admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:26:52 +00:00
parent 06975b2a3f
commit d85a48ace2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3530 additions and 3530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2002/0xxx/CVE-2002-0067.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101431040422095&w=2"
},
{
"name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name" : "RHSA-2002:029",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name" : "20020222 TSLSA-2002-0031 - squid",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101443252627021&w=2"
},
{
"name" : "MDKSA-2002:016",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name" : "CSSA-2002-SCO.7",
"refsource" : "CALDERA",
"url" : "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name" : "CLA-2002:464",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464"
},
{
"name" : "FreeBSD-SA-02:12",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name" : "squid-htcp-enabled(8261)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8261.php"
},
{
"name" : "4150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4150"
},
{
"name" : "5379",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5379"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when \"htcp_port 0\" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "CLA-2002:464",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464"
},
{
"name": "MDKSA-2002:016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php"
},
{
"name": "20020222 TSLSA-2002-0031 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101443252627021&w=2"
},
{
"name": "FreeBSD-SA-02:12",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc"
},
{
"name": "CSSA-2002-SCO.7",
"refsource": "CALDERA",
"url": "http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html"
},
{
"name": "squid-htcp-enabled(8261)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8261.php"
},
{
"name": "4150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4150"
},
{
"name": "20020221 Squid HTTP Proxy Security Update Advisory 2002:1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101431040422095&w=2"
},
{
"name": "RHSA-2002:029",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-029.html"
},
{
"name": "5379",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5379"
}
]
}
}

140
2002/0xxx/CVE-2002-0512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CSSA-2002-005.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt"
},
{
"name" : "4400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4400"
},
{
"name" : "kde-startkde-search-directory(8737)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8737.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kde-startkde-search-directory(8737)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8737.php"
},
{
"name": "4400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4400"
},
{
"name": "CSSA-2002-005.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt"
}
]
}
}

140
2002/0xxx/CVE-2002-0697.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-036",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036"
},
{
"name" : "mms-data-repository-access(9657)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9657.php"
},
{
"name" : "5308",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mms-data-repository-access(9657)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9657.php"
},
{
"name": "5308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5308"
},
{
"name": "MS02-036",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036"
}
]
}
}

160
2002/0xxx/CVE-2002-0735.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020506 ldap vulnerabilities",
"refsource" : "VULN-DEV",
"url" : "http://marc.info/?l=vuln-dev&m=102070267500932&w=2"
},
{
"name" : "20020506 [VulnWatch] ldap vulnerabilities",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html"
},
{
"name" : "20020506 ldap vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/271173"
},
{
"name" : "4679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4679"
},
{
"name" : "squidauthldap-logging-format-string(9019)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9019.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020506 [VulnWatch] ldap vulnerabilities",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html"
},
{
"name": "4679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4679"
},
{
"name": "squidauthldap-logging-format-string(9019)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9019.php"
},
{
"name": "20020506 ldap vulnerabilities",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=102070267500932&w=2"
},
{
"name": "20020506 ldap vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/271173"
}
]
}
}

150
2002/2xxx/CVE-2002-2224.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM"
},
{
"name" : "VU#287771",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/287771"
},
{
"name" : "5449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5449"
},
{
"name" : "ike-response-bo(9850)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted Internet Key Exchange (IKE) response packets, possibly including (1) a large Security Parameter Index (SPI) field, (2) large number of payloads, or (3) a long payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/AAMN-5A5RXM"
},
{
"name": "5449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5449"
},
{
"name": "ike-response-bo(9850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9850"
},
{
"name": "VU#287771",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/287771"
}
]
}
}

