admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:43:15 +00:00
parent 26564f5ae6
commit d58d3446d3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3387 additions and 3387 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0028.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020106 ICQ remote buffer overflow vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101043894627851&w=2"
},
{
"name" : "20020107 ICQ remote buffer overflow vulnerability",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=101043076806401&w=2"
},
{
"name" : "CA-2002-02",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-02.html"
},
{
"name" : "VU#570167",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/570167"
},
{
"name" : "3813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3813"
},
{
"name" : "aim-game-overflow(7743)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-02",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-02.html"
},
{
"name": "20020106 ICQ remote buffer overflow vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101043894627851&w=2"
},
{
"name": "aim-game-overflow(7743)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7743"
},
{
"name": "VU#570167",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/570167"
},
{
"name": "3813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3813"
},
{
"name": "20020107 ICQ remote buffer overflow vulnerability",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=101043076806401&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0257.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101328880521775&w=2"
},
{
"name" : "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html",
"refsource" : "CONFIRM",
"url" : "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"name" : "makebid-description-css(8161)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8161.php"
},
{
"name" : "4069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html",
"refsource": "CONFIRM",
"url": "http://www.netcreations.addr.com/dcforum/DCForumID2/126.html"
},
{
"name": "20020209 Account theft vulnerability in MakeBid Auction Deluxe 3.30",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101328880521775&w=2"
},
{
"name": "makebid-description-css(8161)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8161.php"
},
{
"name": "4069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4069"
}
]
}
}

170
2002/0xxx/CVE-2002-0770.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand \"$\" macros, which causes the server to expand the macros and leak the information, as demonstrated using \"say $rcon_password.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020514 Remote quake 2 3.2x server cvar leak",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/272548"
},
{
"name" : "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160",
"refsource" : "MISC",
"url" : "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160"
},
{
"name" : "VU#970915",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/970915"
},
{
"name" : "4744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4744"
},
{
"name" : "11187",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11187"
},
{
"name" : "quake2-unexpanded-var-disclosure(9095)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9095.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand \"$\" macros, which causes the server to expand the macros and leak the information, as demonstrated using \"say $rcon_password.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quake2-unexpanded-var-disclosure(9095)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9095.php"
},
{
"name": "20020514 Remote quake 2 3.2x server cvar leak",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/272548"
},
{
"name": "VU#970915",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/970915"
},
{
"name": "11187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11187"
},
{
"name": "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160",
"refsource": "MISC",
"url": "http://www.quakesrc.org/forum/topicDisplay.php?topicID=160"
},
{
"name": "4744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4744"
}
]
}
}

160
2002/0xxx/CVE-2002-0935.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html"
},
{
"name" : "20020620 KPMG-2002025: Apache Tomcat Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/277940"
},
{
"name" : "tomcat-null-thread-dos(9396)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9396.php"
},
{
"name" : "5067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5067"
},
{
"name" : "5051",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020620 KPMG-2002025: Apache Tomcat Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/277940"
},
{
"name": "20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html"
},
{
"name": "5051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5051"
},
{
"name": "5067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5067"
},
{
"name": "tomcat-null-thread-dos(9396)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9396.php"
}
]
}
}

150
2002/1xxx/CVE-2002-1309.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html"
},
{
"name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html"
},
{
"name" : "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&r=1&b=200211&w=2"
},
{
"name" : "AD20021112",
"refsource" : "EEYE",
"url" : "http://www.eeye.com/html/Research/Advisories/AD20021112.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&r=1&b=200211&w=2"
},
{
"name": "AD20021112",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20021112.html"
},
{
"name": "20021112 EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0149.html"
},
{
"name": "20021119 Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0080.html"
}
]
}
}

