-8117",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
},
{
"name" : "FEDORA-2011-8072",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
},
{
"name" : "48374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/48374"
},
{
"name" : "45039",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45039"
},
{
"name" : "45040",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45040"
},
{
"name" : "8304",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8304"
},
{
"name" : "torque-hostnames-bo(68152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
},
{
"name" : "torque-jobnames-bo(68151)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) 2.x before 2.4.14, 2.5.x before 2.5.6, and 3.x before 3.0.2 allow (1) remote authenticated users to gain privileges via a long Job_Name field in a qsub command to the server, and might allow (2) local users to gain privileges via vectors involving a long host variable in pbs_iff."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2011-8117",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061645.html"
},
{
"name": "DSA-2329",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2329"
},
{
"name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.5.6.CHANGELOG"
},
{
"name": "45039",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45039"
},
{
"name": "FEDORA-2011-8072",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062638.html"
},
{
"name": "20110713 Torque Server Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/518885/100/0/threaded"
},
{
"name": "45040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45040"
},
{
"name": "8304",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8304"
},
{
"name": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.clusterresources.com/downloads/torque/CHANGELOGS/torque-2.4.14.CHANGELOG"
},
{
"name": "48374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/48374"
},
{
"name": "torque-hostnames-bo(68152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68152"
},
{
"name": "torque-jobnames-bo(68151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/68151"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=711463",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=711463"
}
]
}
}

210
2011/2xxx/CVE-2011-2366.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[whatwg] 20110314 Canvas and drawWindow",
"refsource" : "MLIST",
"url" : "http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html"
},
{
"name" : "http://www.contextis.co.uk/resources/blog/webgl/",
"refsource" : "MISC",
"url" : "http://www.contextis.co.uk/resources/blog/webgl/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655987",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=655987"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=656277",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=656277"
},
{
"name" : "https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures",
"refsource" : "CONFIRM",
"url" : "https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures"
},
{
"name" : "https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/",
"refsource" : "CONFIRM",
"url" : "https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/"
},
{
"name" : "http://www.mozilla.org/security/announce/2011/mfsa2011-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2011/mfsa2011-25.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=659349",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=659349"
},
{
"name" : "SUSE-SA:2011:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name" : "oval:org.mitre.oval:def:14221",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Gecko before 5.0, as used in Firefox before 5.0 and Thunderbird before 5.0, does not block use of a cross-domain image as a WebGL texture, which allows remote attackers to obtain approximate copies of arbitrary images via a timing attack involving a crafted WebGL fragment shader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=655987",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=655987"
},
{
"name": "oval:org.mitre.oval:def:14221",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14221"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=659349",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=659349"
},
{
"name": "https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/",
"refsource": "CONFIRM",
"url": "https://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/"
},
{
"name": "SUSE-SA:2011:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00001.html"
},
{
"name": "http://www.contextis.co.uk/resources/blog/webgl/",
"refsource": "MISC",
"url": "http://www.contextis.co.uk/resources/blog/webgl/"
},
{
"name": "https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures",
"refsource": "CONFIRM",
"url": "https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=656277",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=656277"
},
{
"name": "[whatwg] 20110314 Canvas and drawWindow",
"refsource": "MLIST",
"url": "http://lists.whatwg.org/pipermail/whatwg-whatwg.org/2011-March/030882.html"
},
{
"name": "http://www.mozilla.org/security/announce/2011/mfsa2011-25.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2011/mfsa2011-25.html"
}
]
}
}

200
2011/2xxx/CVE-2011-2492.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.",
"refsource" : "MLIST",
"url" : "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name" : "[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name" : "[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=703019",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"name" : "HPSBGN02970",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name" : "RHSA-2011:0927",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name" : "1025778",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1025778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not properly initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel memory via a crafted getsockopt system call, related to (1) the l2cap_sock_getsockopt_old function in net/bluetooth/l2cap_sock.c and (2) the rfcomm_sock_getsockopt_old function in net/bluetooth/rfcomm/sock.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2011:0927",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2011-0927.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d03e971cf403305217b8e62db3a2e5ad2d6263f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=703019",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=703019"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.0/testing/ChangeLog-3.0-rc4"
},
{
"name": "[oss-security] 20110624 Re: CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/3"
},
{
"name": "1025778",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025778"
},
{
"name": "[oss-security] 20110624 CVE request: kernel: bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/2"
},
{
"name": "[linux-bluetooth] 20110508 Bluetooth: l2cap and rfcomm: fix 1 byte infoleak to userspace.",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.linux.bluez.kernel/12909"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
}
]
}
}

