admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:29:42 +00:00
parent 2c49d32ec3
commit db31104f56
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 3910 additions and 3910 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0495.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0495", "ID": "CVE-2002-0495",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/264169" "lang": "eng",
}, "value": "csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi."
{ }
"name" : "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7", ]
"refsource" : "MISC", },
"url" : "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4368", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4368" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "cssearch-url-execute-commands(8636)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8636.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4368",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4368"
},
{
"name": "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7",
"refsource": "MISC",
"url": "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7"
},
{
"name": "cssearch-url-execute-commands(8636)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8636.php"
},
{
"name": "20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/264169"
}
]
}
}

120
2002/0xxx/CVE-2002-0747.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0747", "ID": "CVE-2002-0747",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in lsmcode in AIX 4.3.3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "IY29589", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html" "lang": "eng",
} "value": "Buffer overflow in lsmcode in AIX 4.3.3."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IY29589",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q2/0005.html"
}
]
}
}

140
2002/0xxx/CVE-2002-0777.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0777", "ID": "CVE-2002-0777",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html" "lang": "eng",
}, "value": "Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long \"bind DN\" parameter."
{ }
"name" : "imail-ldap-bo(9116)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9116.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4780", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4780" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "imail-ldap-bo(9116)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9116.php"
},
{
"name": "4780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4780"
},
{
"name": "20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2409.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2409", "ID": "CVE-2002-2409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021119 Clipboard in QNX Photon", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html" "lang": "eng",
}, "value": "Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID."
{ }
"name" : "6207", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6207" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "qnx-photon-view-clipboard(10658)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10658.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "qnx-photon-view-clipboard(10658)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10658.php"
},
{
"name": "6207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6207"
},
{
"name": "20021119 Clipboard in QNX Photon",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-11/0267.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0541.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0541", "ID": "CVE-2005-0541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050224 Cyclades AlterPath Manager Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://marc.info/?l=full-disclosure&m=110924450827137&w=2" "lang": "eng",
}, "value": "consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter."
{ }
"name" : "http://www.cirt.net/advisories/alterpath_console.shtml", ]
"refsource" : "MISC", },
"url" : "http://www.cirt.net/advisories/alterpath_console.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14075", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/14075" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14378", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14378" ]
} },
] "references": {
} "reference_data": [
} {
"name": "14378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14378"
},
{
"name": "20050224 Cyclades AlterPath Manager Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=110924450827137&w=2"
},
{
"name": "http://www.cirt.net/advisories/alterpath_console.shtml",
"refsource": "MISC",
"url": "http://www.cirt.net/advisories/alterpath_console.shtml"
},
{
"name": "14075",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14075"
}
]
}
}

140
2005/0xxx/CVE-2005-0894.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0894", "ID": "CVE-2005-0894",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050325 RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111176899423078&w=2" "lang": "eng",
}, "value": "OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp."
{ }
"name" : "12902", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12902" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14693", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14693" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "12902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12902"
},
{
"name": "14693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14693"
},
{
"name": "20050325 RX250305 - OpenMosixView : Multiple Race conditions - advisory and exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111176899423078&w=2"
}
]
}
}

150
2005/0xxx/CVE-2005-0984.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0984", "ID": "CVE-2005-0984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050402 In-game server buffer-overflow in Jedi Academy 1.011", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111246855213653&w=2" "lang": "eng",
}, "value": "Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell."
{ }
"name" : "http://aluigi.altervista.org/adv/jamsgbof-adv.txt", ]
"refsource" : "MISC", },
"url" : "http://aluigi.altervista.org/adv/jamsgbof-adv.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12977", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12977" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14809", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/14809" ]
} },
] "references": {
} "reference_data": [
} {
"name": "12977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12977"
},
{
"name": "14809",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14809"
},
{
"name": "http://aluigi.altervista.org/adv/jamsgbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/jamsgbof-adv.txt"
},
{
"name": "20050402 In-game server buffer-overflow in Jedi Academy 1.011",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111246855213653&w=2"
}
]
}
}

