admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:53:31 +00:00
parent ee5e59d606
commit d53008583d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3335 additions and 3335 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2001/0xxx/CVE-2001-0974.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0974", "ID": "CVE-2001-0974",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CA-2001-18", "description_data": [
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2001-18.html" "lang": "eng",
}, "value": "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
{ }
"name" : "L-116", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/l-116.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#869184", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/869184" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3048", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3048" ]
}, },
{ "references": {
"name" : "oracle-ldap-protos-format-string(6903)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903" "name": "oracle-ldap-protos-format-string(6903)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
} },
{
"name": "3048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3048"
},
{
"name": "CA-2001-18",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-18.html"
},
{
"name": "VU#869184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/869184"
},
{
"name": "L-116",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
}
]
}
} }

138
2001/1xxx/CVE-2001-1029.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1029", "ID": "CVE-2001-1029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html" "lang": "eng",
}, "value": "libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files."
{ }
"name" : "bsd-libutil-privilege-dropping(8697)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6073", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6073" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html"
},
{
"name": "6073",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6073"
},
{
"name": "bsd-libutil-privilege-dropping(8697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8697"
}
]
}
} }

148
2001/1xxx/CVE-2001-1543.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-1543", "ID": "CVE-2001-1543",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20011205 Axis Network Camera known default password vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html" "lang": "eng",
}, "value": "Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password \"pass\", which allows remote attackers to gain access to the camera."
{ }
"name" : "20011206 Re: Axis Network Camera known default password vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3640", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3640" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "axis-default-admin-passwd(7665)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7665.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "3640",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3640"
},
{
"name": "20011205 Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0050.html"
},
{
"name": "20011206 Re: Axis Network Camera known default password vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0061.html"
},
{
"name": "axis-default-admin-passwd(7665)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7665.php"
}
]
}
} }

158
2006/2xxx/CVE-2006-2165.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2165", "ID": "CVE-2006-2165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. NOTE: this issue might be resultant from SQL injection."
{ }
"name" : "25641", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/25641" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "25642", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/25642" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "25643", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/25643" ]
}, },
{ "references": {
"name" : "avactis-multiple-scripts-xss(26179)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26179" "name": "avactis-multiple-scripts-xss(26179)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26179"
} },
{
"name": "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/05/avactis-shopping-cart-vuln.html"
},
{
"name": "25641",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25641"
},
{
"name": "25642",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25642"
},
{
"name": "25643",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25643"
}
]
}
} }

138
2006/2xxx/CVE-2006-2235.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2235", "ID": "CVE-2006-2235",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060501 free-php.net Poll 1.0 admin login", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/432577/100/0/threaded" "lang": "eng",
}, "value": "CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is not required for the admin directory, allows remote attackers to gain administrative privileges by appending /admin/ to the top-level URI of the application."
{ }
"name" : "http://www.free-php.net/scripts/zip/5.zip", ]
"refsource" : "MISC", },
"url" : "http://www.free-php.net/scripts/zip/5.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17771", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/17771" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "17771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17771"
},
{
"name": "20060501 free-php.net Poll 1.0 admin login",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/432577/100/0/threaded"
},
{
"name": "http://www.free-php.net/scripts/zip/5.zip",
"refsource": "MISC",
"url": "http://www.free-php.net/scripts/zip/5.zip"
}
]
}
} }

32
2006/2xxx/CVE-2006-2454.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2454", "ID": "CVE-2006-2454",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

168
2006/2xxx/CVE-2006-2565.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2565", "ID": "CVE-2006-2565",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060522 Alstrasoft Article Manager Pro v1.6", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/434847/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid."
{ }
"name" : "ADV-2006-1943", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2006/1943" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20228", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20228" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "949", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/949" ]
}, },
{ "references": {
"name" : "article-manager-multi-scripts-path-disclosure(26676)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26676" "name": "949",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/949"
"name" : "article-manager-profile-sql-injection(26674)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26674" "name": "article-manager-profile-sql-injection(26674)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26674"
} },
{
"name": "20228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20228"
},
{
"name": "ADV-2006-1943",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1943"
},
{
"name": "article-manager-multi-scripts-path-disclosure(26676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26676"
},
{
"name": "20060522 Alstrasoft Article Manager Pro v1.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434847/100/0/threaded"
}
]
}
} }