180
2002/2xxx/CVE-2002-2226.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021118 TFTPD32 Buffer Overflow Vulnerability (Long filename)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/300395"
},
{
"name" : "http://tftpd32.jounin.net/",
"refsource" : "MISC",
"url" : "http://tftpd32.jounin.net/"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/6C00C2061A.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/6C00C2061A.html"
},
{
"name" : "VU#632633",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/632633"
},
{
"name" : "6199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6199"
},
{
"name" : "3160",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3160"
},
{
"name" : "tftp32-filename-bo(10647)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3160",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3160"
},
{
"name": "VU#632633",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/632633"
},
{
"name": "http://tftpd32.jounin.net/",
"refsource": "MISC",
"url": "http://tftpd32.jounin.net/"
},
{
"name": "6199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6199"
},
{
"name": "http://www.securiteam.com/windowsntfocus/6C00C2061A.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6C00C2061A.html"
},
{
"name": "20021118 TFTPD32 Buffer Overflow Vulnerability (Long filename)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/300395"
},
{
"name": "tftp32-filename-bo(10647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10647"
}
]
}
}

180
2005/0xxx/CVE-2005-0017.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-661",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-661"
},
{
"name" : "GLSA-200501-43",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-43.xml"
},
{
"name" : "12380",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12380"
},
{
"name" : "1013028",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013028"
},
{
"name" : "14041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14041"
},
{
"name" : "14052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14052"
},
{
"name" : "14067",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14067"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14067"
},
{
"name": "DSA-661",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-661"
},
{
"name": "1013028",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013028"
},
{
"name": "12380",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12380"
},
{
"name": "GLSA-200501-43",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-43.xml"
},
{
"name": "14041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14041"
},
{
"name": "14052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14052"
}
]
}
}

140
2005/0xxx/CVE-2005-0549.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"View Log Files\" function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050328 Multiple XSS issues in Sun AnswerBook2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111205163531628&w=2"
},
{
"name" : "57737",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1"
},
{
"name" : "1000230",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the \"View Log Files\" function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050328 Multiple XSS issues in Sun AnswerBook2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111205163531628&w=2"
},
{
"name": "1000230",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000230.1-1"
},
{
"name": "57737",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1"
}
]
}
}

160
2005/0xxx/CVE-2005-0760.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0760",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-702",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-702"
},
{
"name" : "RHSA-2005:070",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2005-070.html"
},
{
"name" : "SUSE-SA:2005:017",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
},
{
"name" : "oval:org.mitre.oval:def:11184",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184"
},
{
"name" : "1013550",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013550"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013550"
},
{
"name": "SUSE-SA:2005:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
},
{
"name": "oval:org.mitre.oval:def:11184",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11184"
},
{
"name": "RHSA-2005:070",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2005-070.html"
},
{
"name": "DSA-702",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-702"
}
]
}
}

180
2005/1xxx/CVE-2005-1191.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe (\"'\") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050419 File Selection May Lead to Command Execution (GM#015-IE)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396224"
},
{
"name" : "http://security.greymagic.com/security/advisories/gm015-ie",
"refsource" : "MISC",
"url" : "http://security.greymagic.com/security/advisories/gm015-ie"
},
{
"name" : "MS05-024",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024"
},
{
"name" : "13248",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13248"
},
{
"name" : "ADV-2005-0509",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0509"
},
{
"name" : "oval:org.mitre.oval:def:3585",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585"
},
{
"name" : "windows-web-view-command-execution(20380)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe (\"'\") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050419 File Selection May Lead to Command Execution (GM#015-IE)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396224"
},
{
"name": "13248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13248"
},
{
"name": "ADV-2005-0509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0509"
},
{
"name": "windows-web-view-command-execution(20380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20380"
},
{
"name": "http://security.greymagic.com/security/advisories/gm015-ie",
"refsource": "MISC",
"url": "http://security.greymagic.com/security/advisories/gm015-ie"
},
{
"name": "MS05-024",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024"
},
{
"name": "oval:org.mitre.oval:def:3585",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585"
}
]
}
}

