admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:09:34 +00:00
parent fc0a8b2e7e
commit d25f2726a4
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4079 additions and 4079 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2002/0xxx/CVE-2002-0072.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0072", "ID": "CVE-2002-0072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101853851025208&w=2" "lang": "eng",
}, "value": "The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer."
{ }
"name" : "MS02-018", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", "description": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "CA-2002-09", ]
"refsource" : "CERT", }
"url" : "http://www.cert.org/advisories/CA-2002-09.html" ]
}, },
{ "references": {
"name" : "VU#521059", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/521059" "name": "4479",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4479"
"name" : "iis-isapi-filter-error-dos(8800)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8800.php" "name": "VU#521059",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/521059"
"name" : "4479", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4479" "name": "iis-isapi-filter-error-dos(8800)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/8800.php"
"name" : "3326", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3326" "name": "20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=101853851025208&w=2"
} },
} {
"name": "MS02-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
},
{
"name": "3326",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3326"
},
{
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
}
]
}
}

170
2002/0xxx/CVE-2002-0112.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0112", "ID": "CVE-2002-0112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101062172226812&w=2" "lang": "eng",
}, "value": "Etype Eserv 2.97 allows remote attackers to view password protected files via /./ in the URL."
{ }
"name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=ntbugtraq&m=101062823505486&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)", ]
"refsource" : "BUGTRAQ", }
"url" : "http://online.securityfocus.com/archive/1/249734" ]
}, },
{ "references": {
"name" : "3838", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3838" "name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
}, "refsource": "VULNWATCH",
{ "url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0010.html"
"name" : "eserv-protected-file-access(7849)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7849.php" "name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
} "refsource": "NTBUGTRAQ",
] "url": "http://marc.info/?l=ntbugtraq&m=101062823505486&w=2"
} },
} {
"name": "3838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3838"
},
{
"name": "20020109 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101062172226812&w=2"
},
{
"name": "20020111 Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/249734"
},
{
"name": "eserv-protected-file-access(7849)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7849.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0113.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0113", "ID": "CVE-2002-0113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020110 Legato Vulnerable", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/249420" "lang": "eng",
}, "value": "EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges. NOTE: this was originally reported for Legato NetWorker 6.1 on the Solaris 7 platform."
{ }
"name" : "3840", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3840" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "legato-nsrd-log-permissions(7897)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7897.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20020110 Legato Vulnerable",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/249420"
},
{
"name": "3840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3840"
},
{
"name": "legato-nsrd-log-permissions(7897)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7897.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0590.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0590", "ID": "CVE-2002-0590",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html" "lang": "eng",
}, "value": "Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts."
{ }
"name" : "4548", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "incredibb-html-css(8879)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8879.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "incredibb-html-css(8879)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8879.php"
},
{
"name": "20020419 [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0263.html"
},
{
"name": "4548",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4548"
}
]
}
}

150
2002/1xxx/CVE-2002-1004.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1004", "ID": "CVE-2002-1004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL."
{ }
"name" : "http://www.argosoft.com/applications/mailserver/changelist.asp", ]
"refsource" : "CONFIRM", },
"url" : "http://www.argosoft.com/applications/mailserver/changelist.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5144", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5144" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "argosoft-dotdot-directory-traversal(9477)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9477.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://www.argosoft.com/applications/mailserver/changelist.asp",
"refsource": "CONFIRM",
"url": "http://www.argosoft.com/applications/mailserver/changelist.asp"
},
{
"name": "20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html"
},
{
"name": "5144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5144"
},
{
"name": "argosoft-dotdot-directory-traversal(9477)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9477.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1122.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1122", "ID": "CVE-2002-1122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020918 Flaw in Internet Scanner Parsing Mechanism", "description_data": [
"refsource" : "ISS", {
"url" : "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165" "lang": "eng",
}, "value": "Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response."
{ }
"name" : "is-http-response-bo(10130)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/10130.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5738", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5738" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3150", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/3150" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20020918 Flaw in Internet Scanner Parsing Mechanism",
"refsource": "ISS",
"url": "http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165"
},
{
"name": "5738",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5738"
},
{
"name": "3150",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3150"
},
{
"name": "is-http-response-bo(10130)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10130.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1692.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1692", "ID": "CVE-2002-1692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securitytracker.com/alerts/2002/Jan/1003201.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securitytracker.com/alerts/2002/Jan/1003201.html" "lang": "eng",
}, "value": "Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up."
{ }
"name" : "win95-backup-bo(7892)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7892" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3864", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3864" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "win95-backup-bo(7892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7892"
},
{
"name": "http://www.securitytracker.com/alerts/2002/Jan/1003201.html",
"refsource": "MISC",
"url": "http://www.securitytracker.com/alerts/2002/Jan/1003201.html"
},
{
"name": "3864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3864"
}
]
}
}

150
2002/1xxx/CVE-2002-1744.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1744", "ID": "CVE-2002-1744",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded \"%c0%ae%c0%ae\" string, which is the Unicode representation for \"..\" (dot dot)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020417 Microsoft IIS 5.0 CodeBrws.asp Source Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/267945" "lang": "eng",
}, "value": "Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded \"%c0%ae%c0%ae\" string, which is the Unicode representation for \"..\" (dot dot)."
{ }
"name" : "20020417 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/268065" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4525", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4525" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "iis-codebrws-view-source(8853)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8853" ]
} },
] "references": {
} "reference_data": [
} {
"name": "iis-codebrws-view-source(8853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8853"
},
{
"name": "20020417 Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/267945"
},
{
"name": "20020417 Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/268065"
},
{
"name": "4525",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4525"
}
]
}
}