168
2006/2xxx/CVE-2006-2875.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-2875", "ID": "CVE-2006-2875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/435963/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion."
{ }
"name" : "http://aluigi.altervista.org/adv/q3cbof-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/q3cbof-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18271", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/18271" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-2129", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/2129" ]
}, },
{ "references": {
"name" : "1016219", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016219" "name": "http://aluigi.altervista.org/adv/q3cbof-adv.txt",
}, "refsource": "MISC",
{ "url": "http://aluigi.altervista.org/adv/q3cbof-adv.txt"
"name" : "20401", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20401" "name": "18271",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/18271"
} },
{
"name": "1016219",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016219"
},
{
"name": "ADV-2006-2129",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2129"
},
{
"name": "20401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20401"
},
{
"name": "20060602 Client buffer-overflow in Quake 3 engine (1.32c / rev 795)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435963/100/0/threaded"
}
]
}
} }

148
2006/6xxx/CVE-2006-6568.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2006-6568", "ID": "CVE-2006-6568",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "2924", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/2924" "lang": "eng",
}, "value": "Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter."
{ }
"name" : "21577", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/21577" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "23356", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23356" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mxbbknowledgebase-kb-file-include(30857)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/30857" ]
} },
] "references": {
} "reference_data": [
{
"name": "23356",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23356"
},
{
"name": "mxbbknowledgebase-kb-file-include(30857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30857"
},
{
"name": "2924",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2924"
},
{
"name": "21577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21577"
}
]
}
} }

178
2008/5xxx/CVE-2008-5061.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5061", "ID": "CVE-2008-5061",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7049", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7049" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in php/cal_default.php in Mini Web Calendar (mwcal) 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL."
{ }
"name" : "32196", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32196" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-3077", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3077" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49679", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/49679" ]
}, },
{ "references": {
"name" : "32640", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32640" "name": "49679",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/49679"
"name" : "4590", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4590" "name": "ADV-2008-3077",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3077"
"name" : "mwcal-caldefault-xss(46456)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46456" "name": "mwcal-caldefault-xss(46456)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46456"
} },
{
"name": "32196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32196"
},
{
"name": "32640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32640"
},
{
"name": "4590",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4590"
},
{
"name": "7049",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7049"
}
]
}
} }

32
2011/2xxx/CVE-2011-2268.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2011-2268", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2011-2268",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none."
} }
] ]
} }
} }

148
2011/2xxx/CVE-2011-2493.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2011-2493", "ID": "CVE-2011-2493",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110624 Re: CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/24/4" "lang": "eng",
}, "value": "The ext4_fill_super function in fs/ext4/super.c in the Linux kernel before 2.6.39 does not properly initialize a certain error-report data structure, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem."
{ }
"name" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39", ]
"refsource" : "CONFIRM", },
"url" : "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0449641130f5652b344ef6fa39fa019d7e94660a", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0449641130f5652b344ef6fa39fa019d7e94660a" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/0449641130f5652b344ef6fa39fa019d7e94660a"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0449641130f5652b344ef6fa39fa019d7e94660a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0449641130f5652b344ef6fa39fa019d7e94660a"
},
{
"name": "[oss-security] 20110624 Re: CVE request: kernel: ext4: init timer earlier to avoid a kernel panic in __save_error_info",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/24/4"
},
{
"name": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39",
"refsource": "CONFIRM",
"url": "http://ftp.osuosl.org/pub/linux/kernel/v2.6/ChangeLog-2.6.39"
}
]
}
} }

138
2011/3xxx/CVE-2011-3299.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2011-3299", "ID": "CVE-2011-3299",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20111005 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml" "lang": "eng",
}, "value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972."
{ }
"name" : "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cisco-sunrpc-inspection-engine-dos(70330)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/70330" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-sunrpc-inspection-engine-dos(70330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70330"
},
{
"name": "20111005 Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-asa.shtml"
},
{
"name": "20111005 Multiple Vulnerabilities in Cisco Firewall Services Module",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20111005-fwsm.shtml"
}
]
}
} }