240
2002/1xxx/CVE-2002-1347.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021209 Cyrus SASL library buffer overflows",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103946297703402&w=2"
},
{
"name" : "APPLE-SA-2005-03-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name" : "000557",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"
},
{
"name" : "DSA-215",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-215"
},
{
"name" : "200212-10",
"refsource" : "GENTOO",
"url" : "http://www.securityfocus.com/advisories/4826"
},
{
"name" : "RHSA-2002:283",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-283.html"
},
{
"name" : "SuSE-SA:2002:048",
"refsource" : "SUSE",
"url" : "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"
},
{
"name" : "6347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6347"
},
{
"name" : "6348",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6348"
},
{
"name" : "6349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6349"
},
{
"name" : "cyrus-sasl-username-bo(10810)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"
},
{
"name" : "cyrus-sasl-saslauthd-bo(10811)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"
},
{
"name" : "cyrus-sasl-logwriter-bo(10812)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cyrus-sasl-logwriter-bo(10812)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10812"
},
{
"name": "SuSE-SA:2002:048",
"refsource": "SUSE",
"url": "http://archives.neohapsis.com/archives/linux/suse/2002-q4/1275.html"
},
{
"name": "000557",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000557"
},
{
"name": "6349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6349"
},
{
"name": "20021209 Cyrus SASL library buffer overflows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103946297703402&w=2"
},
{
"name": "DSA-215",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-215"
},
{
"name": "cyrus-sasl-saslauthd-bo(10811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10811"
},
{
"name": "6348",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6348"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "6347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6347"
},
{
"name": "200212-10",
"refsource": "GENTOO",
"url": "http://www.securityfocus.com/advisories/4826"
},
{
"name": "cyrus-sasl-username-bo(10810)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10810"
},
{
"name": "RHSA-2002:283",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-283.html"
}
]
}
}

180
2002/1xxx/CVE-2002-1637.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name" : "VU#712723",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/712723"
},
{
"name" : "default-oracle-system(968)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/968"
},
{
"name" : "default-oracle-sys(969)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/969"
},
{
"name" : "default-oracle-scott(970)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/970"
},
{
"name" : "default-oracle-apps(971)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/971"
},
{
"name" : "default-oracle-applsys(972)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "default-oracle-applsys(972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/972"
},
{
"name": "VU#712723",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/712723"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "default-oracle-system(968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/968"
},
{
"name": "default-oracle-apps(971)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/971"
},
{
"name": "default-oracle-sys(969)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/969"
},
{
"name": "default-oracle-scott(970)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/970"
}
]
}
}

360
2003/0xxx/CVE-2003-0028.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030319 EEYE: XDR Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104810574423662&w=2"
},
{
"name" : "20030331 GLSA: dietlibc (200303-29)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name" : "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name" : "20030319 RE: EEYE: XDR Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name" : "20030319 EEYE: XDR Integer Overflow",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name" : "AD20030318",
"refsource" : "EEYE",
"url" : "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20150122-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name" : "CA-2003-10",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"name" : "VU#516825",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/516825"
},
{
"name" : "DSA-282",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-282"
},
{
"name" : "RHSA-2003:051",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name" : "RHSA-2003:052",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name" : "RHSA-2003:089",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name" : "RHSA-2003:091",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name" : "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104811415301340&w=2"
},
{
"name" : "ESA-20030321-010",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name" : "DSA-266",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-266"
},
{
"name" : "DSA-272",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-272"
},
{
"name" : "20030325 GLSA: glibc (200303-22)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=104860855114117&w=2"
},
{
"name" : "MDKSA-2003:037",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name" : "NetBSD-SA2003-008",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name" : "SuSE-SA:2003:027",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name" : "2003-0014",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=104878237121402&w=2"
},
{
"name" : "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105362148313082&w=2"
},
{
"name" : "oval:org.mitre.oval:def:230",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different vulnerability than CVE-2002-0391."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ESA-20030321-010",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3024.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0140.html"
},
{
"name": "MDKSA-2003:037",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:037"
},
{
"name": "RHSA-2003:052",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-052.html"
},
{
"name": "CA-2003-10",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-10.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20150122-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20150122-0002/"
},
{
"name": "DSA-282",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-282"
},
{
"name": "20030331 GLSA: krb5 & mit-krb5 (200303-28)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316960/30/25250/threaded"
},
{
"name": "SuSE-SA:2003:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2003_027_glibc.html"
},
{
"name": "20030319 RE: EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/315638/30/25430/threaded"
},
{
"name": "RHSA-2003:091",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-091.html"
},
{
"name": "AD20030318",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/Research/Advisories/AD20030318.html"
},
{
"name": "VU#516825",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/516825"
},
{
"name": "20030325 GLSA: glibc (200303-22)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104860855114117&w=2"
},
{
"name": "NetBSD-SA2003-008",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-008.txt.asc"
},
{
"name": "2003-0014",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=104878237121402&w=2"
},
{
"name": "20030331 GLSA: dietlibc (200303-29)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316931/30/25250/threaded"
},
{
"name": "RHSA-2003:051",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-051.html"
},
{
"name": "20030319 EEYE: XDR Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104810574423662&w=2"
},
{
"name": "oval:org.mitre.oval:def:230",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A230"
},
{
"name": "DSA-266",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-266"
},
{
"name": "RHSA-2003:089",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-089.html"
},
{
"name": "20030319 MITKRB5-SA-2003-003: faulty length checks in xdrmem_getbytes",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104811415301340&w=2"
},
{
"name": "20030522 [slackware-security] glibc XDR overflow fix (SSA:2003-141-03)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105362148313082&w=2"
},
{
"name": "DSA-272",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-272"
}
]
}
}