140
2002/1xxx/CVE-2002-1758.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1758", "ID": "CVE-2002-1758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020424 PHProjekt multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/269407" "lang": "eng",
}, "value": "PHProjekt 2.0 through 3.1 allows remote attackers to view or modify data via requests to certain scripts that do not verify if the user is logged in."
{ }
"name" : "4599", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4599" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phprojekt-unauth-script-access(8943)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "phprojekt-unauth-script-access(8943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8943"
},
{
"name": "20020424 PHProjekt multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/269407"
},
{
"name": "4599",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4599"
}
]
}
}

160
2003/0xxx/CVE-2003-0306.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0306", "ID": "CVE-2003-0306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030507 Buffer overflow in Explorer.exe", "description_data": [
"refsource" : "VULN-DEV", {
"url" : "http://marc.info/?l=vuln-dev&m=105241032526289&w=2" "lang": "eng",
}, "value": "Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to execute arbitrary code as the XP user via a desktop.ini file with a long .ShellClassInfo parameter."
{ }
"name" : "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=105284486526310&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105301349925036&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS03-027", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:3095", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095" "name": "MS03-027",
} "refsource": "MS",
] "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-027"
} },
} {
"name": "20030511 Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105284486526310&w=2"
},
{
"name": "oval:org.mitre.oval:def:3095",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3095"
},
{
"name": "20030515 Re[2]: EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105301349925036&w=2"
},
{
"name": "20030507 Buffer overflow in Explorer.exe",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=105241032526289&w=2"
}
]
}
}

180
2003/0xxx/CVE-2003-0414.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0414", "ID": "CVE-2003-0414",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030526 Multiple Vulnerabilities in Sun-One Application Server", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105409846029475&w=2" "lang": "eng",
}, "value": "The installation of Sun ONE Application Server 7.0 for Windows 2000/XP creates a statefile with world-readable permissions, which allows local users to gain privileges by reading a plaintext password in the statefile."
{ }
"name" : "http://www.spidynamics.com/sunone_alert.html", ]
"refsource" : "MISC", },
"url" : "http://www.spidynamics.com/sunone_alert.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55221", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1000610", ]
"refsource" : "SUNALERT", }
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1" ]
}, },
{ "references": {
"name" : "N-103", "reference_data": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-103.shtml" "name": "http://www.spidynamics.com/sunone_alert.html",
}, "refsource": "MISC",
{ "url": "http://www.spidynamics.com/sunone_alert.html"
"name" : "sunone-insecure-file-permissions(12096)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/12096.php" "name": "sunone-insecure-file-permissions(12096)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/12096.php"
"name" : "7712", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/7712" "name": "55221",
} "refsource": "SUNALERT",
] "url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55221&zone_32=category%3Asecurity"
} },
} {
"name": "N-103",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-103.shtml"
},
{
"name": "20030526 Multiple Vulnerabilities in Sun-One Application Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105409846029475&w=2"
},
{
"name": "7712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7712"
},
{
"name": "1000610",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000610.1-1"
}
]
}
}

130
2003/0xxx/CVE-2003-0581.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0581", "ID": "CVE-2003-0581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030714 xfstt-1.4 vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105829691405446&w=2" "lang": "eng",
}, "value": "X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of packets, with a large num_ranges value, which causes an out-of-bounds array access."
{ }
"name" : "DSA-360", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2003/dsa-360" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-360",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-360"
},
{
"name": "20030714 xfstt-1.4 vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105829691405446&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0632.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0632", "ID": "CVE-2003-0632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105906721920776&w=2" "lang": "eng",
}, "value": "Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) CGI program (FNDWRR.exe) of Oracle E-Business Suite 11.0 and 11.5.1 through 11.5.8 may allow remote attackers to execute arbitrary code via a long URL."
{ }
"name" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert56.pdf"
},
{
"name": "20030724 Integrigy Security Alert - Oracle E-Business Suite FNDWRR Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105906721920776&w=2"
}
]
}
}

160
2012/0xxx/CVE-2012-0047.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0047", "ID": "CVE-2012-0047",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120322 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0112.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the wicket:pageMapName parameter."
{ }
"name" : "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html", ]
"refsource" : "CONFIRM", },
"url" : "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80300", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80300" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026839", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026839" ]
}, },
{ "references": {
"name" : "apache-wicket-unspec-xss(74273)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74273" "name": "apache-wicket-unspec-xss(74273)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74273"
} },
} {
"name": "20120322 [CVE-2012-0047] Apache Wicket XSS vulnerability via pageMapName request parameter",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0112.html"
},
{
"name": "80300",
"refsource": "OSVDB",
"url": "http://osvdb.org/80300"
},
{
"name": "1026839",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026839"
},
{
"name": "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html",
"refsource": "CONFIRM",
"url": "http://wicket.apache.org/2012/03/22/wicket-cve-2012-0047.html"
}
]
}
}