34
2011/2xxx/CVE-2011-2566.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2566",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2566",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2011/2xxx/CVE-2011-2734.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2734",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-2734",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
}
]
}
}

200
2011/3xxx/CVE-2011-3010.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3010",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20110922 XSS Vulnerabilities in TWiki < 5.1.0",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name" : "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5",
"refsource" : "MISC",
"url" : "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name" : "http://develop.twiki.org/trac/changeset/21920",
"refsource" : "CONFIRM",
"url" : "http://develop.twiki.org/trac/changeset/21920"
},
{
"name" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010",
"refsource" : "CONFIRM",
"url" : "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name" : "49746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/49746"
},
{
"name" : "75673",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/75673"
},
{
"name" : "75674",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/75674"
},
{
"name" : "1026091",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1026091"
},
{
"name" : "46123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in TWiki before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the newtopic parameter in a WebCreateNewTopic action, related to the TWiki.WebCreateNewTopicTemplate topic; or (2) the query string to SlideShow.pm in the SlideShowPlugin."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5",
"refsource": "MISC",
"url": "http://www.mavitunasecurity.com/xss-vulnerability-in-twiki5"
},
{
"name": "75674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75674"
},
{
"name": "1026091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1026091"
},
{
"name": "46123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46123"
},
{
"name": "http://develop.twiki.org/trac/changeset/21920",
"refsource": "CONFIRM",
"url": "http://develop.twiki.org/trac/changeset/21920"
},
{
"name": "49746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49746"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010"
},
{
"name": "20110922 XSS Vulnerabilities in TWiki < 5.1.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2011-09/0142.html"
},
{
"name": "75673",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/75673"
}
]
}
}

150
2011/3xxx/CVE-2011-3132.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-3132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
},
{
"name" : "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name" : "1025999",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1025999"
},
{
"name" : "45864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/services/support/advisories/default.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/services/support/advisories/default.jsp"
},
{
"name": "1025999",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025999"
},
{
"name": "45864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45864"
},
{
"name": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt"
}
]
}
}

130
2013/0xxx/CVE-2013-0109.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-0109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nvidia.com/object/product-security.html",
"refsource" : "CONFIRM",
"url" : "http://www.nvidia.com/object/product-security.html"
},
{
"name" : "VU#957036",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/957036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#957036",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/957036"
},
{
"name": "http://www.nvidia.com/object/product-security.html",
"refsource": "CONFIRM",
"url": "http://www.nvidia.com/object/product-security.html"
}
]
}
}

170
2013/0xxx/CVE-2013-0206.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the \"administer CSS\" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130121 Re: CVE request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/01/21/5"
},
{
"name" : "https://drupal.org/node/1890318",
"refsource" : "MISC",
"url" : "https://drupal.org/node/1890318"
},
{
"name" : "http://drupal.org/node/1883976",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1883976"
},
{
"name" : "http://drupal.org/node/1883978",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1883978"
},
{
"name" : "http://drupalcode.org/project/live_css.git/commitdiff/cb7005f",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/live_css.git/commitdiff/cb7005f"
},
{
"name" : "http://drupalcode.org/project/live_css.git/commitdiff/ef323c8",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/live_css.git/commitdiff/ef323c8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x before 6.x-2.1 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the \"administer CSS\" permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://drupal.org/node/1890318",
"refsource": "MISC",
"url": "https://drupal.org/node/1890318"
},
{
"name": "http://drupalcode.org/project/live_css.git/commitdiff/ef323c8",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/live_css.git/commitdiff/ef323c8"
},
{
"name": "http://drupal.org/node/1883978",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1883978"
},
{
"name": "[oss-security] 20130121 Re: CVE request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/21/5"
},
{
"name": "http://drupal.org/node/1883976",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1883976"
},
{
"name": "http://drupalcode.org/project/live_css.git/commitdiff/cb7005f",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/live_css.git/commitdiff/cb7005f"
}
]
}
}

130
2013/0xxx/CVE-2013-0362.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2013/1xxx/CVE-2013-1288.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CTreeNode Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-1288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021"
},
{
"name" : "TA13-071A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-071A"
},
{
"name" : "oval:org.mitre.oval:def:16095",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Internet Explorer CTreeNode Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16095",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16095"
},
{
"name": "TA13-071A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-071A"
},
{
"name": "MS13-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-021"
}
]
}
}

180
2013/1xxx/CVE-2013-1584.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46579&r2=46578&pathrev=46579",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46579&r2=46578&pathrev=46579"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-03.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945"
},
{
"name" : "openSUSE-SU-2013:0276",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
},
{
"name" : "openSUSE-SU-2013:0285",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name" : "oval:org.mitre.oval:def:16092",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_version_5_and_6_primary_header function in epan/dissectors/packet-dtn.c in the DTN dissector in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 accesses an inappropriate pointer, which allows remote attackers to cause a denial of service (application crash) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-03.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-03.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945"
},
{
"name": "openSUSE-SU-2013:0285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00037.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46579&r2=46578&pathrev=46579",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dtn.c?r1=46579&r2=46578&pathrev=46579"
},
{
"name": "openSUSE-SU-2013:0276",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00028.html"
},
{
"name": "oval:org.mitre.oval:def:16092",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16092"
}
]
}
}

160
2013/4xxx/CVE-2013-4399.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b",
"refsource" : "CONFIRM",
"url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"name" : "http://security.libvirt.org/2013/0013.html",
"refsource" : "CONFIRM",
"url" : "http://security.libvirt.org/2013/0013.html"
},
{
"name" : "GLSA-201412-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name" : "62972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62972"
},
{
"name" : "60895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remoteClientFreeFunc function in daemon/remote.c in libvirt before 1.1.3, when ACLs are used, does not set an identity, which causes event handler removal to be denied and remote attackers to cause a denial of service (use-after-free and crash) by registering an event handler and then closing the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=8294aa0c1750dcb49d6345cd9bd97bf421580d8b"
},
{
"name": "62972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62972"
},
{
"name": "http://security.libvirt.org/2013/0013.html",
"refsource": "CONFIRM",
"url": "http://security.libvirt.org/2013/0013.html"
}
]
}
}

130
2013/4xxx/CVE-2013-4728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource" : "MISC",
"url" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name" : "96667",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/96667"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the \"l\" parameter, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96667",
"refsource": "OSVDB",
"url": "http://osvdb.org/96667"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
}
]
}
}

34
2013/4xxx/CVE-2013-4849.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4849",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4849",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

270
2013/4xxx/CVE-2013-4935.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
},
{
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2013-52.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2013-52.html"
},
{
"name" : "DSA-2734",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2734"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "RHSA-2014:0341",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name" : "openSUSE-SU-2013:1295",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2013:1300",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html"
},
{
"name" : "oval:org.mitre.oval:def:17417",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17417"
},
{
"name" : "54178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54178"
},
{
"name" : "54371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54371"
},
{
"name" : "54296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54296"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_per_length_determinant function in epan/dissectors/packet-per.c in the ASN.1 PER dissector in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize a length field in certain abnormal situations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54371"
},
{
"name": "openSUSE-SU-2013:1300",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00009.html"
},
{
"name": "54178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54178"
},
{
"name": "RHSA-2014:0341",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2013-52.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2013-52.html"
},
{
"name": "DSA-2734",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2734"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-per.c?r1=49985&r2=49984&pathrev=49985"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.10.1.html"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "openSUSE-SU-2013:1295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-08/msg00004.html"
},
{
"name": "54296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54296"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=49985"
},
{
"name": "oval:org.mitre.oval:def:17417",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17417"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8722"
},
{
"name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.9.html"
}
]
}
}

130
2013/4xxx/CVE-2013-4984.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"name" : "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities"
},
{
"name": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx",
"refsource": "CONFIRM",
"url": "http://www.sophos.com/en-us/support/knowledgebase/119773.aspx"
}
]
}
}

170
2013/5xxx/CVE-2013-5591.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-5591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=859892",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=859892"
},
{
"name" : "GLSA-201504-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-01"
},
{
"name" : "openSUSE-SU-2013:1634",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html"
},
{
"name" : "openSUSE-SU-2013:1633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html"
},
{
"name" : "oval:org.mitre.oval:def:19015",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the browser engine in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=859892"
},
{
"name": "oval:org.mitre.oval:def:19015",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19015"
},
{
"name": "openSUSE-SU-2013:1633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html"
},
{
"name": "GLSA-201504-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-01"
},
{
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-93.html"
},
{
"name": "openSUSE-SU-2013:1634",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html"
}
]
}
}

120
2013/5xxx/CVE-2013-5725.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130929 [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-09/0145.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130929 [CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0145.html"
}
]
}
}

160
2013/5xxx/CVE-2013-5963.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/123235",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/123235"
},
{
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=774214@simple-dropbox-upload-form%2Ftrunk&new=774214@simple-dropbox-upload-form%2Ftrunk",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=774214@simple-dropbox-upload-form%2Ftrunk&new=774214@simple-dropbox-upload-form%2Ftrunk"
},
{
"name" : "http://wordpress.org/plugins/simple-dropbox-upload-form/changelog",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/plugins/simple-dropbox-upload-form/changelog"
},
{
"name" : "54856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54856"
},
{
"name" : "simpledropboxupload-multi-file-upload(87166)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simpledropboxupload-multi-file-upload(87166)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87166"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?reponame=&old=774214@simple-dropbox-upload-form%2Ftrunk&new=774214@simple-dropbox-upload-form%2Ftrunk",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=774214@simple-dropbox-upload-form%2Ftrunk&new=774214@simple-dropbox-upload-form%2Ftrunk"
},
{
"name": "http://wordpress.org/plugins/simple-dropbox-upload-form/changelog",
"refsource": "CONFIRM",
"url": "http://wordpress.org/plugins/simple-dropbox-upload-form/changelog"
},
{
"name": "http://packetstormsecurity.com/files/123235",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123235"
},
{
"name": "54856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54856"
}
]
}
}

154
2017/1000xxx/CVE-2017-1000256.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-10-12",
"ID" : "CVE-2017-1000256",
"REQUESTER" : "berrange@redhat.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "libvirt",
"version" : {
"version_data" : [
{
"version_value" : "2.3.0 and later"
}
]
}
}
]
},
"vendor_name" : "libvirt"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-10-12",
"ID": "CVE-2017-1000256",
"REQUESTER": "berrange@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"name" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html",
"refsource" : "MISC",
"url" : "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html"
},
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-1000256",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/CVE-2017-1000256"
},
{
"name" : "DSA-4003",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-4003"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[libvirt-announce] 20171016 LSN-2017-0002 - TLS certificate verification disabled for clients",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
},
{
"name": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html"
},
{
"name": "DSA-4003",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4003"
},
{
"name": "https://access.redhat.com/security/cve/CVE-2017-1000256",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
}
]
}
}

140
2017/12xxx/CVE-2017-12268.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco AnyConnect Network Access Manager",
"version" : {
"version_data" : [
{
"version_value" : "Cisco AnyConnect Network Access Manager"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco AnyConnect Network Access Manager",
"version": {
"version_data": [
{
"version_value": "Cisco AnyConnect Network Access Manager"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam"
},
{
"name" : "101157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101157"
},
{
"name" : "1039507",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insufficient NAM policy enforcement. An attacker could exploit this vulnerability by manipulating network interfaces of the device to allow multiple active network interfaces. A successful exploit could allow the attacker to send traffic over a non-authorized network interface. Cisco Bug IDs: CSCvf66539."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171004-anam"
},
{
"name": "1039507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039507"
},
{
"name": "101157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101157"
}
]
}
}

34
2017/12xxx/CVE-2017-12324.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12324",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12324",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/12xxx/CVE-2017-12526.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-08-11T00:00:00",
"ID" : "CVE-2017-12526",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC": "2017-08-11T00:00:00",
"ID": "CVE-2017-12526",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "PLAT 7.3 (E0504)"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
},
{
"name" : "100367",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100367"
},
{
"name" : "1039152",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version PLAT 7.3 (E0504) was found. The problem was resolved in HPE Intelligent Management Center PLAT v7.3 (E0506) or any subsequent version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039152",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039152"
},
{
"name": "100367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100367"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03768en_us"
}
]
}
}

140
2017/12xxx/CVE-2017-12692.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/653",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/653"
},
{
"name" : "GLSA-201711-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-07"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 allows remote attackers to cause a denial of service (memory consumption) via a crafted VIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/653",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/653"
}
]
}
}

180
2017/13xxx/CVE-2017-13036.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3()."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in print-ospf6.c:ospf6_decode_v3()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/88b2dac837e81cf56dce05e6e7b5989332c0092d"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}
}

150
2017/13xxx/CVE-2017-13727.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2728",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2728"
},
{
"name" : "DSA-4100",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4100"
},
{
"name" : "USN-3602-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3602-1/"
},
{
"name" : "100524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100524"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a reachable assertion abort in the function TIFFWriteDirectoryTagSubifd() in LibTIFF 4.0.8, related to tif_dirwrite.c and a SubIFD tag. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100524"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
},
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2728",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2728"
},
{
"name": "DSA-4100",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4100"
}
]
}
}

34
2017/16xxx/CVE-2017-16284.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16284",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16284",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/16xxx/CVE-2017-16295.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16295",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16295",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/16xxx/CVE-2017-16490.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16490",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16490",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4570.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4570",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4570",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4764.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4764",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4764",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4778.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4778",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4778",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/4xxx/CVE-2017-4868.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4868",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4868",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