160
2003/0xxx/CVE-2003-0092.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/316948/30/25250/threaded"
},
{
"name" : "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html"
},
{
"name" : "52388",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1"
},
{
"name" : "7240",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7240"
},
{
"name" : "oval:org.mitre.oval:def:1905",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1905",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1905"
},
{
"name": "7240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7240"
},
{
"name": "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/316948/30/25250/threaded"
},
{
"name": "52388",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-52388-1"
},
{
"name": "20030331 NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0163.html"
}
]
}
}

160
2003/0xxx/CVE-2003-0334.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030510 BitchX: Crash when channel modes change",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105259643606984&w=2"
},
{
"name" : "CLA-2003:655",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655"
},
{
"name" : "MDKSA-2003:069",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069"
},
{
"name" : "7551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7551"
},
{
"name" : "bitchx-mode-change-dos(12008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a denial of service (core dump) via certain channel mode changes that are not properly handled in names.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bitchx-mode-change-dos(12008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12008"
},
{
"name": "7551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7551"
},
{
"name": "20030510 BitchX: Crash when channel modes change",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105259643606984&w=2"
},
{
"name": "MDKSA-2003:069",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:069"
},
{
"name": "CLA-2003:655",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000655"
}
]
}
}

160
2003/0xxx/CVE-2003-0850.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031027 Libnids <= 1.17 buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106728224210446&w=2"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=191323",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=191323"
},
{
"name" : "CLA-2003:773",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773"
},
{
"name" : "DSA-410",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-410"
},
{
"name" : "10543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause \"memory corruption\" and possibly execute arbitrary code via \"overlarge TCP packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10543"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=191323",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=191323"
},
{
"name": "CLA-2003:773",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000773"
},
{
"name": "20031027 Libnids <= 1.17 buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106728224210446&w=2"
},
{
"name": "DSA-410",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-410"
}
]
}
}

160
2003/1xxx/CVE-2003-1079.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "50626",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1"
},
{
"name" : "6883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6883"
},
{
"name" : "1006131",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1006131"
},
{
"name" : "8092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/8092/"
},
{
"name" : "solaris-udp-rpc-dos(11368)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC, and 2.5.1 through 8 for x86, allows remote attackers to cause a denial of service (memory consumption) via certain arguments in RPC calls that cause large amounts of memory to be allocated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-udp-rpc-dos(11368)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11368"
},
{
"name": "1006131",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006131"
},
{
"name": "6883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6883"
},
{
"name": "8092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8092/"
},
{
"name": "50626",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-50626-1"
}
]
}
}

140
2003/1xxx/CVE-2003-1380.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/312032"
},
{
"name" : "6873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6873"
},
{
"name" : "bisonftp-ls-view-files(11347)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in BisonFTP Server 4 release 2 allows remote attackers to (1) list directories above the root via an 'ls @../' command, or (2) list files above the root via a \"mget @../FILE\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030217 [immune advisory] Mulitple vulnerabilities found in BisonFTP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/312032"
},
{
"name": "6873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6873"
},
{
"name": "bisonftp-ls-view-files(11347)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11347"
}
]
}
}