160
2012/0xxx/CVE-2012-0072.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0072", "ID": "CVE-2012-0072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors."
{ }
"name" : "51458", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51458" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "78419", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78419" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026527", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026527" ]
}, },
{ "references": {
"name" : "databaseserver-listener-dos(72469)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72469" "name": "databaseserver-listener-dos(72469)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72469"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
},
{
"name": "51458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51458"
},
{
"name": "78419",
"refsource": "OSVDB",
"url": "http://osvdb.org/78419"
},
{
"name": "1026527",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026527"
}
]
}
}

220
2012/0xxx/CVE-2012-0597.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-0597", "ID": "CVE-2012-0597",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-03-07-1", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-03-07-1 and APPLE-SA-2012-03-07-2."
{ }
"name" : "APPLE-SA-2012-03-07-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-03-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "52365", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/52365" ]
}, },
{ "references": {
"name" : "79919", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/79919" "name": "oval:org.mitre.oval:def:16879",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16879"
"name" : "oval:org.mitre.oval:def:16879", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16879" "name": "52365",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52365"
"name" : "1026774", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026774" "name": "1026774",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1026774"
"name" : "48274", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48274" "name": "48377",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48377"
"name" : "48288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48288" "name": "apple-webkit-cve20120597-code-execution(73816)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73816"
"name" : "48377", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48377" "name": "APPLE-SA-2012-03-12-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00003.html"
"name" : "apple-webkit-cve20120597-code-execution(73816)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73816" "name": "48274",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48274"
} },
} {
"name": "79919",
"refsource": "OSVDB",
"url": "http://osvdb.org/79919"
},
{
"name": "APPLE-SA-2012-03-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00000.html"
},
{
"name": "48288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48288"
},
{
"name": "APPLE-SA-2012-03-07-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Mar/msg00001.html"
}
]
}
}

160
2012/0xxx/CVE-2012-0735.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-0735", "ID": "CVE-2012-0735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21592188", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21592188" "lang": "eng",
}, "value": "IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly scan file: URLs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted URI."
{ }
"name" : "53247", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/53247" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "48967", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48967" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48968", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48968" ]
}, },
{ "references": {
"name" : "ae-fileuri-info-disclosure(74558)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558" "name": "48967",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/48967"
} },
} {
"name": "ae-fileuri-info-disclosure(74558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74558"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21592188",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21592188"
},
{
"name": "48968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48968"
},
{
"name": "53247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53247"
}
]
}
}

140
2012/1xxx/CVE-2012-1421.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1421", "ID": "CVE-2012-1421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522005" "lang": "eng",
}, "value": "The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman Antivirus 6.06.12, Rising Antivirus 22.83.00.03, and AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial MSCF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
{ }
"name" : "http://www.ieee-security.org/TC/SP2012/program.html", ]
"refsource" : "MISC", },
"url" : "http://www.ieee-security.org/TC/SP2012/program.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80409", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80409" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522005"
},
{
"name": "80409",
"refsource": "OSVDB",
"url": "http://osvdb.org/80409"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
}
]
}
}

200
2012/1xxx/CVE-2012-1425.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1425", "ID": "CVE-2012-1425",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/522005" "lang": "eng",
}, "value": "The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat QuickHeal) 11.00, Emsisoft Anti-Malware 5.1.0.1, Fortinet Antivirus 4.2.254.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, and Trend Micro HouseCall 9.120.0.1004 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \\50\\4B\\03\\04 character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations."
{ }
"name" : "http://www.ieee-security.org/TC/SP2012/program.html", ]
"refsource" : "MISC", },
"url" : "http://www.ieee-security.org/TC/SP2012/program.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "80389", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80389" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "80391", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/80391" ]
}, },
{ "references": {
"name" : "80392", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80392" "name": "20120319 Evasion attacks expoliting file-parsing vulnerabilities in antivirus products",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/522005"
"name" : "80395", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80395" "name": "80403",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80403"
"name" : "80396", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80396" "name": "80389",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80389"
"name" : "80403", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80403" "name": "80391",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/80391"
"name" : "80409", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80409" "name": "80409",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80409"
} },
} {
"name": "80396",
"refsource": "OSVDB",
"url": "http://osvdb.org/80396"
},
{
"name": "80392",
"refsource": "OSVDB",
"url": "http://osvdb.org/80392"
},
{
"name": "http://www.ieee-security.org/TC/SP2012/program.html",
"refsource": "MISC",
"url": "http://www.ieee-security.org/TC/SP2012/program.html"
},
{
"name": "80395",
"refsource": "OSVDB",
"url": "http://osvdb.org/80395"
}
]
}
}

200
2012/1xxx/CVE-2012-1582.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1582", "ID": "CVE-2012-1582",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to inject arbitrary web script or HTML via a crafted page with \"forged strip item markers,\" as demonstrated using the CharInsert extension."
{ }
"name" : "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2", ]
"refsource" : "MLIST", },
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/03/22/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2012/03/24/1" ]
}, },
{ "references": {
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315" "name": "[oss-security] 20120323 CVEs for MediaWiki security and maintenance release 1.18.2",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/03/24/1"
"name" : "52689", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52689" "name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.18.2",
}, "refsource": "MLIST",
{ "url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html"
"name" : "80363", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/80363" "name": "48504",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48504"
"name" : "48504", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48504" "name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=35315"
"name" : "mediawiki-wikitext-xss(74288)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288" "name": "80363",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/80363"
} },
} {
"name": "[MediaWiki-announce] 20120322 MediaWiki security and maintenance release 1.17.3",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000109.html"
},
{
"name": "mediawiki-wikitext-xss(74288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74288"
},
{
"name": "[oss-security] 20120322 MediaWiki security and maintenance release 1.18.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/22/9"
},
{
"name": "52689",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52689"
}
]
}
}