140
2005/1xxx/CVE-2005-1712.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=328092",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"name" : "16659",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16659"
},
{
"name" : "15405",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Serendipity 0.8, when used with multiple authors, allows unprivileged authors to upload arbitrary media files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=328092",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=328092"
},
{
"name": "15405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15405"
},
{
"name": "16659",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16659"
}
]
}
}

230
2009/0xxx/CVE-2009-0841.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502271/100/0/threaded"
},
{
"name" : "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes",
"refsource" : "MLIST",
"url" : "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html"
},
{
"name" : "http://www.positronsecurity.com/advisories/2009-000.html",
"refsource" : "MISC",
"url" : "http://www.positronsecurity.com/advisories/2009-000.html"
},
{
"name" : "http://trac.osgeo.org/mapserver/ticket/2942",
"refsource" : "CONFIRM",
"url" : "http://trac.osgeo.org/mapserver/ticket/2942"
},
{
"name" : "DSA-1914",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1914"
},
{
"name" : "FEDORA-2009-3357",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html"
},
{
"name" : "FEDORA-2009-3383",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html"
},
{
"name" : "34306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34306"
},
{
"name" : "1021952",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021952"
},
{
"name" : "34520",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34520"
},
{
"name" : "34603",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34603"
},
{
"name" : "mapserver-mapserv-dir-traversal(49548)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2, when running on Windows with Cygwin, allows remote attackers to create arbitrary files via a .. (dot dot) in the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.positronsecurity.com/advisories/2009-000.html",
"refsource": "MISC",
"url": "http://www.positronsecurity.com/advisories/2009-000.html"
},
{
"name": "1021952",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021952"
},
{
"name": "20090330 Positron Security Advisory #2009-000: Multiple Vulnerabilities in MapServer v5.2.1 and v4.10.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502271/100/0/threaded"
},
{
"name": "34603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34603"
},
{
"name": "FEDORA-2009-3383",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00170.html"
},
{
"name": "34306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34306"
},
{
"name": "34520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34520"
},
{
"name": "DSA-1914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1914"
},
{
"name": "mapserver-mapserv-dir-traversal(49548)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49548"
},
{
"name": "http://trac.osgeo.org/mapserver/ticket/2942",
"refsource": "CONFIRM",
"url": "http://trac.osgeo.org/mapserver/ticket/2942"
},
{
"name": "FEDORA-2009-3357",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00147.html"
},
{
"name": "[mapserver-users] 20090326 MapServer 5.2.2 and 4.10.4 released with security fixes",
"refsource": "MLIST",
"url": "http://lists.osgeo.org/pipermail/mapserver-users/2009-March/060600.html"
}
]
}
}

170
2009/0xxx/CVE-2009-0997.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0997",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-0997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "53739",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53739"
},
{
"name" : "1022052",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022052"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database 11.1.0.6 allows remote authenticated users to affect confidentiality, related to DBMS_SYS_SQL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53739",
"refsource": "OSVDB",
"url": "http://osvdb.org/53739"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "1022052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022052"
}
]
}
}

34
2009/1xxx/CVE-2009-1110.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1110",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1110",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2009/1xxx/CVE-2009-1335.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502617/100/0/threaded"
},
{
"name" : "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html"
},
{
"name" : "34478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34478"
},
{
"name" : "ie-unprintable-dos(50350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows remote attackers to cause a denial of service (application hang) via a large document composed of unprintable characters, aka MSRC 9011jr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0111.html"
},
{
"name": "ie-unprintable-dos(50350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50350"
},
{
"name": "34478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34478"
},
{
"name": "20090411 [BMSA 2009-04] Remote DoS in Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502617/100/0/threaded"
}
]
}
}

34
2009/1xxx/CVE-2009-1563.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1563",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-1563",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

140
2009/1xxx/CVE-2009-1744.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8670",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8670"
},
{
"name" : "35137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35137"
},
{
"name" : "pinnaclestudio-hfz-dos(50856)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50856"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8670",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8670"
},
{
"name": "pinnaclestudio-hfz-dos(50856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50856"
},
{
"name": "35137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35137"
}
]
}
}