150
2003/1xxx/CVE-2003-1567.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031227 AQ-2003-02: Microsoft IIS Logging Failure",
"refsource" : "NTBUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html"
},
{
"name" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"refsource" : "MISC",
"url" : "http://www.aqtronix.com/Advisories/AQ-2003-02.txt"
},
{
"name" : "VU#288308",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/288308"
},
{
"name" : "5648",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5648"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20031227 AQ-2003-02: Microsoft IIS Logging Failure",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html"
},
{
"name": "VU#288308",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/288308"
},
{
"name": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt",
"refsource": "MISC",
"url": "http://www.aqtronix.com/Advisories/AQ-2003-02.txt"
},
{
"name": "5648",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5648"
}
]
}
}

160
2012/0xxx/CVE-2012-0522.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "53053",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53053"
},
{
"name" : "1026949",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026949"
},
{
"name" : "48863",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48863"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53053"
},
{
"name": "1026949",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026949"
},
{
"name": "48863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48863"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2012/0xxx/CVE-2012-0816.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0816",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0816",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/0xxx/CVE-2012-0846.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120119 Webcalendar 1.2.4 'location' XSS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0129.html"
},
{
"name" : "[oss-security] 20120211 CVE-request: Webcalendar 1.2.4 location XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/11/2"
},
{
"name" : "[oss-security] 20120211 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/12/1"
},
{
"name" : "[oss-security] 20120212 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/12/3"
},
{
"name" : "[oss-security] 20120213 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/02/13/6"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870"
},
{
"name" : "51600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51600"
},
{
"name" : "webcalendar-location-xss(72563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120211 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/1"
},
{
"name": "webcalendar-location-xss(72563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72563"
},
{
"name": "[oss-security] 20120213 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/13/6"
},
{
"name": "[oss-security] 20120211 CVE-request: Webcalendar 1.2.4 location XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/11/2"
},
{
"name": "[oss-security] 20120212 Re: CVE-request: Webcalendar 1.2.4 location XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/02/12/3"
},
{
"name": "20120119 Webcalendar 1.2.4 'location' XSS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0129.html"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3488543&group_id=3870&atid=303870"
},
{
"name": "51600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51600"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870"
}
]
}
}

34
2012/1xxx/CVE-2012-1161.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1161",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1161",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/1xxx/CVE-2012-1501.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1501",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-1501",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

170
2012/1xxx/CVE-2012-1535.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1535",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1535",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-18.html"
},
{
"name" : "GLSA-201209-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-01.xml"
},
{
"name" : "HPSBMU02948",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139455789818399&w=2"
},
{
"name" : "RHSA-2012:1203",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1203.html"
},
{
"name" : "SUSE-SU-2012:1001",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html"
},
{
"name" : "openSUSE-SU-2012:0996",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-18.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-18.html"
},
{
"name": "RHSA-2012:1203",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1203.html"
},
{
"name": "GLSA-201209-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-01.xml"
},
{
"name": "HPSBMU02948",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139455789818399&w=2"
},
{
"name": "SUSE-SU-2012:1001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00012.html"
},
{
"name": "openSUSE-SU-2012:0996",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html"
}
]
}
}

150
2012/1xxx/CVE-2012-1916.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://en.securitylab.ru/lab/PT-2011-48",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2011-48"
},
{
"name" : "http://atmail.org/download/atmailopen.tgz",
"refsource" : "CONFIRM",
"url" : "http://atmail.org/download/atmailopen.tgz"
},
{
"name" : "VU#743555",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/743555"
},
{
"name" : "47012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47012"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote attackers to execute arbitrary code via an e-mail attachment with an executable extension, leading to the creation of an executable file under tmp/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://en.securitylab.ru/lab/PT-2011-48",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2011-48"
},
{
"name": "http://atmail.org/download/atmailopen.tgz",
"refsource": "CONFIRM",
"url": "http://atmail.org/download/atmailopen.tgz"
},
{
"name": "VU#743555",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743555"
},
{
"name": "47012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47012"
}
]
}
}