160
2012/1xxx/CVE-2012-1623.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1623", "ID": "CVE-2012-1623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1" "lang": "eng",
}, "value": "The Registration Codes module before 6.x-2.4 for Drupal does not restrict access to the registration code list, which might allow remote attackers to bypass intended registration restrictions."
{ }
"name" : "http://drupal.org/node/1394172", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1394172" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "51271", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/51271" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "78184", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/78184" ]
}, },
{ "references": {
"name" : "47443", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47443" "name": "http://drupal.org/node/1394172",
} "refsource": "MISC",
] "url": "http://drupal.org/node/1394172"
} },
} {
"name": "47443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47443"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "51271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51271"
},
{
"name": "78184",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78184"
}
]
}
}

170
2012/3xxx/CVE-2012-3371.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3371", "ID": "CVE-2012-3371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.launchpad.net/openstack/msg14452.html" "lang": "eng",
}, "value": "The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section."
{ }
"name" : "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/07/11/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/nova/+bug/1017795", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/nova/+bug/1017795" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d" ]
}, },
{ "references": {
"name" : "USN-1501-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1501-1" "name": "54388",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/54388"
"name" : "54388", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54388" "name": "[openstack] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
} "refsource": "MLIST",
] "url": "https://lists.launchpad.net/openstack/msg14452.html"
} },
} {
"name": "https://bugs.launchpad.net/nova/+bug/1017795",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/nova/+bug/1017795"
},
{
"name": "[oss-security] 20120711 [OSSA 2012-009] Scheduler denial of service through scheduler_hints (CVE-2012-3371)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/11/13"
},
{
"name": "USN-1501-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1501-1"
},
{
"name": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d"
}
]
}
}

170
2012/3xxx/CVE-2012-3529.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3529", "ID": "CVE-2012-3529",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120822 Re: CVE request: Typo3", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/08/22/8" "lang": "eng",
}, "value": "The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2537", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2537" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "84775", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/84775" ]
}, },
{ "references": {
"name" : "50287", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50287" "name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/",
}, "refsource": "CONFIRM",
{ "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"
"name" : "typo3-config-module-info-disc(77793)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793" "name": "typo3-config-module-info-disc(77793)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"
} },
} {
"name": "DSA-2537",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2537"
},
{
"name": "[oss-security] 20120822 Re: CVE request: Typo3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/22/8"
},
{
"name": "50287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50287"
},
{
"name": "84775",
"refsource": "OSVDB",
"url": "http://osvdb.org/84775"
}
]
}
}

170
2012/3xxx/CVE-2012-3797.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3797", "ID": "CVE-2012-3797",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.org/adv/proservrex_1-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/adv/proservrex_1-adv.txt" "lang": "eng",
}, "value": "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a short crafted packet with a certain opcode."
{ }
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", ]
"refsource" : "MISC", },
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.hmisource.com/otasuke/news/2012/0606.html", ]
"refsource" : "CONFIRM", }
"url" : "https://www.hmisource.com/otasuke/news/2012/0606.html" ]
}, },
{ "references": {
"name" : "53499", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53499" "name": "https://www.hmisource.com/otasuke/news/2012/0606.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.hmisource.com/otasuke/news/2012/0606.html"
"name" : "49172", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49172" "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt",
} "refsource": "CONFIRM",
] "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt"
} },
} {
"name": "http://aluigi.org/adv/proservrex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/proservrex_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01"
},
{
"name": "53499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53499"
},
{
"name": "49172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49172"
}
]
}
}

34
2012/4xxx/CVE-2012-4166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-4166", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-4166",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-4165. Reason: This candidate is a duplicate of CVE-2012-4165. Notes: All CVE users should reference CVE-2012-4165 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

140
2012/4xxx/CVE-2012-4269.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4269", "ID": "CVE-2012-4269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
{ }
"name" : "53412", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/53412" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "efront-upload-file-upload(75443)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "53412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4311.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4311", "ID": "CVE-2012-4311",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/4xxx/CVE-2012-4987.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4987", "ID": "CVE-2012-4987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121026 Realplayer Watchfolders Long Filepath Overflow", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2012/Oct/189" "lang": "eng",
}, "value": "Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP file that triggers incorrect processing of long pathnames by the Watch Folders feature."
{ }
"name" : "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56324", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/56324" ]
}, },
{ "references": {
"name" : "86721", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86721" "name": "56324",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56324"
"name" : "realplayer-watch-folder-bo(79663)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79663" "name": "20121026 Realplayer Watchfolders Long Filepath Overflow",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2012/Oct/189"
} },
} {
"name": "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html",
"refsource": "MISC",
"url": "http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html"
},
{
"name": "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117691/Realplayer-Watchfolders-Long-Filepath-Overflow.html"
},
{
"name": "realplayer-watch-folder-bo(79663)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79663"
},
{
"name": "86721",
"refsource": "OSVDB",
"url": "http://osvdb.org/86721"
}
]
}
}