150
2009/4xxx/CVE-2009-4857.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt"
},
{
"name" : "56828",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56828"
},
{
"name" : "36171",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36171"
},
{
"name" : "phpphotovote-login-xss(52323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36171",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36171"
},
{
"name": "56828",
"refsource": "OSVDB",
"url": "http://osvdb.org/56828"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/ppv-xss.txt"
},
{
"name": "phpphotovote-login-xss(52323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52323"
}
]
}
}

170
2009/5xxx/CVE-2009-5147.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/222"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248935",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"name" : "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b",
"refsource" : "CONFIRM",
"url" : "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"
},
{
"name" : "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"name" : "RHSA-2018:0583",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name" : "76060",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76060"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b",
"refsource": "CONFIRM",
"url": "https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b"
},
{
"name": "[oss-security] 20150728 Re: CVE request: Two ruby 'dl' vulnerabilities fixed in ruby-1.9.1-p129",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/222"
},
{
"name": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/"
},
{
"name": "RHSA-2018:0583",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0583"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248935"
},
{
"name": "76060",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76060"
}
]
}
}

220
2012/2xxx/CVE-2012-2335.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"refsource" : "MISC",
"url" : "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569",
"refsource" : "MISC",
"url" : "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569"
},
{
"name" : "http://www.php.net/archive/2012.php#id2012-05-06-1",
"refsource" : "MISC",
"url" : "http://www.php.net/archive/2012.php#id2012-05-06-1"
},
{
"name" : "https://bugs.php.net/bug.php?id=61910",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=61910"
},
{
"name" : "HPSBMU02900",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SSRT100992",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SUSE-SU-2012:0840",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name" : "SUSE-SU-2012:0721",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
},
{
"name" : "VU#520827",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/520827"
},
{
"name" : "49014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49014"
},
{
"name" : "php-phpwrapperfcgi-code-exec(75652)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4.2 and execute arbitrary code by leveraging improper interaction between the PHP sapi/cgi/cgi_main.c component and a query string beginning with a +- sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.php.net/bug.php?id=61910",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"name": "SUSE-SU-2012:0721",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
},
{
"name": "SUSE-SU-2012:0840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "49014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49014"
},
{
"name": "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569",
"refsource": "MISC",
"url": "http://git.php.net/?p=php-src.git;a=blob;f=sapi/cgi/cgi_main.c;h=a7ac26f0#l1569"
},
{
"name": "SSRT100992",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/",
"refsource": "MISC",
"url": "http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/"
},
{
"name": "VU#520827",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/520827"
},
{
"name": "http://www.php.net/archive/2012.php#id2012-05-06-1",
"refsource": "MISC",
"url": "http://www.php.net/archive/2012.php#id2012-05-06-1"
},
{
"name": "php-phpwrapperfcgi-code-exec(75652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75652"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
}
]
}
}

180
2012/2xxx/CVE-2012-2702.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name" : "http://drupal.org/node/1585532",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1585532"
},
{
"name" : "http://drupal.org/node/1580752",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1580752"
},
{
"name" : "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
},
{
"name" : "82005",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82005"
},
{
"name" : "49169",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49169"
},
{
"name" : "ubercartproductkeys-keys-security-bypass(75720)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain conditions related to the uid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/uc_product_keys.git/commitdiff/19fa261"
},
{
"name": "http://drupal.org/node/1585532",
"refsource": "MISC",
"url": "http://drupal.org/node/1585532"
},
{
"name": "ubercartproductkeys-keys-security-bypass(75720)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75720"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "49169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49169"
},
{
"name": "82005",
"refsource": "OSVDB",
"url": "http://osvdb.org/82005"
},
{
"name": "http://drupal.org/node/1580752",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1580752"
}
]
}
}