240
2005/1xxx/CVE-2005-1391.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1391", "ID": "CVE-2005-1391",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000" "lang": "eng",
}, "value": "Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header."
{ }
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852", ]
"refsource" : "MISC", },
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-934", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-934" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200504-29", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200504-29.xml" ]
}, },
{ "references": {
"name" : "13436", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13436" "name": "DSA-934",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-934"
"name" : "ADV-2005-0437", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0437" "name": "1013824",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013824"
"name" : "15963", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/15963" "name": "[pound_list] 20050426 remote buffer overflow in pound 1.8.2 + question abotu Host header",
}, "refsource": "MLIST",
{ "url": "http://www.apsis.ch/pound/pound_list/archive/2005/2005-04/1114516112000"
"name" : "1013824", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013824" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852",
}, "refsource": "MISC",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=307852"
"name" : "15142", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15142" "name": "15963",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/15963"
"name" : "15202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15202" "name": "15202",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15202"
"name" : "15679", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15679" "name": "GLSA-200504-29",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200504-29.xml"
"name" : "18381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18381" "name": "ADV-2005-0437",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/0437"
"name" : "pound-addport-bo(20316)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316" "name": "15679",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/15679"
} },
} {
"name": "pound-addport-bo(20316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20316"
},
{
"name": "13436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13436"
},
{
"name": "18381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18381"
},
{
"name": "15142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15142"
}
]
}
}

190
2005/1xxx/CVE-2005-1686.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1686", "ID": "CVE-2005-1686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050520 pst.advisory: gedit fun. opensource is god .lol windows", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111661117701398&w=2" "lang": "eng",
}, "value": "Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries."
{ }
"name" : "DSA-753", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-753" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200506-09", "description": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200506-09.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:499", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-499.html" ]
}, },
{ "references": {
"name" : "SUSE-SA:2005:036", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" "name": "RHSA-2005:499",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-499.html"
"name" : "USN-138-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/138-1/" "name": "DSA-753",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-753"
"name" : "oval:org.mitre.oval:def:1245", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245" "name": "USN-138-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/138-1/"
"name" : "oval:org.mitre.oval:def:9845", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845" "name": "oval:org.mitre.oval:def:9845",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845"
} },
} {
"name": "20050520 pst.advisory: gedit fun. opensource is god .lol windows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111661117701398&w=2"
},
{
"name": "oval:org.mitre.oval:def:1245",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245"
},
{
"name": "GLSA-200506-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200506-09.xml"
},
{
"name": "SUSE-SA:2005:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
}
]
}
}

140
2009/0xxx/CVE-2009-0573.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0573", "ID": "CVE-2009-0573",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx."
{ }
"name" : "33677", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33677" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33879", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33879" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "33677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33677"
},
{
"name": "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf",
"refsource": "MISC",
"url": "http://www.fortconsult.net/images/pdf/advisories/FotoWebXSS_final.pdf"
},
{
"name": "33879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33879"
}
]
}
}

150
2009/0xxx/CVE-2009-0734.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0734", "ID": "CVE-2009-0734",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500627/100/0/threaded" "lang": "eng",
}, "value": "Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file."
{ }
"name" : "51739", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/51739" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33796", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33796" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-0318", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/0318" ]
} },
] "references": {
} "reference_data": [
} {
"name": "33796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33796"
},
{
"name": "20090203 Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500627/100/0/threaded"
},
{
"name": "51739",
"refsource": "OSVDB",
"url": "http://osvdb.org/51739"
},
{
"name": "ADV-2009-0318",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0318"
}
]
}
}

180
2009/1xxx/CVE-2009-1009.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-1009", "ID": "CVE-2009-1009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.1.9 allows local users to affect confidentiality, integrity, and availability, related to HTML."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660640" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA09-105A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34461", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/34461" ]
}, },
{ "references": {
"name" : "53748", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53748" "name": "1022055",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022055"
"name" : "1022055", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022055" "name": "34461",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34461"
"name" : "34693", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34693" "name": "53748",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/53748"
} },
} {
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}

34
2009/1xxx/CVE-2009-1116.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1116", "ID": "CVE-2009-1116",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2009/1xxx/CVE-2009-1142.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1142", "ID": "CVE-2009-1142",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