34
2017/2xxx/CVE-2017-2027.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2027", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2027",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/2xxx/CVE-2017-2074.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2074", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2074",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/2xxx/CVE-2017-2276.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2276", "ID": "CVE-2017-2276",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WG-C10", "product_name": "WG-C10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v3.0.79 and earlier" "version_value": "v3.0.79 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sony Corporation" "vendor_name": "Sony Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10", "description_data": [
"refsource" : "MISC", {
"url" : "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10" "lang": "eng",
}, "value": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
{ }
"name" : "JVN#14151222", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN14151222/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#14151222",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN14151222/index.html"
},
{
"name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10",
"refsource": "MISC",
"url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10"
}
]
}
}

34
2017/2xxx/CVE-2017-2556.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2556", "ID": "CVE-2017-2556",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/2xxx/CVE-2017-2929.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-2929", "ID": "CVE-2017-2929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Extension for Chrome 15.1.0.3", "product_name": "Adobe Acrobat Extension for Chrome 15.1.0.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Extension for Chrome 15.1.0.3" "version_value": "Adobe Acrobat Extension for Chrome 15.1.0.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOM-based Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html" "lang": "eng",
}, "value": "Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability. Successful exploitation could lead to JavaScript code execution."
{ }
"name" : "95693", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95693" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037687", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037687" "lang": "eng",
} "value": "DOM-based Cross-Site Scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1037687",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037687"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-03.html"
},
{
"name": "95693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95693"
}
]
}
}

140
2017/3xxx/CVE-2017-3056.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-3056", "ID": "CVE-2017-3056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.", "product_name": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier.",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier." "version_value": "Adobe Acrobat Reader 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Corruption"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html" "lang": "eng",
}, "value": "Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JavaScript engine, related to string manipulation. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "97556", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97556" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038228", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038228" "lang": "eng",
} "value": "Memory Corruption"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038228",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038228"
},
{
"name": "97556",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97556"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-11.html"
}
]
}
}

170
2017/6xxx/CVE-2017-6460.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6460", "ID": "CVE-2017-6460",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3377", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3377" "lang": "eng",
}, "value": "Stack-based buffer overflow in the reslist function in ntpq in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote servers have unspecified impact via a long flagstr variable in a restriction list response."
{ }
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu", ]
"refsource" : "CONFIRM", },
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/92", "description": [
"refsource" : "CONFIRM", {
"url" : "http://securityadvisories.paloaltonetworks.com/Home/Detail/92" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208144", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208144" ]
}, },
{ "references": {
"name" : "97052", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97052" "name": "1038123",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1038123"
"name" : "1038123", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038123" "name": "http://securityadvisories.paloaltonetworks.com/Home/Detail/92",
} "refsource": "CONFIRM",
] "url": "http://securityadvisories.paloaltonetworks.com/Home/Detail/92"
} },
} {
"name": "https://support.apple.com/HT208144",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208144"
},
{
"name": "97052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97052"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3377",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3377"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
}
]
}
}

130
2017/6xxx/CVE-2017-6731.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6731", "ID": "CVE-2017-6731",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco IOS XR", "product_name": "Cisco IOS XR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco IOS XR" "version_value": "Cisco IOS XR"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr" "lang": "eng",
}, "value": "A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress packet processing for Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the MSDP session to be unexpectedly reset, causing a short denial of service (DoS) condition. The MSDP session will restart within a few seconds. More Information: CSCvd94828. Known Affected Releases: 4.3.2.MCAST 6.0.2.BASE. Known Fixed Releases: 6.3.1.19i.MCAST 6.2.3.1i.MCAST 6.2.2.17i.MCAST 6.1.4.12i.MCAST."
{ }
"name" : "1038820", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1038820" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-iosxr"
},
{
"name": "1038820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038820"
}
]
}
}

140
2017/6xxx/CVE-2017-6751.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6751", "ID": "CVE-2017-6751",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Web Security Appliance", "product_name": "Cisco Web Security Appliance",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Web Security Appliance" "version_value": "Cisco Web Security Appliance"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Access Control Bypass Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5" "lang": "eng",
}, "value": "A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected device to the administrative management interface of an affected device, aka an Access Control Bypass Vulnerability. Affected Products: virtual and hardware versions of Cisco Web Security Appliance (WSA). More Information: CSCvd88863. Known Affected Releases: 10.1.0-204 9.0.0-485."
{ }
"name" : "99967", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99967" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038959", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038959" "lang": "eng",
} "value": "Access Control Bypass Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99967",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99967"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170719-wsa5"
},
{
"name": "1038959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038959"
}
]
}
}

200
2017/7xxx/CVE-2017-7041.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7041", "ID": "CVE-2017-7041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42366", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42366/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
{ }
"name" : "https://support.apple.com/HT207921", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207921" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207923", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207923" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207924", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207924" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207927", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207927" "name": "99885",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/99885"
"name" : "https://support.apple.com/HT207928", },
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207928" "name": "https://support.apple.com/HT207927",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207927"
"name" : "GLSA-201710-14", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-14" "name": "https://support.apple.com/HT207924",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207924"
"name" : "99885", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99885" "name": "https://support.apple.com/HT207928",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207928"
"name" : "1038950", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038950" "name": "42366",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/42366/"
} },
} {
"name": "https://support.apple.com/HT207921",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207921"
},
{
"name": "https://support.apple.com/HT207923",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207923"
},
{
"name": "GLSA-201710-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-14"
},
{
"name": "1038950",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038950"
}
]
}
}