140
2012/2xxx/CVE-2012-2833.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2833",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=132156",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=132156"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name" : "oval:org.mitre.oval:def:15584",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=132156",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=132156"
},
{
"name": "oval:org.mitre.oval:def:15584",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15584"
}
]
}
}

170
2012/3xxx/CVE-2012-3503.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3503",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3",
"refsource" : "CONFIRM",
"url" : "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3"
},
{
"name" : "https://github.com/Katello/katello/pull/499",
"refsource" : "CONFIRM",
"url" : "https://github.com/Katello/katello/pull/499"
},
{
"name" : "RHSA-2012:1186",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1186.html"
},
{
"name" : "RHSA-2012:1187",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1187.html"
},
{
"name" : "55140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55140"
},
{
"name" : "50344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50344"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation script in Katello 1.0 and earlier does not properly generate the Application.config.secret_token value, which causes each default installation to have the same secret token, and allows remote attackers to authenticate to the CloudForms System Engine web interface as an arbitrary user by creating a cookie using the default secret_token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50344"
},
{
"name": "RHSA-2012:1187",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1187.html"
},
{
"name": "55140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55140"
},
{
"name": "https://github.com/Katello/katello/pull/499",
"refsource": "CONFIRM",
"url": "https://github.com/Katello/katello/pull/499"
},
{
"name": "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3",
"refsource": "CONFIRM",
"url": "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3"
},
{
"name": "RHSA-2012:1186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1186.html"
}
]
}
}

34
2012/3xxx/CVE-2012-3550.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3550",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3467. Reason: This candidate is a reservation duplicate of CVE-2012-3467. Notes: All CVE users should reference CVE-2012-3467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-3550",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3467. Reason: This candidate is a reservation duplicate of CVE-2012-3467. Notes: All CVE users should reference CVE-2012-3467 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

210
2012/3xxx/CVE-2012-3648.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "85402",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85402"
},
{
"name" : "oval:org.mitre.oval:def:17246",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17246"
},
{
"name" : "apple-itunes-webkit-cve20123648(78555)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "apple-itunes-webkit-cve20123648(78555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78555"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:17246",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17246"
},
{
"name": "85402",
"refsource": "OSVDB",
"url": "http://osvdb.org/85402"
}
]
}
}

34
2012/3xxx/CVE-2012-3772.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3772",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3772",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2012/4xxx/CVE-2012-4709.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-276-01"
}
]
}
}

220
2012/4xxx/CVE-2012-4817.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-4817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc"
},
{
"name" : "IV10327",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV10327"
},
{
"name" : "IV11629",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV11629"
},
{
"name" : "IV12169",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV12169"
},
{
"name" : "IV17855",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV17855"
},
{
"name" : "IV26436",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IV26436"
},
{
"name" : "55546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55546"
},
{
"name" : "85427",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85427"
},
{
"name" : "1027531",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027531"
},
{
"name" : "50619",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50619"
},
{
"name" : "aix-nfsv4-gid-dos(78431)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS before 2.2.1.4-FP-25 SP-02, does not properly handle GID values, which allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027531",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027531"
},
{
"name": "IV12169",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV12169"
},
{
"name": "85427",
"refsource": "OSVDB",
"url": "http://osvdb.org/85427"
},
{
"name": "50619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50619"
},
{
"name": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/nfsv4_advisory1.asc"
},
{
"name": "IV17855",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV17855"
},
{
"name": "IV10327",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV10327"
},
{
"name": "IV26436",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV26436"
},
{
"name": "55546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55546"
},
{
"name": "IV11629",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IV11629"
},
{
"name": "aix-nfsv4-gid-dos(78431)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78431"
}
]
}
}

150
2012/4xxx/CVE-2012-4915.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57133",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57133"
},
{
"name" : "88891",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/88891"
},
{
"name" : "50832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50832"
},
{
"name" : "googledocembedder-pdf-file-disclosure(80930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Google Doc Embedder plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to libs/pdf.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57133",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57133"
},
{
"name": "googledocembedder-pdf-file-disclosure(80930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80930"
},
{
"name": "88891",
"refsource": "OSVDB",
"url": "http://osvdb.org/88891"
},
{
"name": "50832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50832"
}
]
}
}