138
2011/3xxx/CVE-2011-3742.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3742", "ID": "CVE-2011-3742",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/helpcenterlive-2.1.7", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/helpcenterlive-2.1.7" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/helpcenterlive-2.1.7",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/helpcenterlive-2.1.7"
}
]
}
} }

138
2011/3xxx/CVE-2011-3802.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-3802", "ID": "CVE-2011-3802",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2011/06/27/6" "lang": "eng",
}, "value": "StatusNet 0.9.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by tpl/index.php and certain other files."
{ }
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110627 Re: CVE request: Joomla unspecified information disclosure vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/06/27/6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/statusnet-0.9.6"
},
{
"name": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README",
"refsource": "MISC",
"url": "http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README"
}
]
}
} }

148
2011/4xxx/CVE-2011-4211.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2011-4211", "ID": "CVE-2011-4211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.watchfire.com/files/googleappenginesdk.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.watchfire.com/files/googleappenginesdk.pdf" "lang": "eng",
}, "value": "The FakeFile implementation in the sandbox environment in the Google App Engine Python SDK before 1.5.4 does not properly control the opening of files, which allows local users to bypass intended access restrictions and create arbitrary files via ALLOWED_MODES and ALLOWED_DIRS changes within the code parameter to _ah/admin/interactive/execute, a different vulnerability than CVE-2011-1364."
{ }
"name" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes", ]
"refsource" : "MISC", },
"url" : "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50464", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50464" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "google-app-fakefile-priv-esc(71064)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes",
"refsource": "MISC",
"url": "http://code.google.com/p/googleappengine/wiki/SdkReleaseNotes"
},
{
"name": "google-app-fakefile-priv-esc(71064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71064"
},
{
"name": "http://blog.watchfire.com/files/googleappenginesdk.pdf",
"refsource": "MISC",
"url": "http://blog.watchfire.com/files/googleappenginesdk.pdf"
},
{
"name": "50464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50464"
}
]
}
} }

128
2013/0xxx/CVE-2013-0149.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-0149", "ID": "CVE-2013-0149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130801 OSPF LSA Manipulation Vulnerability in Multiple Cisco Products", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf" "lang": "eng",
}, "value": "The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a (1) unicast or (2) multicast packet, aka Bug IDs CSCug34485, CSCug34469, CSCug39762, CSCug63304, and CSCug39795."
{ }
"name" : "VU#229804", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/229804" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130801 OSPF LSA Manipulation Vulnerability in Multiple Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130801-lsaospf"
},
{
"name": "VU#229804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/229804"
}
]
}
} }

188
2013/0xxx/CVE-2013-0619.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-0619", "ID": "CVE-2013-0619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-02.html" "lang": "eng",
}, "value": "Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0620, and CVE-2013-0623."
{ }
"name" : "GLSA-201308-03", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0150", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0150.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:0044", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2013:0047", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html" "name": "SUSE-SU-2013:0044",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00004.html"
"name" : "openSUSE-SU-2013:0138", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html" "name": "SUSE-SU-2013:0047",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00005.html"
"name" : "openSUSE-SU-2013:0193", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html" "name": "openSUSE-SU-2013:0193",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00081.html"
"name" : "oval:org.mitre.oval:def:16413", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16413" "name": "oval:org.mitre.oval:def:16413",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16413"
} },
{
"name": "openSUSE-SU-2013:0138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00028.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-02.html"
},
{
"name": "RHSA-2013:0150",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0150.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
} }

138
2013/0xxx/CVE-2013-0925.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-0925", "ID": "CVE-2013-0925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html" "lang": "eng",
}, "value": "Google Chrome before 26.0.1410.43 does not ensure that an extension has the tabs (aka APIPermission::kTab) permission before providing a URL to this extension, which has unspecified impact and remote attack vectors."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=168442", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=168442" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16363", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16363" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=168442",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=168442"
},
{
"name": "oval:org.mitre.oval:def:16363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16363"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_26.html"
}
]
}
} }