120
2017/7xxx/CVE-2017-7351.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7351", "ID": "CVE-2017-7351",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/", "description_data": [
"refsource" : "MISC", {
"url" : "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/" "lang": "eng",
} "value": "A SQL injection issue exists in a file upload handler in REDCap 7.x before 7.0.11 via a trailing substring to SendITController:upload."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2017-7351-redcap-7-0-0-7-0-10-sql-injection/"
}
]
}
}

202
2017/7xxx/CVE-2017-7429.json
View File

@ -1,103 +1,103 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@suse.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00.000Z", "DATE_PUBLIC": "2017-10-02T00:00:00.000Z",
"ID" : "CVE-2017-7429", "ID": "CVE-2017-7429",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Fix for NetIQ shell code upload" "TITLE": "Fix for NetIQ shell code upload"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "eDirectory", "product_name": "eDirectory",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_value" : " 8.8.8 Patch 10 HF1" "version_value": " 8.8.8 Patch 10 HF1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetIQ" "vendor_name": "NetIQ"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "SySS GmbH"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-434"
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "SySS GmbH"
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1024957", }
"refsource" : "CONFIRM", ],
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1024957" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html", "description": {
"refsource" : "CONFIRM", "description_data": [
"url" : "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html" {
}, "lang": "eng",
{ "value": "The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 Patch 10 Hotfix 1 could be abused to upload JSP code which could be used by authenticated attackers to execute JSP applets on the iManager server."
"name" : "https://www.novell.com/support/kb/doc.php?id=3426981", }
"refsource" : "CONFIRM", ]
"url" : "https://www.novell.com/support/kb/doc.php?id=3426981" },
} "impact": {
] "cvss": {
}, "attackComplexity": "LOW",
"source" : { "attackVector": "NETWORK",
"defect" : [ "availabilityImpact": "HIGH",
"1024957" "baseScore": 8.8,
], "baseSeverity": "HIGH",
"discovery" : "EXTERNAL" "confidentialityImpact": "HIGH",
} "integrityImpact": "HIGH",
} "privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-434"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1024957",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1024957"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=3426981",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=3426981"
},
{
"name": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/edir88/edir88810hf1_releasenotes/data/edir88810hf1_releasenotes.html"
}
]
},
"source": {
"defect": [
"1024957"
],
"discovery": "EXTERNAL"
}
}

130
2017/7xxx/CVE-2017-7441.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7441", "ID": "CVE-2017-7441",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/", "description_data": [
"refsource" : "MISC", {
"url" : "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/" "lang": "eng",
}, "value": "In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the leak occurs at the driver level, an attacker can use this vulnerability to leak some critical information about the machine such as nt!ExpPoolQuotaCookie."
{ }
"name" : "https://www.nuitduhack.com/fr/planning/talk_10", ]
"refsource" : "MISC", },
"url" : "https://www.nuitduhack.com/fr/planning/talk_10" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nuitduhack.com/fr/planning/talk_10",
"refsource": "MISC",
"url": "https://www.nuitduhack.com/fr/planning/talk_10"
},
{
"name": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/",
"refsource": "MISC",
"url": "https://trackwatch.com/kernel-pool-overflow-exploitation-in-real-world-windows-10/"
}
]
}
}

160
2017/7xxx/CVE-2017-7471.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-7471", "ID": "CVE-2017-7471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/04/19/2" "lang": "eng",
}, "value": "Quick Emulator (Qemu) built with the VirtFS, host directory sharing via Plan 9 File System (9pfs) support, is vulnerable to an improper access control issue. It could occur while accessing files on a shared host directory. A privileged user inside guest could use this flaw to access host file system beyond the shared folder and potentially escalating their privileges on a host."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201706-03", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201706-03" ]
}, },
{ "references": {
"name" : "97970", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97970" "name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e",
} "refsource": "CONFIRM",
] "url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e"
} },
} {
"name": "GLSA-201706-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-03"
},
{
"name": "97970",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97970"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7471"
},
{
"name": "[oss-security] 20170419 CVE-2017-7471 Qemu: 9p: virtfs allows guest to change filesystem attributes on host",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/04/19/2"
}
]
}
}

152
2017/7xxx/CVE-2017-7837.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7837", "ID": "CVE-2017-7837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "57" "version_value": "57"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SVG loaded through \"<img>\" tags can use \"<meta>\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SVG loaded as <img> can use meta tags to set cookies"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923" "lang": "eng",
}, "value": "SVG loaded through \"<img>\" tags can use \"<meta>\" tags within the SVG data to set cookies for that page. This vulnerability affects Firefox < 57."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "101832", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101832" "lang": "eng",
}, "value": "SVG loaded as <img> can use meta tags to set cookies"
{ }
"name" : "1039803", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039803" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://www.mozilla.org/security/advisories/mfsa2017-24/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-24/"
},
{
"name": "101832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101832"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1325923"
},
{
"name": "1039803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039803"
}
]
}
}

120
2018/10xxx/CVE-2018-10175.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10175", "ID": "CVE-2018-10175",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Digital Guardian Management Console 7.1.2.0015 has an XXE issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html" "lang": "eng",
} "value": "Digital Guardian Management Console 7.1.2.0015 has an XXE issue."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147261/Digital-Guardian-Management-Console-7.1.2.0015-XXE-Injection.html"
}
]
}
}