34
2012/4xxx/CVE-2012-4042.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4042",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4042",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/4xxx/CVE-2012-4592.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10022",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10022"
},
{
"name" : "mcafee-emm-portal-info-disc(78220)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 does not set the secure flag for the ASP.NET session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mcafee-emm-portal-info-disc(78220)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78220"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10022"
}
]
}
}

34
2012/5xxx/CVE-2012-5768.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5768",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5768",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/5xxx/CVE-2012-5943.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-5943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628658",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21628658"
},
{
"name" : "inotes-mail-xss(80538)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before 8.5.3 FP4 allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving mail, aka SPR JDOE8ZZS9."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inotes-mail-xss(80538)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80538"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21628658",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21628658"
}
]
}
}

34
2017/2xxx/CVE-2017-2072.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2072",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2072",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

152
2017/2xxx/CVE-2017-2887.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-2887",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Simple Direct Media",
"version" : {
"version_data" : [
{
"version_value" : "Simple DirectMedia Layer SDL_image 2.0.1"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-2887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Simple Direct Media",
"version": {
"version_data": [
{
"version_value": "Simple DirectMedia Layer SDL_image 2.0.1"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
},
{
"name" : "DSA-4177",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4177"
},
{
"name" : "DSA-4184",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4184"
},
{
"name" : "101215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4177",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4177"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394"
},
{
"name": "101215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101215"
},
{
"name": "DSA-4184",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4184"
}
]
}
}

140
2017/3xxx/CVE-2017-3240.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3240",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Oracle Database",
"version" : {
"version_data" : [
{
"version_value" : "12.1.0.2"
}
]
}
}
]
},
"vendor_name" : "Oracle"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Oracle Database",
"version": {
"version_data": [
{
"version_value": "12.1.0.2"
}
]
}
}
]
},
"vendor_name": "Oracle"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name" : "95477",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95477"
},
{
"name" : "1037630",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037630"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Security accessible data. CVSS v3.0 Base Score 3.3 (Confidentiality impacts)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1037630",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037630"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
},
{
"name": "95477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95477"
}
]
}
}

150
2017/3xxx/CVE-2017-3484.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3484",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Enterprise Limits and Collateral Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.0"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Enterprise Limits and Collateral Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97786"
},
{
"name" : "1038304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily \"exploitable\" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Enterprise Limits and Collateral Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Enterprise Limits and Collateral Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97786"
}
]
}
}

190
2017/3xxx/CVE-2017-3487.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-3487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.1"
},
{
"version_affected" : "=",
"version_value" : "12.0.2"
},
{
"version_affected" : "=",
"version_value" : "12.0.3"
},
{
"version_affected" : "=",
"version_value" : "12.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-3487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.1"
},
{
"version_affected": "=",
"version_value": "12.0.2"
},
{
"version_affected": "=",
"version_value": "12.0.3"
},
{
"version_affected": "=",
"version_value": "12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.2.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name" : "97871",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97871"
},
{
"name" : "1038304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "1038304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038304"
},
{
"name": "97871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97871"
}
]
}
}

140
2017/3xxx/CVE-2017-3790.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-3790",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-3790",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable",
"version": {
"version_data": [
{
"version_value": "Cisco Expressway Series Software and Cisco TelePresence VCS Software All versions prior to version X8.8.2 are vulnerable"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway"
},
{
"name" : "95786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95786"
},
{
"name" : "1037697",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient size validation of user-supplied data. An attacker could exploit this vulnerability by sending crafted H.224 data in Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could allow the attacker to overflow a buffer in a cache that belongs to the received packet parser, which will result in a crash of the application, resulting in a DoS condition. All versions of Cisco Expressway Series Software and Cisco TelePresence VCS Software prior to version X8.8.2 are vulnerable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. Cisco Bug IDs: CSCus99263."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway"
},
{
"name": "95786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95786"
},
{
"name": "1037697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037697"
}
]
}
}