128
2013/1xxx/CVE-2013-1069.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@ubuntu.com",
"ID" : "CVE-2013-1069", "ID": "CVE-2013-1069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034" "lang": "eng",
}, "value": "Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable permissions for txlongpoll.yaml, which allows local users to obtain RabbitMQ authentication credentials by reading the file."
{ }
"name" : "USN-2105-1", ]
"refsource" : "UBUNTU", },
"url" : "http://www.ubuntu.com/usn/USN-2105-1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2105-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2105-1"
},
{
"name": "https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/%2Bsource/maas/%2Bbug/1254034"
}
]
}
} }

118
2013/1xxx/CVE-2013-1385.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-1385", "ID": "CVE-2013-1385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-12.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-12.html" "lang": "eng",
} "value": "Adobe Shockwave Player before 12.0.2.122 does not prevent access to address information, which makes it easier for attackers to bypass the ASLR protection mechanism via unspecified vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-12.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-12.html"
}
]
}
} }

138
2013/1xxx/CVE-2013-1494.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-1494", "ID": "CVE-2013-1494",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:19416", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19416" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:19416",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19416"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
} }

278
2013/1xxx/CVE-2013-1670.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2013-1670", "ID": "CVE-2013-1670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34363", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/34363" "lang": "eng",
}, "value": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site."
{ }
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-42.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-42.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=853709", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=853709" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2699", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2699" ]
}, },
{ "references": {
"name" : "MDVSA-2013:165", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165" "name": "oval:org.mitre.oval:def:17046",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046"
"name" : "RHSA-2013:0820", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0820.html" "name": "DSA-2699",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2699"
"name" : "RHSA-2013:0821", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0821.html" "name": "MDVSA-2013:165",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:165"
"name" : "openSUSE-SU-2013:0831", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=853709",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=853709"
"name" : "openSUSE-SU-2013:0834", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html" "name": "openSUSE-SU-2013:0825",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html"
"name" : "openSUSE-SU-2013:0825", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00010.html" "name": "http://www.mozilla.org/security/announce/2013/mfsa2013-42.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2013/mfsa2013-42.html"
"name" : "openSUSE-SU-2013:0929", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html" "name": "USN-1823-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1823-1"
"name" : "openSUSE-SU-2013:0946", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html" "name": "RHSA-2013:0821",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0821.html"
"name" : "USN-1822-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1822-1" "name": "openSUSE-SU-2013:0929",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00006.html"
"name" : "USN-1823-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1823-1" "name": "93427",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/93427"
"name" : "59865", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59865" "name": "34363",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/34363"
"name" : "93427", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/93427" "name": "openSUSE-SU-2013:0831",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00011.html"
"name" : "oval:org.mitre.oval:def:17046", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17046" "name": "59865",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/59865"
} },
{
"name": "RHSA-2013:0820",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0820.html"
},
{
"name": "openSUSE-SU-2013:0834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00012.html"
},
{
"name": "openSUSE-SU-2013:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00008.html"
},
{
"name": "USN-1822-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1822-1"
}
]
}
} }

148
2013/5xxx/CVE-2013-5017.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@symantec.com",
"ID" : "CVE-2013-5017", "ID": "CVE-2013-5017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00" "lang": "eng",
}, "value": "SNMPConfig.php in the management console in Symantec Web Gateway (SWG) before 5.2.1 allows remote attackers to execute arbitrary commands via unspecified vectors."
{ }
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00", ]
"refsource" : "CONFIRM", },
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "67752", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/67752" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1030443", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1030443" ]
} },
] "references": {
} "reference_data": [
{
"name": "67752",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67752"
},
{
"name": "1030443",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030443"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00"
}
]
}
} }

118
2013/5xxx/CVE-2013-5174.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-5174", "ID": "CVE-2013-5174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2013-10-22-3", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html" "lang": "eng",
} "value": "Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
}
]
}
} }

138
2013/5xxx/CVE-2013-5424.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-5424", "ID": "CVE-2013-5424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938" "lang": "eng",
}, "value": "IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass intended access restrictions, and create new user accounts or execute tasks, by leveraging an expired password for the system-level account."
{ }
"name" : "IC96952", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96952" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "fsm-cve20135424-expired-pw(87486)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87486" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "fsm-cve20135424-expired-pw(87486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87486"
},
{
"name": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5093938"
},
{
"name": "IC96952",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC96952"
}
]
}
} }