130
2018/10xxx/CVE-2018-10486.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-10486", "ID": "CVE-2018-10486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-396", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-396" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the U3D Image Index. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5418."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-396",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-396"
}
]
}
}

200
2018/10xxx/CVE-2018-10844.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-10844", "ID": "CVE-2018-10844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "gnutls", "product_name": "gnutls",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-385"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html" "lang": "eng",
}, "value": "It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets."
{ }
"name" : "https://eprint.iacr.org/2018/747", ]
"refsource" : "MISC", },
"url" : "https://eprint.iacr.org/2018/747" "impact": {
}, "cvss": [
{ [
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844", {
"refsource" : "CONFIRM", "vectorString": "5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844" "version": "3.0"
}, }
{ ]
"name" : "https://gitlab.com/gnutls/gnutls/merge_requests/657", ]
"refsource" : "CONFIRM", },
"url" : "https://gitlab.com/gnutls/gnutls/merge_requests/657" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3050", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3050" "lang": "eng",
}, "value": "CWE-385"
{ }
"name" : "RHSA-2018:3505", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3505" ]
}, },
{ "references": {
"name" : "105138", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105138" "name": "https://eprint.iacr.org/2018/747",
} "refsource": "MISC",
] "url": "https://eprint.iacr.org/2018/747"
} },
} {
"name": "https://gitlab.com/gnutls/gnutls/merge_requests/657",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/gnutls/merge_requests/657"
},
{
"name": "RHSA-2018:3505",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3505"
},
{
"name": "105138",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105138"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10844"
},
{
"name": "RHSA-2018:3050",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3050"
},
{
"name": "[debian-lts-announce] 20181030 [SECURITY] [DLA 1560-1] gnutls28 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html"
}
]
}
}

202
2018/10xxx/CVE-2018-10919.json
View File

@ -1,103 +1,103 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psampaio@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-10919", "ID": "CVE-2018-10919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "samba", "product_name": "samba",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.6.16" "version_value": "4.6.16"
}, },
{ {
"version_value" : "4.7.9" "version_value": "4.7.9"
}, },
{ {
"version_value" : "4.8.4" "version_value": "4.8.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "The Samba Team" "vendor_name": "The Samba Team"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-203"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919" "lang": "eng",
}, "value": "The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable."
{ }
"name" : "https://www.samba.org/samba/security/CVE-2018-10919.html", ]
"refsource" : "CONFIRM", },
"url" : "https://www.samba.org/samba/security/CVE-2018-10919.html" "impact": {
}, "cvss": [
{ [
"name" : "https://security.netapp.com/advisory/ntap-20180814-0001/", {
"refsource" : "CONFIRM", "vectorString": "4.3/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"url" : "https://security.netapp.com/advisory/ntap-20180814-0001/" "version": "3.0"
}, }
{ ]
"name" : "DSA-4271", ]
"refsource" : "DEBIAN", },
"url" : "https://www.debian.org/security/2018/dsa-4271" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3738-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3738-1/" "lang": "eng",
}, "value": "CWE-203"
{ }
"name" : "105081", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/105081" ]
} },
] "references": {
} "reference_data": [
} {
"name": "DSA-4271",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4271"
},
{
"name": "USN-3738-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3738-1/"
},
{
"name": "https://www.samba.org/samba/security/CVE-2018-10919.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-10919.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10919"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180814-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180814-0001/"
},
{
"name": "105081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105081"
}
]
}
}

120
2018/14xxx/CVE-2018-14451.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14451", "ID": "CVE-2018-14451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md" "lang": "eng",
} "value": "An issue was discovered in libgig 4.1.0. There is a heap-based buffer overflow in the function RIFF::Chunk::Read in RIFF.cpp."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/libgig/README.md"
}
]
}
}

120
2018/14xxx/CVE-2018-14515.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14515", "ID": "CVE-2018-14515",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wuzhicms/wuzhicms/issues/146", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wuzhicms/wuzhicms/issues/146" "lang": "eng",
} "value": "A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wuzhicms/wuzhicms/issues/146",
"refsource": "MISC",
"url": "https://github.com/wuzhicms/wuzhicms/issues/146"
}
]
}
}

130
2018/14xxx/CVE-2018-14551.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14551", "ID": "CVE-2018-14551",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1221", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1221" "lang": "eng",
}, "value": "The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption."
{ }
"name" : "USN-3785-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3785-1/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1221",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1221"
},
{
"name": "USN-3785-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3785-1/"
}
]
}
}

142
2018/14xxx/CVE-2018-14786.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-23T00:00:00", "DATE_PUBLIC": "2018-08-23T00:00:00",
"ID" : "CVE-2018-14786", "ID": "CVE-2018-14786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA", "product_name": "Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 2.3.6 and prior" "version_value": "Version 2.3.6 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Becton, Dickinson and Company" "vendor_name": "Becton, Dickinson and Company"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authentication cwe-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01" "lang": "eng",
}, "value": "Becton, Dickinson and Company (BD) Alaris Plus medical syringe pumps (models Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA) versions 2.3.6 and prior are affected by an improper authentication vulnerability where the software does not perform authentication for functionality that requires a provable user identity, where it may allow a remote attacker to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port."
{ }
"name" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states", ]
"refsource" : "CONFIRM", },
"url" : "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105147", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105147" "lang": "eng",
} "value": "Improper Authentication cwe-287"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105147"
},
{
"name": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states",
"refsource": "CONFIRM",
"url": "http://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletin-for-various-alaris-plus-syringe-pumps-sold-and-in-use-outside-the-united-states"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-235-01"
}
]
}
}