130
2017/6xxx/CVE-2017-6016.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA",
"version" : {
"version_data" : [
{
"version_value" : "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA",
"version": {
"version_data": [
{
"version_value": "LCDS Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"
},
{
"name" : "96942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96942"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Access Control issue was discovered in LCDS - Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA. The following versions are affected: Versions 4.1 and prior versions released before January 20, 2017. An Improper Access Control vulnerability has been identified, which may allow an authenticated user to modify application files to escalate privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96942"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-075-01"
}
]
}
}

140
2017/6xxx/CVE-2017-6096.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41438",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41438/"
},
{
"name" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin",
"refsource" : "MISC",
"url" : "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8740",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8740"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8740",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8740"
},
{
"name": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin",
"refsource": "MISC",
"url": "https://github.com/hamkovic/Mail-Masta-Wordpress-Plugin"
},
{
"name": "41438",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41438/"
}
]
}
}

130
2017/6xxx/CVE-2017-6401.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6",
"refsource" : "CONFIRM",
"url" : "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
},
{
"name" : "96493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Veritas NetBackup before 8.0 and NetBackup Appliance before 3.0. Local arbitrary command execution can occur when using bpcd and bpnbat."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96493"
},
{
"name": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6",
"refsource": "CONFIRM",
"url": "https://www.veritas.com/content/support/en_US/security/VTS17-003.html#Issue6"
}
]
}
}

130
2017/6xxx/CVE-2017-6518.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://daimacn.com/?id=6",
"refsource" : "MISC",
"url" : "http://daimacn.com/?id=6"
},
{
"name" : "97152",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in SANADATA SanaCMS 7.3 allows remote attackers to inject arbitrary web script or HTML via the txtFrom parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://daimacn.com/?id=6",
"refsource": "MISC",
"url": "http://daimacn.com/?id=6"
},
{
"name": "97152",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97152"
}
]
}
}

34
2017/6xxx/CVE-2017-6524.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6524",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6524",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/7xxx/CVE-2017-7222.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a",
"refsource" : "CONFIRM",
"url" : "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a"
},
{
"name" : "https://mantisbt.org/bugs/view.php?id=22266",
"refsource" : "CONFIRM",
"url" : "https://mantisbt.org/bugs/view.php?id=22266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. This requires privileged access to MantisBT configuration management pages (i.e., administrator access rights) or altering the system configuration file (config_inc.php)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://mantisbt.org/bugs/view.php?id=22266",
"refsource": "CONFIRM",
"url": "https://mantisbt.org/bugs/view.php?id=22266"
},
{
"name": "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a",
"refsource": "CONFIRM",
"url": "http://github.com/mantisbt/mantisbt/commit/a85b0b96c8ebe3e010d0d016cf88ab3c8bfc196a"
}
]
}
}

262
2017/7xxx/CVE-2017-7539.json
View File

@ -1,133 +1,133 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-7539",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Qemu",
"version" : {
"version_data" : [
{
"version_value" : "2.10.1"
}
]
}
}
]
},
"vendor_name" : "QEMU"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
],
[
{
"vectorString" : "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version" : "2.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-617"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-7539",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Qemu",
"version": {
"version_data": [
{
"version_value": "2.10.1"
}
]
}
}
]
},
"vendor_name": "QEMU"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b",
"refsource" : "CONFIRM",
"url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19",
"refsource" : "CONFIRM",
"url" : "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name" : "RHSA-2017:2628",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"name" : "RHSA-2017:3466",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name" : "RHSA-2017:3470",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name" : "RHSA-2017:3471",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name" : "RHSA-2017:3472",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name" : "RHSA-2017:3473",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name" : "RHSA-2017:3474",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name" : "99944",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An assertion-failure flaw was found in Qemu before 2.10.1, in the Network Block Device (NBD) server's initial connection negotiation, where the I/O coroutine was undefined. This could crash the qemu-nbd server if a client sent unexpected data during connection negotiation. A remote user or process could use this flaw to crash the qemu-nbd server resulting in denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
[
{
"vectorString": "5.0/AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-617"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2628",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2628"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b"
},
{
"name": "RHSA-2017:3473",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3473"
},
{
"name": "RHSA-2017:3470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3470"
},
{
"name": "RHSA-2017:3472",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3472"
},
{
"name": "RHSA-2017:3474",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3474"
},
{
"name": "RHSA-2017:3471",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3471"
},
{
"name": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19",
"refsource": "CONFIRM",
"url": "https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19"
},
{
"name": "[oss-security] 20170721 CVE-2017-7539 Qemu: qemu-nbd crashes due to undefined I/O coroutine",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/07/21/4"
},
{
"name": "RHSA-2017:3466",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3466"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7539"
},
{
"name": "99944",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99944"
}
]
}
}