32
2013/5xxx/CVE-2013-5728.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-5728", "ID": "CVE-2013-5728",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2014/2xxx/CVE-2014-2204.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2204", "ID": "CVE-2014-2204",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

148
2014/2xxx/CVE-2014-2489.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2014-2489", "ID": "CVE-2014-2489",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534161/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core."
{ }
"name" : "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities", ]
"refsource" : "FULLDISC", },
"url" : "http://seclists.org/fulldisclosure/2014/Dec/23" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2014-0012.html" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2014-0012.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534161/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html"
},
{
"name": "20141205 NEW: VMSA-2014-0012 - VMware vSphere product updates address security vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Dec/23"
}
]
}
} }

178
2014/2xxx/CVE-2014-2994.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2014-2994", "ID": "CVE-2014-2994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "32997", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/32997" "lang": "eng",
}, "value": "Stack-based buffer overflow in Acunetix Web Vulnerability Scanner (WVS) 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL (src attribute)."
{ }
"name" : "http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html", ]
"refsource" : "MISC", },
"url" : "http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/", "description": [
"refsource" : "MISC", {
"url" : "http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html" "name": "http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/126306/Acunetix-8-Stack-Buffer-Overflow.html"
"name" : "https://www.youtube.com/watch?v=RHaMx8K1GeM", },
"refsource" : "MISC", {
"url" : "https://www.youtube.com/watch?v=RHaMx8K1GeM" "name": "http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/",
}, "refsource": "CONFIRM",
{ "url": "http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/"
"name" : "http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/", },
"refsource" : "CONFIRM", {
"url" : "http://www.acunetix.com/blog/news/misleading-reports-0-day-acunetix-wvs/" "name": "https://www.youtube.com/watch?v=RHaMx8K1GeM",
} "refsource": "MISC",
] "url": "https://www.youtube.com/watch?v=RHaMx8K1GeM"
} },
{
"name": "32997",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/32997"
},
{
"name": "http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html",
"refsource": "MISC",
"url": "http://an7isec.blogspot.co.il/2014/04/pown-noobs-acunetix-0day.html"
},
{
"name": "http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/126307/Acunetix-8-Scanner-Buffer-Overflow.html"
},
{
"name": "http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/",
"refsource": "MISC",
"url": "http://osandamalith.wordpress.com/2014/04/24/pwning-script-kiddies-acunetix-buffer-overflow/"
}
]
}
} }

128
2017/0xxx/CVE-2017-0313.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"ID" : "CVE-2017-0313", "ID": "CVE-2017-0313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows GPU Display Driver", "product_name": "Windows GPU Display Driver",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service, Escalation of Privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41365", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41365/" "lang": "eng",
}, "value": "All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where untrusted input is used to reference memory outside of the intended boundary of the buffer leading to denial of service or escalation of privileges."
{ }
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398", ]
"refsource" : "CONFIRM", },
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4398" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4398"
},
{
"name": "41365",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41365/"
}
]
}
} }

138
2017/0xxx/CVE-2017-0373.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-0373", "ID": "CVE-2017-0373",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "libconfig-model-perl", "product_name": "libconfig-model-perl",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "libconfig-model-perl" "version_value": "libconfig-model-perl"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "library mishandling"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes" "lang": "eng",
}, "value": "The gen_class_pod implementation in lib/Config/Model/Utils/GenClassPod.pm in Config-Model (aka libconfig-model-perl) before 2.102 has a dangerous \"use lib\" line, which allows remote attackers to have an unspecified impact via a crafted Debian package file."
{ }
"name" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773", ]
"refsource" : "CONFIRM", },
"url" : "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-0373", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-0373" "lang": "eng",
} "value": "library mishandling"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773"
},
{
"name": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/DDUMONT/Config-Model-2.102/Changes"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0373",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0373"
}
]
}
} }