370
2009/1xxx/CVE-2009-1312.json
View File

@ -1,187 +1,187 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1312", "ID": "CVE-2009-1312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504718/100/0/threaded" "lang": "eng",
}, "value": "Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header. NOTE: it was later reported that Firefox 3.6 a1 pre and Mozilla 1.7.x and earlier are also affected."
{ }
"name" : "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/504723/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/", "description": [
"refsource" : "MISC", {
"url" : "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://websecurity.com.ua/3275/", ]
"refsource" : "MISC", }
"url" : "http://websecurity.com.ua/3275/" ]
}, },
{ "references": {
"name" : "http://websecurity.com.ua/3386/", "reference_data": [
"refsource" : "MISC", {
"url" : "http://websecurity.com.ua/3386/" "name": "MDVSA-2009:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html" "name": "FEDORA-2009-3875",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475636", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475636" "name": "34894",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34894"
"name" : "FEDORA-2009-3875", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" "name": "ADV-2009-1125",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1125"
"name" : "MDVSA-2009:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" "name": "oval:org.mitre.oval:def:9818",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818"
"name" : "RHSA-2009:0436", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" "name": "34758",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34758"
"name" : "RHSA-2009:0437", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html" "name": "oval:org.mitre.oval:def:6131",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131"
"name" : "264308", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-22.html"
"name" : "SUSE-SR:2009:010", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" "name": "http://websecurity.com.ua/3386/",
}, "refsource": "MISC",
{ "url": "http://websecurity.com.ua/3386/"
"name" : "USN-764-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/764-1/" "name": "1022096",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022096"
"name" : "34656", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34656" "name": "oval:org.mitre.oval:def:6064",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064"
"name" : "oval:org.mitre.oval:def:6064", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6064" "name": "34844",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34844"
"name" : "oval:org.mitre.oval:def:6131", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6131" "name": "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/",
}, "refsource": "MISC",
{ "url": "http://ha.ckers.org/blog/20070309/firefox-header-redirection-javascript-execution/"
"name" : "oval:org.mitre.oval:def:6731", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475636",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475636"
"name" : "oval:org.mitre.oval:def:9818", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9818" "name": "http://websecurity.com.ua/3275/",
}, "refsource": "MISC",
{ "url": "http://websecurity.com.ua/3275/"
"name" : "1022096", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022096" "name": "35065",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35065"
"name" : "34758", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34758" "name": "20090703 Re: Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/504723/100/0/threaded"
"name" : "34894", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34894" "name": "oval:org.mitre.oval:def:6731",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6731"
"name" : "34843", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34843" "name": "USN-764-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/764-1/"
"name" : "34844", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34844" "name": "SUSE-SR:2009:010",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
"name" : "35065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35065" "name": "34656",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34656"
"name" : "ADV-2009-1125", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1125" "name": "20090702 Cross-Site Scripting vulnerabilities in Mozilla, Internet Explorer, Opera and Chrome",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/504718/100/0/threaded"
} },
} {
"name": "34843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34843"
},
{
"name": "RHSA-2009:0437",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
},
{
"name": "RHSA-2009:0436",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
}
]
}
}

140
2009/1xxx/CVE-2009-1319.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1319", "ID": "CVE-2009-1319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8431", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8431" "lang": "eng",
}, "value": "Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php."
{ }
"name" : "34519", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34519" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34721", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34721" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "34519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34519"
},
{
"name": "34721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34721"
},
{
"name": "8431",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8431"
}
]
}
}

150
2009/1xxx/CVE-2009-1445.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1445", "ID": "CVE-2009-1445",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8516", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8516" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta allow remote attackers to (1) read arbitrary files via directory traversal sequences in the lang parameter to libraries/helpdocs/help.php and (2) include and execute arbitrary local files via directory traversal sequences in the error parameter to index.php."
{ }
"name" : "34687", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34687" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54119", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/54119" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "54120", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/54120" ]
} },
] "references": {
} "reference_data": [
} {
"name": "54120",
"refsource": "OSVDB",
"url": "http://osvdb.org/54120"
},
{
"name": "54119",
"refsource": "OSVDB",
"url": "http://osvdb.org/54119"
},
{
"name": "8516",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8516"
},
{
"name": "34687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34687"
}
]
}
}

140
2009/1xxx/CVE-2009-1485.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1485", "ID": "CVE-2009-1485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=676726", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=676726" "lang": "eng",
}, "value": "The logging feature in eMule Plus before 1.2e allows remote attackers to cause a denial of service (infinite loop) via unspecified attack vectors."
{ }
"name" : "34799", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/34799" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "emuleplus-logging-dos(50081)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50081" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=676726",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=676726"
},
{
"name": "emuleplus-logging-dos(50081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50081"
},
{
"name": "34799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34799"
}
]
}
}

130
2009/1xxx/CVE-2009-1599.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1599", "ID": "CVE-2009-1599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/503183/100/0/threaded" "lang": "eng",
}, "value": "Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is \"a PDF file is active content.\""
{ }
"name" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf", ]
"refsource" : "MISC", },
"url" : "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf",
"refsource": "MISC",
"url": "http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf"
},
{
"name": "20090503 [SecNiche WhitePaper ] - PDF Silent HTTP Form Repurposing Attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503183/100/0/threaded"
}
]
}
}

34
2009/5xxx/CVE-2009-5104.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-5104", "ID": "CVE-2009-5104",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2012/2xxx/CVE-2012-2230.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2230", "ID": "CVE-2012-2230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin" "lang": "eng",
}, "value": "Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration Manager 3.5, when Kerberos is not enabled, does not properly install taskcontroller.cfg, which allows remote authenticated users to impersonate arbitrary user accounts via unspecified vectors, a different vulnerability than CVE-2012-1574."
{ }
"name" : "48776", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/48776" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cloudera-taskcontroller-spoofing(74823)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74823" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "cloudera-taskcontroller-spoofing(74823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74823"
},
{
"name": "48776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48776"
},
{
"name": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin",
"refsource": "CONFIRM",
"url": "https://ccp.cloudera.com/display/DOC/Cloudera+Security+Bulletin"
}
]
}
}