152
2017/7xxx/CVE-2017-7817.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "56"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Firefox for Android address bar spoofing through fullscreen mode"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "56"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-21/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-21/"
},
{
"name" : "101057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101057"
},
{
"name" : "1039465",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Firefox for Android address bar spoofing through fullscreen mode"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039465",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039465"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-21/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-21/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1356596"
},
{
"name": "101057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101057"
}
]
}
}

34
2018/10xxx/CVE-2018-10069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10069",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10069",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/10xxx/CVE-2018-10079.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\\ProgramData\\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44493",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44493/"
},
{
"name" : "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\\ProgramData\\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44493",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44493/"
},
{
"name": "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147253/Geist-WatchDog-Console-3.2.2-XSS-XML-Injection-Insecure-Permissions.html"
}
]
}
}

120
2018/10xxx/CVE-2018-10128.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/gosea/xyhcms/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/gosea/xyhcms/issues/2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in XYHCMS 3.5. It has XSS via the test parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gosea/xyhcms/issues/2",
"refsource": "MISC",
"url": "https://github.com/gosea/xyhcms/issues/2"
}
]
}
}

34
2018/14xxx/CVE-2018-14172.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14172",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14172",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14480.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14480",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14480",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/17xxx/CVE-2018-17453.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17453",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17453",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/17xxx/CVE-2018-17931.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-17931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VGo Robot",
"version" : {
"version_data" : [
{
"version_value" : "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER ACCESS CONTROL CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-17931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VGo Robot",
"version": {
"version_data": [
{
"version_value": "Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an attacker has physical access to the VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) they may be able to alter scripts, which may allow code execution with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER ACCESS CONTROL CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-114-01"
}
]
}
}

130
2018/17xxx/CVE-2018-17960.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
"refsource" : "MISC",
"url" : "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"
},
{
"name" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0",
"refsource" : "MISC",
"url" : "https://ckeditor.com/cke4/release/CKEditor-4.11.0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CKEditor 4.x before 4.11.0 allows user-assisted XSS involving a source-mode paste."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/",
"refsource": "MISC",
"url": "https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"
},
{
"name": "https://ckeditor.com/cke4/release/CKEditor-4.11.0",
"refsource": "MISC",
"url": "https://ckeditor.com/cke4/release/CKEditor-4.11.0"
}
]
}
}

34
2018/20xxx/CVE-2018-20246.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20246",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-20246",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

130
2018/20xxx/CVE-2018-20388.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20388",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv",
"refsource" : "MISC",
"url" : "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"
},
{
"name" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html",
"refsource" : "MISC",
"url" : "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Comtrend CM-6200un 123.447.007 and CM-6300n 123.553mp1.005 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv",
"refsource": "MISC",
"url": "https://github.com/ezelf/sensitivesOids/blob/master/oidpassswordleaks.csv"
},
{
"name": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/stringbleed-y-ahora-que-passwords-leaks.html"
}
]
}
}

34
2018/20xxx/CVE-2018-20630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/9xxx/CVE-2018-9276.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180626 PRTG < 18.2.39 Command Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/542103/100/0/threaded"
},
{
"name" : "46527",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46527/"
},
{
"name" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html"
},
{
"name": "46527",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46527/"
},
{
"name": "20180626 PRTG < 18.2.39 Command Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542103/100/0/threaded"
}
]
}
}

34
2018/9xxx/CVE-2018-9365.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9365",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9365",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9374.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9374",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9374",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9394.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9394",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9394",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9726.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9726",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9726",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/9xxx/CVE-2018-9982.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9982",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.29935"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787-Out-of-bounds Write"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-380",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-380"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787-Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-380",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-380"
}
]
}
}