184
2017/0xxx/CVE-2017-0402.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0402", "ID": "CVE-2017-0402",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-4.4.4" "version_value": "Android-4.4.4"
}, },
{ {
"version_value" : "Android-5.0.2" "version_value": "Android-5.0.2"
}, },
{ {
"version_value" : "Android-5.1.1" "version_value": "Android-5.1.1"
}, },
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1" "version_value": "Android-7.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac" "lang": "eng",
}, "value": "An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341."
{ }
"name" : "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57", ]
"refsource" : "CONFIRM", },
"url" : "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://source.android.com/security/bulletin/2017-01-01.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-01-01.html" "lang": "eng",
}, "value": "Information disclosure"
{ }
"name" : "95226", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/95226" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-01-01.html",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-01-01.html"
},
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"
},
{
"name": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57"
},
{
"name": "95226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95226"
}
]
}
} }

156
2017/0xxx/CVE-2017-0486.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2017-0486", "ID": "CVE-2017-0486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-6.0" "version_value": "Android-6.0"
}, },
{ {
"version_value" : "Android-6.0.1" "version_value": "Android-6.0.1"
}, },
{ {
"version_value" : "Android-7.0" "version_value": "Android-7.0"
}, },
{ {
"version_value" : "Android-7.1.1" "version_value": "Android-7.1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-03-01" "lang": "eng",
}, "value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215."
{ }
"name" : "96733", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96733" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037968", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037968" "lang": "eng",
} "value": "Denial of service"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96733"
}
]
}
} }

154
2017/0xxx/CVE-2017-0736.json
View File

@ -1,80 +1,80 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2017-08-07T00:00:00", "DATE_PUBLIC": "2017-08-07T00:00:00",
"ID" : "CVE-2017-0736", "ID": "CVE-2017-0736",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-08-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-08-01" "lang": "eng",
}, "value": "A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-38487564."
{ }
"name" : "100204", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100204" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100204"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
}
]
}
} }

32
2017/1000xxx/CVE-2017-1000162.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-1000162", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-1000162",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-2017-12476. Reason: This candidate is a reservation duplicate of CVE-2017-12474, CVE-2017-12475, and CVE-2017-12476. Notes: All CVE users should reference CVE-2017-12474, CVE-2017-12475, and/or CVE-2017-12476 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-12474, CVE-2017-12475, CVE-2017-12476. Reason: This candidate is a reservation duplicate of CVE-2017-12474, CVE-2017-12475, and CVE-2017-12476. Notes: All CVE users should reference CVE-2017-12474, CVE-2017-12475, and/or CVE-2017-12476 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

238
2017/1000xxx/CVE-2017-1000385.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-1000385", "ID": "CVE-2017-1000385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[erlang-questions] 20171123 Patch Package: OTP 18.3.4.7", "description_data": [
"refsource" : "MLIST", {
"url" : "http://erlang.org/pipermail/erlang-questions/2017-November/094257.html" "lang": "eng",
}, "value": "The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This allows an attacker to decrypt content or sign messages with the server's private key (this is a variation of the Bleichenbacher attack)."
{ }
"name" : "[erlang-questions] 20171123 Patch Package: OTP 19.3.6.4", ]
"refsource" : "MLIST", },
"url" : "http://erlang.org/pipermail/erlang-questions/2017-November/094256.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[erlang-questions] 20171123 Patch Package: OTP 20.1.7", "description": [
"refsource" : "MLIST", {
"url" : "http://erlang.org/pipermail/erlang-questions/2017-November/094255.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[debian-lts-announce] 20171215 [SECURITY] [DLA 1207-1] erlang security update", ]
"refsource" : "MLIST", }
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html" ]
}, },
{ "references": {
"name" : "https://robotattack.org/", "reference_data": [
"refsource" : "MISC", {
"url" : "https://robotattack.org/" "name": "USN-3571-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3571-1/"
"name" : "DSA-4057", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2017/dsa-4057" "name": "RHSA-2018:0528",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0528"
"name" : "RHSA-2018:0242", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0242" "name": "[erlang-questions] 20171123 Patch Package: OTP 18.3.4.7",
}, "refsource": "MLIST",
{ "url": "http://erlang.org/pipermail/erlang-questions/2017-November/094257.html"
"name" : "RHSA-2018:0303", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0303" "name": "[debian-lts-announce] 20171215 [SECURITY] [DLA 1207-1] erlang security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00010.html"
"name" : "RHSA-2018:0368", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0368" "name": "RHSA-2018:0242",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0242"
"name" : "RHSA-2018:0528", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0528" "name": "https://robotattack.org/",
}, "refsource": "MISC",
{ "url": "https://robotattack.org/"
"name" : "USN-3571-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3571-1/" "name": "[erlang-questions] 20171123 Patch Package: OTP 19.3.6.4",
}, "refsource": "MLIST",
{ "url": "http://erlang.org/pipermail/erlang-questions/2017-November/094256.html"
"name" : "VU#144389", },
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/144389" "name": "DSA-4057",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2017/dsa-4057"
"name" : "102197", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102197" "name": "RHSA-2018:0368",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:0368"
} },
{
"name": "RHSA-2018:0303",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0303"
},
{
"name": "[erlang-questions] 20171123 Patch Package: OTP 20.1.7",
"refsource": "MLIST",
"url": "http://erlang.org/pipermail/erlang-questions/2017-November/094255.html"
},
{
"name": "102197",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102197"
},
{
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/144389"
}
]
}
} }