34
2012/2xxx/CVE-2012-2430.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2430", "ID": "CVE-2012-2430",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/2xxx/CVE-2012-2623.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2623", "ID": "CVE-2012-2623",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2012/2xxx/CVE-2012-2865.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2865", "ID": "CVE-2012-2865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=121347", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=121347" "lang": "eng",
}, "value": "Google Chrome before 21.0.1180.89 does not properly perform line breaking, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2012:1215", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "85030", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/85030" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14866", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866" "name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
} "refsource": "CONFIRM",
] "url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
} },
} {
"name": "85030",
"refsource": "OSVDB",
"url": "http://osvdb.org/85030"
},
{
"name": "oval:org.mitre.oval:def:14866",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14866"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=121347",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=121347"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
}
]
}
}

170
2012/3xxx/CVE-2012-3443.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3443", "ID": "CVE-2012-3443",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/31/1" "lang": "eng",
}, "value": "The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service (memory consumption) by uploading an image file."
{ }
"name" : "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/07/31/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2529", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2529" ]
}, },
{ "references": {
"name" : "MDVSA-2012:143", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143" "name": "[oss-security] 20120730 CVE Request: Django 1.3.1 and 1.4.0 security issues",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/31/1"
"name" : "USN-1560-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1560-1" "name": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/",
} "refsource": "CONFIRM",
] "url": "https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/"
} },
} {
"name": "MDVSA-2012:143",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:143"
},
{
"name": "USN-1560-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1560-1"
},
{
"name": "[oss-security] 20120730 Re: CVE Request: Django 1.3.1 and 1.4.0 security issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/31/2"
},
{
"name": "DSA-2529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2529"
}
]
}
}

170
2012/3xxx/CVE-2012-3604.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3604", "ID": "CVE-2012-3604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
} {
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

170
2012/3xxx/CVE-2012-3634.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3634", "ID": "CVE-2012-3634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5400", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5400" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
{ }
"name" : "http://support.apple.com/kb/HT5485", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5485" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5503", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5503" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-07-25-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "APPLE-SA-2012-09-19-1", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html" "name": "APPLE-SA-2012-09-19-1",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
} },
} {
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

190
2012/3xxx/CVE-2012-3709.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3709", "ID": "CVE-2012-3709",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5485", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5485" "lang": "eng",
}, "value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
{ }
"name" : "http://support.apple.com/kb/HT5502", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5502" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2012-09-12-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2012-09-19-3", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" ]
}, },
{ "references": {
"name" : "55534", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55534" "name": "APPLE-SA-2012-09-19-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
"name" : "85392", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85392" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "oval:org.mitre.oval:def:17481", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17481" "name": "http://support.apple.com/kb/HT5502",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5502"
"name" : "apple-itunes-webkit-cve20123709(78550)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78550" "name": "apple-itunes-webkit-cve20123709(78550)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78550"
} },
} {
"name": "oval:org.mitre.oval:def:17481",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17481"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "85392",
"refsource": "OSVDB",
"url": "http://osvdb.org/85392"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
}
]
}
}

190
2012/3xxx/CVE-2012-3799.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3799", "ID": "CVE-2012-3799",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) change workflows or (2) insert cross-site scripting (XSS) sequences."
{ }
"name" : "http://drupal.org/node/1619830", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1619830" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1617952", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1617952" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971", ]
"refsource" : "CONFIRM", }
"url" : "http://drupalcode.org/project/maestro.git/commitdiff/c499971" ]
}, },
{ "references": {
"name" : "53836", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53836" "name": "53836",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53836"
"name" : "82714", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/82714" "name": "82714",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/82714"
"name" : "49393", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49393" "name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
"name" : "maestro-unspecified-csrf(76146)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76146" "name": "http://drupalcode.org/project/maestro.git/commitdiff/c499971",
} "refsource": "CONFIRM",
] "url": "http://drupalcode.org/project/maestro.git/commitdiff/c499971"
} },
} {
"name": "49393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49393"
},
{
"name": "http://drupal.org/node/1617952",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1617952"
},
{
"name": "http://drupal.org/node/1619830",
"refsource": "MISC",
"url": "http://drupal.org/node/1619830"
},
{
"name": "maestro-unspecified-csrf(76146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76146"
}
]
}
}

34
2012/4xxx/CVE-2012-4040.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4040", "ID": "CVE-2012-4040",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2012/6xxx/CVE-2012-6437.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2012-6437", "ID": "CVE-2012-6437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf" "lang": "eng",
} "value": "Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 do not properly perform authentication for Ethernet firmware updates, which allows remote attackers to execute arbitrary code via a Trojan horse update image."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}

120
2012/6xxx/CVE-2012-6581.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6581", "ID": "CVE-2012-6581",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20121025 Security vulnerabilities in RT", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" "lang": "eng",
} "value": "Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before 4.0.8, when GnuPG is enabled, allows remote attackers to bypass intended restrictions on reading keys in the product's keyring, and trigger outbound e-mail messages signed by an arbitrary stored secret key, by leveraging a UI e-mail signing privilege."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
}

150
2012/6xxx/CVE-2012-6612.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6612", "ID": "CVE-2012-6612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup" "lang": "eng",
}, "value": "The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, different vectors than CVE-2013-6407."
{ }
"name" : "https://issues.apache.org/jira/browse/SOLR-3895", ]
"refsource" : "CONFIRM", },
"url" : "https://issues.apache.org/jira/browse/SOLR-3895" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1844", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1844.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0029", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0029.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2014:0029",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0029.html"
},
{
"name": "https://issues.apache.org/jira/browse/SOLR-3895",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/SOLR-3895"
},
{
"name": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/lucene/dev/branches/branch_4x/solr/CHANGES.txt?view=markup"
},
{
"name": "RHSA-2013:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1844.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5910.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5910", "ID": "CVE-2015-5910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205217", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205217" "lang": "eng",
}, "value": "IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network."
{ }
"name" : "APPLE-SA-2015-09-16-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033596", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033596" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1033596",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033596"
},
{
"name": "https://support.apple.com/HT205217",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205217"
},
{
"name": "APPLE-SA-2015-09-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00002.html"
}
]
}
}

140
2017/2xxx/CVE-2017-2156.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2156", "ID": "CVE-2017-2156",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Vivaldi installer for Windows", "product_name": "Vivaldi installer for Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to version 1.7.735.48" "version_value": "prior to version 1.7.735.48"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Vivaldi Technologies" "vendor_name": "Vivaldi Technologies"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/", "description_data": [
"refsource" : "MISC", {
"url" : "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/" "lang": "eng",
}, "value": "Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory."
{ }
"name" : "JVN#71572107", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN71572107/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98040", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98040" "lang": "eng",
} "value": "Untrusted search path vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVN#71572107",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN71572107/index.html"
},
{
"name": "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/",
"refsource": "MISC",
"url": "https://vivaldi.com/security/vulnerability-disclosure-vivaldi-installer-for-windows-could-run-arbitrary-downloaded-code-jvn71572107/"
},
{
"name": "98040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98040"
}
]
}
}

120
2017/2xxx/CVE-2017-2221.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2221", "ID": "CVE-2017-2221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Installer of Baidu IME", "product_name": "Installer of Baidu IME",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Ver3.6.1.6 and earlier" "version_value": "Ver3.6.1.6 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Baidu Japan Inc." "vendor_name": "Baidu Japan Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#17788774", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN17788774/index.html" "lang": "eng",
} "value": "Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#17788774",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN17788774/index.html"
}
]
}
}

180
2017/2xxx/CVE-2017-2473.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-2473", "ID": "CVE-2017-2473",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41792", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41792/" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "https://support.apple.com/HT207601", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT207601" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT207602", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207602" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT207615", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT207615" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT207617", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207617" "name": "97137",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97137"
"name" : "97137", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97137" "name": "https://support.apple.com/HT207601",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT207601"
"name" : "1038138", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038138" "name": "41792",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/41792/"
} },
} {
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

210
2017/2xxx/CVE-2017-2616.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "anemec@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2017-2616", "ID": "CVE-2017-2616",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "util-linux", "product_name": "util-linux",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.32.1" "version_value": "2.32.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux" "vendor_name": "Linux"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-267"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616" "lang": "eng",
}, "value": "A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions."
{ }
"name" : "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891" "impact": {
}, "cvss": [
{ [
"name" : "DSA-3793", {
"refsource" : "DEBIAN", "vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"url" : "https://www.debian.org/security/2017/dsa-3793" "version": "3.0"
}, }
{ ]
"name" : "GLSA-201706-02", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201706-02" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2017:0654", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2017-0654.html" "lang": "eng",
}, "value": "CWE-267"
{ }
"name" : "RHSA-2017:0907", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2017:0907" ]
}, },
{ "references": {
"name" : "96404", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96404" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2616"
"name" : "1038271", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038271" "name": "96404",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/96404"
} },
} {
"name": "RHSA-2017:0907",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0907"
},
{
"name": "RHSA-2017:0654",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0654.html"
},
{
"name": "GLSA-201706-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-02"
},
{
"name": "DSA-3793",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3793"
},
{
"name": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891",
"refsource": "CONFIRM",
"url": "https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891"
},
{
"name": "1038271",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038271"
}
]
}
}

130
2017/6xxx/CVE-2017-6623.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6623", "ID": "CVE-2017-6623",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Policy Suite", "product_name": "Cisco Policy Suite",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Policy Suite" "version_value": "Cisco Policy Suite"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps" "lang": "eng",
}, "value": "A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to incorrect sudoers permissions on the script file. An attacker could exploit this vulnerability by authenticating to the device and providing crafted user input at the CLI, using this script file to escalate their privilege level and execute commands as root. A successful exploit could allow the attacker to acquire root-level privileges and take full control of the appliance. The user has to be logged-in to the device with valid credentials for a specific set of users. The Cisco Policy Suite application is vulnerable when running software versions 10.0.0, 10.1.0, or 11.0.0. Cisco Bug IDs: CSCvc07366."
{ }
"name" : "98521", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98521" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98521"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-cps"
}
]
}
}

140
2017/6xxx/CVE-2017-6878.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6878", "ID": "CVE-2017-6878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170318 [CVE-2017-6878]etInfo5.3.15 Stored Cross Site Scripting", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Mar/49" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows remote authenticated users to inject arbitrary web script or HTML via the name_2 parameter to admin/column/delete.php."
{ }
"name" : "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96974", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96974" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20170318 [CVE-2017-6878]etInfo5.3.15 Stored Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Mar/49"
},
{
"name": "96974",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96974"
},
{
"name": "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/141689/MetInfo-5.3.15-Cross-Site-Scripting.html"
}
]
}
}

120
2018/11xxx/CVE-2018-11116.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11116", "ID": "CVE-2018-11116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html" "lang": "eng",
} "value": "OpenWrt mishandles access control in /etc/config/rpcd and the /usr/share/rpcd/acl.d files, which allows remote authenticated users to call arbitrary methods (i.e., achieve ubus access over HTTP) that were only supposed to be accessible to a specific user, as demonstrated by the file, log, and service namespaces, potentially leading to remote Information Disclosure or Code Execution."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html",
"refsource": "MISC",
"url": "http://blog.hac425.top/2018/05/16/openwrt_rpcd_acl_fail.html"
}
]
}
}

154
2018/11xxx/CVE-2018-11463.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2018-11463", "ID": "CVE-2018-11463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8", "product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "SINUMERIK 808D V4.7 : All versions" "version_value": "SINUMERIK 808D V4.7 : All versions"
}, },
{ {
"version_value" : "SINUMERIK 808D V4.8 : All versions" "version_value": "SINUMERIK 808D V4.8 : All versions"
}, },
{ {
"version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1" "version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
}, },
{ {
"version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5" "version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
}, },
{ {
"version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3" "version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Siemens AG" "vendor_name": "Siemens AG"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A buffer overflow in the service command application could allow a local attacker to execute code with elevated privileges. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
{ }
"name" : "106185", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106185" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106185"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]
}
}

130
2018/11xxx/CVE-2018-11472.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11472", "ID": "CVE-2018-11472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/monstra-cms/monstra/issues/445", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/monstra-cms/monstra/issues/445" "lang": "eng",
}, "value": "Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php)."
{ }
"name" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-", ]
"refsource" : "MISC", },
"url" : "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-",
"refsource": "MISC",
"url": "https://github.com/nikhil1232/Monstra-CMS-3.0.4-Reflected-XSS-On-Login-"
},
{
"name": "https://github.com/monstra-cms/monstra/issues/445",
"refsource": "MISC",
"url": "https://github.com/monstra-cms/monstra/issues/445"
}
]
}
}

34
2018/14xxx/CVE-2018-14113.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14113", "ID": "CVE-2018-14113",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/14xxx/CVE-2018-14283.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14283", "ID": "CVE-2018-14283",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.1.1049" "version_value": "9.0.1.1049"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-743", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-743" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the highlightMode attribute. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5771."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-743",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-743"
}
]
}
}

130
2018/14xxx/CVE-2018-14771.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14771", "ID": "CVE-2018-14771",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.vivotek.com/website/support/cybersecurity/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.vivotek.com/website/support/cybersecurity/" "lang": "eng",
}, "value": "VIVOTEK FD8177 devices before XXXXXX-VVTK-xx06a allow remote attackers to execute arbitrary code (issue 2 of 2) via eventscript.cgi."
{ }
"name" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vivotek.com/website/support/cybersecurity/",
"refsource": "MISC",
"url": "https://www.vivotek.com/website/support/cybersecurity/"
},
{
"name": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf",
"refsource": "CONFIRM",
"url": "http://download.vivotek.com/downloadfile/support/cyber-security/vvtk-sa-2018-003-v1.pdf"
}
]
}
}

140
2018/14xxx/CVE-2018-14951.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14951", "ID": "CVE-2018-14951",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"<form action='data:text\" attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2018/07/26/2", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2018/07/26/2" "lang": "eng",
}, "value": "The mail message display page in SquirrelMail through 1.4.22 has XSS via a \"<form action='data:text\" attack."
{ }
"name" : "https://bugs.debian.org/905023", ]
"refsource" : "MISC", },
"url" : "https://bugs.debian.org/905023" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/squirrelmail/bugs/2831/", "description": [
"refsource" : "MISC", {
"url" : "https://sourceforge.net/p/squirrelmail/bugs/2831/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://sourceforge.net/p/squirrelmail/bugs/2831/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/squirrelmail/bugs/2831/"
},
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/26/2",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/26/2"
},
{
"name": "https://bugs.debian.org/905023",
"refsource": "MISC",
"url": "https://bugs.debian.org/905023"
}
]
}
}

140
2018/15xxx/CVE-2018-15141.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15141", "ID": "CVE-2018-15141",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the \"docid\" parameter when the mode is set to delete."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45202", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45202/" "lang": "eng",
}, "value": "Directory traversal in portal/import_template.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker authenticated in the patient portal to delete arbitrary files via the \"docid\" parameter when the mode is set to delete."
{ }
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/", ]
"refsource" : "MISC", },
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/openemr/openemr/pull/1765/files", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openemr/openemr/pull/1765/files" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "45202",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45202/"
},
{
"name": "https://github.com/openemr/openemr/pull/1765/files",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1765/files"
}
]
}
}

34
2018/15xxx/CVE-2018-15292.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15292", "ID": "CVE-2018-15292",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15661.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15661", "ID": "CVE-2018-15661",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf" "lang": "eng",
} "value": "** DISPUTED ** An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS messages, then the Forgot Password screen can be used to bypass authentication. NOTE: the vendor does not agree that this is a security issue requiring a fix."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf",
"refsource": "MISC",
"url": "https://github.com/magicj3lly/appexploits/blob/master/OLA%20Money.pdf"
}
]
}
}

252
2018/15xxx/CVE-2018-15688.json
View File

@ -1,128 +1,128 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@ubuntu.com", "ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC" : "2018-10-25T00:00:00.000Z", "DATE_PUBLIC": "2018-10-25T00:00:00.000Z",
"ID" : "CVE-2018-15688", "ID": "CVE-2018-15688",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Out-of-Bounds write in systemd-networkd dhcpv6 option handling" "TITLE": "Out-of-Bounds write in systemd-networkd dhcpv6 option handling"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "systemd", "product_name": "systemd",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "239" "version_value": "239"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "systemd" "vendor_name": "systemd"
} }
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Felix Wilhelm from the Google Security Team"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "dhcp6_option_append_ia() contained an incorrect buffer size calculation."
}
] ]
} }
] },
}, "credit": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "Felix Wilhelm from the Google Security Team"
"name" : "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update", }
"refsource" : "MLIST", ],
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html" "data_format": "MITRE",
}, "data_type": "CVE",
{ "data_version": "4.0",
"name" : "https://github.com/systemd/systemd/pull/10518", "description": {
"refsource" : "MISC", "description_data": [
"url" : "https://github.com/systemd/systemd/pull/10518" {
}, "lang": "eng",
{ "value": "A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239."
"name" : "GLSA-201810-10", }
"refsource" : "GENTOO", ]
"url" : "https://security.gentoo.org/glsa/201810-10" },
}, "impact": {
{ "cvss": {
"name" : "RHSA-2018:3665", "attackComplexity": "LOW",
"refsource" : "REDHAT", "attackVector": "ADJACENT_NETWORK",
"url" : "https://access.redhat.com/errata/RHSA-2018:3665" "availabilityImpact": "HIGH",
}, "baseScore": 8.8,
{ "baseSeverity": "HIGH",
"name" : "RHSA-2019:0049", "confidentialityImpact": "HIGH",
"refsource" : "REDHAT", "integrityImpact": "HIGH",
"url" : "https://access.redhat.com/errata/RHSA-2019:0049" "privilegesRequired": "NONE",
}, "scope": "UNCHANGED",
{ "userInteraction": "NONE",
"name" : "USN-3806-1", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"refsource" : "UBUNTU", "version": "3.0"
"url" : "https://usn.ubuntu.com/3806-1/" }
}, },
{ "problemtype": {
"name" : "USN-3807-1", "problemtype_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3807-1/" "description": [
}, {
{ "lang": "eng",
"name" : "105745", "value": "dhcp6_option_append_ia() contained an incorrect buffer size calculation."
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/105745" ]
} }
] ]
}, },
"source" : { "references": {
"defect" : [ "reference_data": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921" {
], "name": "GLSA-201810-10",
"discovery" : "EXTERNAL" "refsource": "GENTOO",
} "url": "https://security.gentoo.org/glsa/201810-10"
} },
{
"name": "[debian-lts-announce] 20181119 [SECURITY] [DLA 1580-1] systemd security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html"
},
{
"name": "USN-3807-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3807-1/"
},
{
"name": "USN-3806-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3806-1/"
},
{
"name": "RHSA-2018:3665",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3665"
},
{
"name": "105745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105745"
},
{
"name": "https://github.com/systemd/systemd/pull/10518",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/pull/10518"
},
{
"name": "RHSA-2019:0049",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0049"
}
]
},
"source": {
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1795921"
],
"discovery": "EXTERNAL"
}
}

130
2018/15xxx/CVE-2018-15983.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15983", "ID": "CVE-2018-15983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html" "lang": "eng",
}, "value": "Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation."
{ }
"name" : "106108", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106108" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-42.html"
},
{
"name": "106108",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106108"
}
]
}
}

130
2018/20xxx/CVE-2018-20253.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"ID" : "CVE-2018-20253", "ID": "CVE-2018-20253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WinRAR", "product_name": "WinRAR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior and including 5.60" "version_value": "All versions prior and including 5.60"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Check Point Software Technologies Ltd." "vendor_name": "Check Point Software Technologies Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787: Out-of-bounds Write"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.win-rar.com/whatsnew.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.win-rar.com/whatsnew.html" "lang": "eng",
}, "value": "In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/", ]
"refsource" : "MISC", },
"url" : "https://research.checkpoint.com/extracting-code-execution-from-winrar/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://research.checkpoint.com/extracting-code-execution-from-winrar/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/extracting-code-execution-from-winrar/"
},
{
"name": "https://www.win-rar.com/whatsnew.html",
"refsource": "MISC",
"url": "https://www.win-rar.com/whatsnew.html"
}
]
}
}

242
2018/8xxx/CVE-2018-8118.json
View File

@ -1,123 +1,123 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8118", "ID": "CVE-2018-8118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Internet Explorer 11", "product_name": "Internet Explorer 11",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1511 for 32-bit Systems" "version_value": "Windows 10 Version 1511 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1511 for x64-based Systems" "version_value": "Windows 10 Version 1511 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1" "version_value": "Windows 7 for 32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 7 for x64-based Systems Service Pack 1" "version_value": "Windows 7 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows 8.1 for 32-bit systems" "version_value": "Windows 8.1 for 32-bit systems"
}, },
{ {
"version_value" : "Windows 8.1 for x64-based systems" "version_value": "Windows 8.1 for x64-based systems"
}, },
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
}, },
{ {
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1" "version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "Windows Server 2012 R2" "version_value": "Windows Server 2012 R2"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
} }
] ]
} }
}, },
{ {
"product_name" : "Internet Explorer 10", "product_name": "Internet Explorer 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows Server 2012" "version_value": "Windows Server 2012"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8118", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8118" "lang": "eng",
} "value": "A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka \"Internet Explorer Memory Corruption Vulnerability.\" This affects Internet Explorer 11, Internet Explorer 10."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8118",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8118"
}
]
}
}

150
2018/8xxx/CVE-2018-8416.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8416", "ID": "CVE-2018-8416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : ".NET Core", "product_name": ".NET Core",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.1" "version_value": "2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Tampering"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416" "lang": "eng",
}, "value": "A tampering vulnerability exists when .NET Core improperly handles specially crafted files, aka \".NET Core Tampering Vulnerability.\" This affects .NET Core 2.1."
{ }
"name" : "RHSA-2018:3676", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:3676" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105798", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105798" "lang": "eng",
}, "value": "Tampering"
{ }
"name" : "1042128", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1042128" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8416"
},
{
"name": "105798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105798"
},
{
"name": "RHSA-2018:3676",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3676"
},
{
"name": "1042128",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042128"
}
]
}
}

120
2018/8xxx/CVE-2018-8810.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8810", "ID": "CVE-2018-8810",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/radare/radare2/issues/9727", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/radare/radare2/issues/9727" "lang": "eng",
} "value": "In radare2 2.4.0, there is a heap-based buffer over-read in the get_ivar_list_t function of mach0_classes.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted Mach-O file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/issues/9727",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/9727"
}
]
}
}