150
2012/4xxx/CVE-2012-4918.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2012-4918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57225",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57225"
},
{
"name" : "89070",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89070"
},
{
"name" : "51366",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51366"
},
{
"name" : "callofduty-ssl-spoofing(81116)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Call of Duty Elite for iOS 2.0.1 does not properly validate the server SSL certificate, which allows remote attackers to obtain sensitive information via a Man-in-the-Middle (MITM) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57225",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57225"
},
{
"name": "89070",
"refsource": "OSVDB",
"url": "http://osvdb.org/89070"
},
{
"name": "51366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51366"
},
{
"name": "callofduty-ssl-spoofing(81116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81116"
}
]
}
}

130
2012/6xxx/CVE-2012-6316.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121207 TP-LINK TL-WR841N XSS (Cross Site Scripting)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2012/Dec/93"
},
{
"name" : "56602",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56602"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56602"
},
{
"name": "20121207 TP-LINK TL-WR841N XSS (Cross Site Scripting)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2012/Dec/93"
}
]
}
}

120
2012/6xxx/CVE-2012-6646.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.f-secure.com/en/web/labs_global/fsc-2012-2",
"refsource" : "CONFIRM",
"url" : "http://www.f-secure.com/en/web/labs_global/fsc-2012-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.f-secure.com/en/web/labs_global/fsc-2012-2",
"refsource": "CONFIRM",
"url": "http://www.f-secure.com/en/web/labs_global/fsc-2012-2"
}
]
}
}

130
2012/6xxx/CVE-2012-6709.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6709",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6709",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=881399",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=881399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate Validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=881399",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=881399"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694658"
}
]
}
}

200
2015/5xxx/CVE-2015-5255.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"name" : "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"name" : "HPSBST03568",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=145996963420108&w=2"
},
{
"name" : "77626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77626"
},
{
"name" : "1034210",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x before 4.6.2.354178, and 4.7.x before 4.7.0.354178, allows remote attackers to send HTTP traffic to intranet servers via a crafted XML document, related to a Server-Side Request Forgery (SSRF) issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBST03568",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=145996963420108&w=2"
},
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html"
},
{
"name": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134506/Apache-Flex-BlazeDS-4.7.1-SSRF.html"
},
{
"name": "1034210",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034210"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05073670"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2015-0008.html"
},
{
"name": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/livecycleds/apsb15-30.html"
},
{
"name": "20151123 CVE-2015-5255: SSRF vulnerability in Apache Flex BlazeDS 4.7.1",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536958/100/0/threaded"
},
{
"name": "77626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77626"
}
]
}
}

130
2015/5xxx/CVE-2015-5727.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://botan.randombit.net/security.html",
"refsource" : "CONFIRM",
"url" : "http://botan.randombit.net/security.html"
},
{
"name" : "DSA-3565",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3565"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3565",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3565"
},
{
"name": "http://botan.randombit.net/security.html",
"refsource": "CONFIRM",
"url": "http://botan.randombit.net/security.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5854.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76908"
},
{
"name" : "1033703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "76908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76908"
}
]
}
}

240
2017/2xxx/CVE-2017-2113.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TS-WPTCAM",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name" : "TS-WPTCAM2",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.00"
}
]
}
},
{
"product_name" : "TS-WLCE",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name" : "TS-WLC2",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name" : "TS-WRLC",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.17 and earlier"
}
]
}
},
{
"product_name" : "TS-PTCAM/POE",
"version" : {
"version_data" : [
{
"version_value" : "firmware version 1.18 and earlier"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TS-WPTCAM",
"version": {
"version_data": [
{
"version_value": "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name": "TS-WPTCAM2",
"version": {
"version_data": [
{
"version_value": "firmware version 1.00"
}
]
}
},
{
"product_name": "TS-WLCE",
"version": {
"version_data": [
{
"version_value": "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name": "TS-WLC2",
"version": {
"version_data": [
{
"version_value": "firmware version 1.18 and earlier"
}
]
}
},
{
"product_name": "TS-WRLC",
"version": {
"version_data": [
{
"version_value": "firmware version 1.17 and earlier"
}
]
}
},
{
"product_name": "TS-PTCAM/POE",
"version": {
"version_data": [
{
"version_value": "firmware version 1.18 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.iodata.jp/support/information/2017/camera201702/",
"refsource" : "MISC",
"url" : "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"name" : "JVN#46830433",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN46830433/index.html"
},
{
"name" : "96620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#46830433",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN46830433/index.html"
},
{
"name": "96620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96620"
},
{
"name": "http://www.iodata.jp/support/information/2017/camera201702/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
}
]
}
}

140
2017/2xxx/CVE-2017-2489.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41798",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41798/"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "97300",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to obtain sensitive information from kernel memory via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97300"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "41798",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41798/"
}
]
}
}

262
2017/2xxx/CVE-2017-2592.json
View File

@ -1,133 +1,133 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2017-2592",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "python-oslo-middleware",
"version" : {
"version_data" : [
{
"version_value" : "python-oslo-middleware 3.8.1"
},
{
"version_value" : " python-oslo-middleware 3.19.1"
},
{
"version_value" : " python-oslo-middleware 3.23.1"
}
]
}
}
]
},
"vendor_name" : ""
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-532"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "python-oslo-middleware",
"version": {
"version_data": [
{
"version_value": "python-oslo-middleware 3.8.1"
},
{
"version_value": " python-oslo-middleware 3.19.1"
},
{
"version_value": " python-oslo-middleware 3.23.1"
}
]
}
}
]
},
"vendor_name": ""
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"name" : "https://review.openstack.org/#/c/425730/",
"refsource" : "MISC",
"url" : "https://review.openstack.org/#/c/425730/"
},
{
"name" : "https://review.openstack.org/#/c/425732/",
"refsource" : "MISC",
"url" : "https://review.openstack.org/#/c/425732/"
},
{
"name" : "https://review.openstack.org/#/c/425734/",
"refsource" : "MISC",
"url" : "https://review.openstack.org/#/c/425734/"
},
{
"name" : "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html",
"refsource" : "CONFIRM",
"url" : "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"name" : "https://access.redhat.com/errata/RHSA-2017:0300",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"name" : "https://access.redhat.com/errata/RHSA-2017:0435",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"name" : "RHSA-2017:0300",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"name" : "RHSA-2017:0435",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
},
{
"name" : "USN-3666-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3666-1/"
},
{
"name" : "95827",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is vulnerable to an information disclosure. Software using the CatchError class could include sensitive values in a traceback's error message. System users could exploit this flaw to obtain sensitive information from OpenStack component error logs (for example, keystone tokens)."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.9/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://review.openstack.org/#/c/425732/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425732/"
},
{
"name": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html",
"refsource": "CONFIRM",
"url": "http://lists.openstack.org/pipermail/openstack-announce/2017-January/002002.html"
},
{
"name": "RHSA-2017:0300",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0300.html"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:0300",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/errata/RHSA-2017:0300"
},
{
"name": "RHSA-2017:0435",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0435.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2592"
},
{
"name": "95827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95827"
},
{
"name": "https://review.openstack.org/#/c/425730/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425730/"
},
{
"name": "https://review.openstack.org/#/c/425734/",
"refsource": "MISC",
"url": "https://review.openstack.org/#/c/425734/"
},
{
"name": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/keystonemiddleware/+bug/1628031"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:0435",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/errata/RHSA-2017:0435"
},
{
"name": "USN-3666-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3666-1/"
}
]
}
}

34
2017/2xxx/CVE-2017-2656.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2656",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6320. Reason: This candidate is a reservation duplicate of CVE-2016-6320. Notes: All CVE users should reference CVE-2016-6320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2656",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6320. Reason: This candidate is a reservation duplicate of CVE-2016-6320. Notes: All CVE users should reference CVE-2016-6320 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

122
2017/2xxx/CVE-2017-2909.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-10-31T00:00:00",
"ID" : "CVE-2017-2909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mongoose",
"version" : {
"version_data" : [
{
"version_value" : "6.8"
}
]
}
}
]
},
"vendor_name" : "Cesanta"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-10-31T00:00:00",
"ID": "CVE-2017-2909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mongoose",
"version": {
"version_data": [
{
"version_value": "6.8"
}
]
}
}
]
},
"vendor_name": "Cesanta"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416"
}
]
}
}

140
2018/11xxx/CVE-2018-11345.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/2"
},
{
"name" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource" : "MISC",
"url" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name" : "https://github.com/mefulton/asustorexploit",
"refsource" : "MISC",
"url" : "https://github.com/mefulton/asustorexploit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker controlled code on the file system that can then be executed. Further, the filename parameter is vulnerable to path traversal and allows the attacker to place the file anywhere on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource": "MISC",
"url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name": "https://github.com/mefulton/asustorexploit",
"refsource": "MISC",
"url": "https://github.com/mefulton/asustorexploit"
},
{
"name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/2"
}
]
}
}

120
2018/11xxx/CVE-2018-11470.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "iScripts eSwap v2.4 has SQL injection via the \"search.php\" 'Told' parameter in the User Panel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md",
"refsource" : "MISC",
"url" : "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "iScripts eSwap v2.4 has SQL injection via the \"search.php\" 'Told' parameter in the User Panel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md",
"refsource": "MISC",
"url": "https://github.com/hi-KK/CVE-Hunter/blob/master/3.md"
}
]
}
}

34
2018/11xxx/CVE-2018-11700.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11700",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11700",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/11xxx/CVE-2018-11858.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Possible buffer overwrite in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version SD 835, SD 845, SD 850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Possible buffer overwrite in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

34
2018/14xxx/CVE-2018-14229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14229",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14229",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14770.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vivotek.com/website/support/cybersecurity/",
"refsource" : "MISC",
"url" : "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource" : "CONFIRM",
"url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 1 of 2) via the ONVIF interface, (/onvif/device_service)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "MISC",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
]
}
}

120
2018/14xxx/CVE-2018-14923.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cnvd.org.cn/flaw/show/1325763",
"refsource" : "MISC",
"url" : "http://www.cnvd.org.cn/flaw/show/1325763"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cnvd.org.cn/flaw/show/1325763",
"refsource": "MISC",
"url": "http://www.cnvd.org.cn/flaw/show/1325763"
}
]
}
}

140
2018/15xxx/CVE-2018-15169.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/x-f1v3/ForCve/issues/3",
"refsource" : "MISC",
"url" : "https://github.com/x-f1v3/ForCve/issues/3"
},
{
"name" : "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource" : "MISC",
"url" : "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html",
"refsource" : "CONFIRM",
"url" : "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager 13 before build 13820 allows remote attackers to inject arbitrary web script or HTML via the /deleteMO.do method parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.manageengine.com/products/applications_manager/issues.html",
"refsource": "MISC",
"url": "https://www.manageengine.com/products/applications_manager/issues.html"
},
{
"name": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html",
"refsource": "CONFIRM",
"url": "https://www.manageengine.com/products/applications_manager/security-updates/security-updates-cve-2018-15169.html"
},
{
"name": "https://github.com/x-f1v3/ForCve/issues/3",
"refsource": "MISC",
"url": "https://github.com/x-f1v3/ForCve/issues/3"
}
]
}
}

34
2018/15xxx/CVE-2018-15222.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15222",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15222",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8259.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8259",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8259",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}