158
2017/12xxx/CVE-2017-12377.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-12377", "ID": "CVE-2017-12377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ClamAV AntiVirus software versions 0.99.2 and prior", "product_name": "ClamAV AntiVirus software versions 0.99.2 and prior",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ClamAV AntiVirus software versions 0.99.2 and prior" "version_value": "ClamAV AntiVirus software versions 0.99.2 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" "lang": "eng",
}, "value": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device."
{ }
"name" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", ]
"refsource" : "CONFIRM", },
"url" : "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.clamav.net/show_bug.cgi?id=11943" "lang": "eng",
}, "value": "heap overflow"
{ }
"name" : "USN-3550-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3550-1/" ]
}, },
{ "references": {
"name" : "USN-3550-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3550-2/" "name": "USN-3550-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3550-1/"
} },
{
"name": "USN-3550-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3550-2/"
},
{
"name": "https://bugzilla.clamav.net/show_bug.cgi?id=11943",
"refsource": "CONFIRM",
"url": "https://bugzilla.clamav.net/show_bug.cgi?id=11943"
},
{
"name": "[debian-lts-announce] 20180128 [SECURITY] [DLA 1261-1] clamav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html"
},
{
"name": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html",
"refsource": "CONFIRM",
"url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html"
}
]
}
} }

118
2017/12xxx/CVE-2017-12798.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12798", "ID": "CVE-2017-12798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lu4n.com/cve/6.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://lu4n.com/cve/6.txt" "lang": "eng",
} "value": "Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lu4n.com/cve/6.txt",
"refsource": "MISC",
"url": "http://lu4n.com/cve/6.txt"
}
]
}
} }

138
2017/16xxx/CVE-2017-16403.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-16403", "ID": "CVE-2017-16403",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of the image conversion module that processes Enhanced Metafile Format Plus (EMF+) data. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
{ }
"name" : "102140", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039791", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039791" "lang": "eng",
} "value": "Out-of-bounds Read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name": "102140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102140"
}
]
}
} }

138
2017/16xxx/CVE-2017-16405.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2017-16405", "ID": "CVE-2017-16405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions", "product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions" "version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is part of Acrobat's page display functionality. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure."
{ }
"name" : "102140", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102140" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039791", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039791" "lang": "eng",
} "value": "Out-of-bounds Read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name": "102140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102140"
}
]
}
} }

32
2017/16xxx/CVE-2017-16456.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-16456", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-16456",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

128
2017/16xxx/CVE-2017-16609.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-16609", "ID": "CVE-2017-16609",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NetGain Systems Enterprise Manager", "product_name": "NetGain Systems Enterprise Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v7.2.586 build 877" "version_value": "v7.2.586 build 877"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NetGain Systems" "vendor_name": "NetGain Systems"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-39-Path Traversal: 'C:dirname'"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-951", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-951" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Netgain Enterprise Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within download.jsp. The issue results from the lack of proper validation of a user-supplied string before using it to download a file. An attacker can leverage this vulnerability to expose sensitive information. Was ZDI-CAN-4750."
{ }
"name" : "https://www.tenable.com/security/research/tra-2018-02", ]
"refsource" : "MISC", },
"url" : "https://www.tenable.com/security/research/tra-2018-02" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-39-Path Traversal: 'C:dirname'"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-951",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-951"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-02",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-02"
}
]
}
} }