122
2018/18xxx/CVE-2018-18395.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"DATE_PUBLIC" : "2018-10-18T00:00:00",
"ID" : "CVE-2018-18395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ThingsPro IIoT Gateway and Device Management Software Solutions",
"version" : {
"version_data" : [
{
"version_value" : "2.1"
}
]
}
}
]
},
"vendor_name" : "Moxa"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Hidden Token Access"
}
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-18395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ThingsPro IIoT Gateway and Device Management Software Solutions",
"version": {
"version_data": [
{
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name": "Moxa"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hidden Token Access in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Hidden Token Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-023-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-hidden-token-access/"
}
]
}
}

150
2018/18xxx/CVE-2018-18438.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20181017 CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/10/17/3"
},
{
"name" : "[qemu-devel] 20181012 [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html"
},
{
"name" : "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name" : "105953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105953"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Qemu has integer overflows because IOReadHandler and its associated functions use a signed integer data type for a size value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105953"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 07/11] chardev: Let IOReadHandler use unsigned type",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02402.html"
},
{
"name": "[qemu-devel] 20181012 [PATCH v2 00/11] chardev: Convert IO handlers to use unsigned type",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg02396.html"
},
{
"name": "[oss-security] 20181017 CVE-2018-18438 Qemu: Integer overflow in ccid_card_vscard_read() allows memory corruption",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/10/17/3"
}
]
}
}

120
2018/18xxx/CVE-2018-18698.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/0x5h1v4m/CVE-ID-s/blob/master/CVE-2018-18698/MI%20A1.txt",
"refsource" : "MISC",
"url" : "https://github.com/0x5h1v4m/CVE-ID-s/blob/master/CVE-2018-18698/MI%20A1.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Xiaomi Mi A1 tissot_sprout:8.1.0/OPM1.171019.026/V9.6.4.0.ODHMIFE devices. They store cleartext Wi-Fi passwords in logcat during the process of setting up the phone as a hotspot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0x5h1v4m/CVE-ID-s/blob/master/CVE-2018-18698/MI%20A1.txt",
"refsource": "MISC",
"url": "https://github.com/0x5h1v4m/CVE-ID-s/blob/master/CVE-2018-18698/MI%20A1.txt"
}
]
}
}

130
2018/1xxx/CVE-2018-1314.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-1314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Hive",
"version" : {
"version_data" : [
{
"version_value" : "All versions of Hive including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Hive 2.3.3, 3.1.0 and earlier, Hive \"EXPLAIN\" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do \"EXPLAIN\" on arbitrary table or view and expose table metadata and statistics."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-1314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "All versions of Hive including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E"
},
{
"name" : "105884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, Hive \"EXPLAIN\" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do \"EXPLAIN\" on arbitrary table or view and expose table metadata and statistics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105884"
},
{
"name": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/3da47dbcbf09697387f29d2f1aed970523b6b334d93afd3cced23727@%3Cdev.hive.apache.org%3E"
}
]
}
}

34
2018/5xxx/CVE-2018-5264.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5264",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5264",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/5xxx/CVE-2018-5482.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@netapp.com",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ID" : "CVE-2018-5482",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SnapCenter Server",
"version" : {
"version_data" : [
{
"version_value" : "Versions prior to 4.1"
}
]
}
}
]
},
"vendor_name" : "NetApp"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Secure cookie"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@netapp.com",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-5482",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SnapCenter Server",
"version": {
"version_data": [
{
"version_value": "Versions prior to 4.1"
}
]
}
}
]
},
"vendor_name": "NetApp"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security.netapp.com/advisory/ntap-20190304-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20190304-0001/"
},
{
"name" : "107274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetApp SnapCenter Server prior to 4.1 does not set the secure flag for a sensitive cookie in an HTTPS session which can allow the transmission of the cookie in plain text over an unencrypted channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Secure cookie"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107274"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190304-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190304-0001/"
}
]
}
}

132
2018/5xxx/CVE-2018-5502.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-03-21T00:00:00",
"ID" : "CVE-2018-5502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0 - 13.1.0.3"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2018-5502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe)",
"version": {
"version_data": [
{
"version_value": "13.0.0 - 13.1.0.3"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K43121447",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K43121447"
},
{
"name" : "1040561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to disrupt services on the BIG-IP system with maliciously crafted client certificate. This vulnerability affects virtual servers associated with Client SSL profile which enables the use of client certificate authentication. Client certificate authentication is not enabled by default in Client SSL profile. There is no control plane exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K43121447",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K43121447"
},
{
"name": "1040561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040561"
}
]
}
}