250
2018/15xxx/CVE-2018-15410.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500", "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15410", "ID": "CVE-2018-15410",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities" "TITLE": "Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco WebEx WRF Player ", "product_name": "Cisco WebEx WRF Player ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "7.8",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce" "lang": "eng",
}, "value": "A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected software improperly validates Advanced Recording Format (ARF) and Webex Recording Format (WRF) files. An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file via a link or an email attachment and persuading the user to open the file by using the affected software. A successful exploit could allow the attacker to execute arbitrary code on the affected system."
{ }
"name" : "105520", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105520" "impact": {
}, "cvss": {
{ "baseScore": "7.8",
"name" : "1041795", "version": "3.0"
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041795" },
} "problemtype": {
] "problemtype_data": [
}, {
"source" : { "description": [
"advisory" : "cisco-sa-20181003-webex-rce", {
"defect" : [ "lang": "eng",
[ "value": "CWE-20"
"CSCvj83752", }
"CSCvj83767", ]
"CSCvj83771", }
"CSCvj83793", ]
"CSCvj83797", },
"CSCvj83803", "references": {
"CSCvj83818", "reference_data": [
"CSCvj83824", {
"CSCvj83831", "name": "1041795",
"CSCvj87929", "refsource": "SECTRACK",
"CSCvj87934", "url": "http://www.securitytracker.com/id/1041795"
"CSCvj93870", },
"CSCvj93877", {
"CSCvk31089", "name": "105520",
"CSCvk33049", "refsource": "BID",
"CSCvk52510", "url": "http://www.securityfocus.com/bid/105520"
"CSCvk52518", },
"CSCvk52521", {
"CSCvk59945", "name": "20181003 Cisco Webex Network Recording Player and Cisco Webex Player Remote Code Execution Vulnerabilities",
"CSCvk59949", "refsource": "CISCO",
"CSCvk59950", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-webex-rce"
"CSCvk60158", }
"CSCvk60163", ]
"CSCvm51315", },
"CSCvm51318", "source": {
"CSCvm51361", "advisory": "cisco-sa-20181003-webex-rce",
"CSCvm51371", "defect": [
"CSCvm51373", [
"CSCvm51374", "CSCvj83752",
"CSCvm51382", "CSCvj83767",
"CSCvm51386", "CSCvj83771",
"CSCvm51391", "CSCvj83793",
"CSCvm51393", "CSCvj83797",
"CSCvm51396", "CSCvj83803",
"CSCvm51398", "CSCvj83818",
"CSCvm51412", "CSCvj83824",
"CSCvm51413", "CSCvj83831",
"CSCvm54531", "CSCvj87929",
"CSCvm54538" "CSCvj87934",
] "CSCvj93870",
], "CSCvj93877",
"discovery" : "UNKNOWN" "CSCvk31089",
} "CSCvk33049",
} "CSCvk52510",
"CSCvk52518",
"CSCvk52521",
"CSCvk59945",
"CSCvk59949",
"CSCvk59950",
"CSCvk60158",
"CSCvk60163",
"CSCvm51315",
"CSCvm51318",
"CSCvm51361",
"CSCvm51371",
"CSCvm51373",
"CSCvm51374",
"CSCvm51382",
"CSCvm51386",
"CSCvm51391",
"CSCvm51393",
"CSCvm51396",
"CSCvm51398",
"CSCvm51412",
"CSCvm51413",
"CSCvm54531",
"CSCvm54538"
]
],
"discovery": "UNKNOWN"
}
}

120
2018/20xxx/CVE-2018-20063.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20063", "ID": "CVE-2018-20063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688" "lang": "eng",
} "value": "An issue was discovered in Gurock TestRail 5.6.0.3853. An \"Unrestricted Upload of File\" vulnerability exists in the image-upload form (available in the description editor), allowing remote authenticated users to execute arbitrary code by uploading an image file with an executable extension but a safe Content-Type value, and then accessing it via a direct request to the file in the file-upload directory (if it's accessible according to the server configuration)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688",
"refsource": "MISC",
"url": "https://medium.com/@vrico315/unrestricted-upload-of-file-with-dangerous-type-in-gurocks-testrail-11d9f4d13688"
}
]
}
}

34
2018/20xxx/CVE-2018-20654.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20654", "ID": "CVE-2018-20654",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20708.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20708", "ID": "CVE-2018-20708",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20779.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20779", "ID": "CVE-2018-20779",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Traq 3.7.1 allows SQL Injection via a tickets?search= URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/149894", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/149894" "lang": "eng",
} "value": "Traq 3.7.1 allows SQL Injection via a tickets?search= URI."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/149894",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/149894"
}
]
}
}

132
2018/9xxx/CVE-2018-9448.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-9448", "ID": "CVE-2018-9448",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-8.0 Android-8.1" "version_value": "Android-8.0 Android-8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-08-01" "lang": "eng",
}, "value": "In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113."
{ }
"name" : "1041432", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041432" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}

130
2018/9xxx/CVE-2018-9541.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9541", "ID": "CVE-2018-9541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-9" "version_value": "Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
}, "value": "In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450531"
{ }
"name" : "105849", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105849" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105849"
},
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
}