138
2017/16xxx/CVE-2017-16758.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-16758", "ID": "CVE-2017-16758",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"access_token\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://packetstormsecurity.com/files/144921/WordPress-Ultimate-Instagram-Feed-1.2-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://packetstormsecurity.com/files/144921/WordPress-Ultimate-Instagram-Feed-1.2-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin/partials/uif-access-token-display.php in the Ultimate Instagram Feed plugin before 1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"access_token\" parameter."
{ }
"name" : "https://plugins.trac.wordpress.org/changeset/1758562/ultimate-instagram-feed", ]
"refsource" : "MISC", },
"url" : "https://plugins.trac.wordpress.org/changeset/1758562/ultimate-instagram-feed" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wpvulndb.com/vulnerabilities/8947", "description": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/8947" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8947",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8947"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1758562/ultimate-instagram-feed",
"refsource": "MISC",
"url": "https://plugins.trac.wordpress.org/changeset/1758562/ultimate-instagram-feed"
},
{
"name": "https://packetstormsecurity.com/files/144921/WordPress-Ultimate-Instagram-Feed-1.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/144921/WordPress-Ultimate-Instagram-Feed-1.2-Cross-Site-Scripting.html"
}
]
}
} }

158
2017/16xxx/CVE-2017-16997.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@debian.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2017-16997", "ID": "CVE-2017-16997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "glibc 2.19 through 2.26", "product_name": "glibc 2.19 through 2.26",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "glibc 2.19 through 2.26" "version_value": "glibc 2.19 through 2.26"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "improper RPATH/RUNPATH validation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/884615", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/884615" "lang": "eng",
}, "value": "elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \"./\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution."
{ }
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22625", ]
"refsource" : "CONFIRM", },
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22625" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html" "lang": "eng",
}, "value": "improper RPATH/RUNPATH validation"
{ }
"name" : "RHSA-2018:3092", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3092" ]
}, },
{ "references": {
"name" : "102228", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/102228" "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22625",
} "refsource": "CONFIRM",
] "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22625"
} },
{
"name": "102228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102228"
},
{
"name": "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html",
"refsource": "CONFIRM",
"url": "https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html"
},
{
"name": "https://bugs.debian.org/884615",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/884615"
},
{
"name": "RHSA-2018:3092",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3092"
}
]
}
} }

32
2017/4xxx/CVE-2017-4524.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4524", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4524",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4594.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4594", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4594",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4670.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4670", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4670",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/4xxx/CVE-2017-4818.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-4818", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-4818",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

130
2018/5xxx/CVE-2018-5451.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-03-27T00:00:00", "DATE_PUBLIC": "2018-03-27T00:00:00",
"ID" : "CVE-2018-5451", "ID": "CVE-2018-5451",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Philips Alice 6 System", "product_name": "Philips Alice 6 System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version R8.0.2 or prior." "version_value": "Version R8.0.2 or prior."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Philips" "vendor_name": "Philips"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER AUTHENTICATION CWE-287"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01" "lang": "eng",
}, "value": "In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code."
{ }
"name" : "103537", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103537" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "IMPROPER AUTHENTICATION CWE-287"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01"
},
{
"name": "103537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103537"
}
]
}
} }

32
2018/5xxx/CVE-2018-5557.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5557", "ID": "CVE-2018-5557",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/5xxx/CVE-2018-5706.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5706", "ID": "CVE-2018-5706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/OctopusDeploy/Issues/issues/4167", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/OctopusDeploy/Issues/issues/4167" "lang": "eng",
} "value": "An issue was discovered in Octopus Deploy before 4.1.9. Any user with user editing permissions can modify teams to give themselves Administer System permissions even if they didn't have them, as demonstrated by use of the RoleEdit or TeamEdit permission."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OctopusDeploy/Issues/issues/4167",
"refsource": "CONFIRM",
"url": "https://github.com/OctopusDeploy/Issues/issues/4167"
}
]
}
} }

32
2018/5xxx/CVE-2018-5945.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5945", "ID": "CVE-2018-5945",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }