admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:01:44 +00:00
parent 1000af82a5
commit dec10baa99
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3406 additions and 3406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0568.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020206 Hackproofing Oracle Application Server paper",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101301813117562&w=2"
},
{
"name" : "CA-2002-08",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name" : "VU#476619",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/476619"
},
{
"name" : "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource" : "MISC",
"url" : "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name" : "4290",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101301813117562&w=2"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4290"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/476619"
}
]
}
}

150
2002/0xxx/CVE-2002-0761.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0761",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-02:25",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
},
{
"name" : "CSSA-2002-039.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name" : "bzip2-compression-symlink(9128)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9128.php"
},
{
"name" : "4776",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4776"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bzip2-compression-symlink(9128)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9128.php"
},
{
"name": "CSSA-2002-039.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt"
},
{
"name": "4776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4776"
},
{
"name": "FreeBSD-SA-02:25",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc"
}
]
}
}

140
2002/1xxx/CVE-2002-1886.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021002 Multiple Web Security Holes",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html"
},
{
"name" : "5850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5850"
},
{
"name" : "tightauction-config-information-disclosure(10310)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10310.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5850"
},
{
"name": "tightauction-config-information-disclosure(10310)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10310.php"
},
{
"name": "20021002 Multiple Web Security Holes",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html"
}
]
}
}

150
2002/2xxx/CVE-2002-2130.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html"
},
{
"name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0"
},
{
"name" : "6489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6489"
},
{
"name" : "gallery-winxppublishing-command-execution(10943)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10943.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6489"
},
{
"name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=64&mode=thread&order=0&thold=0"
},
{
"name": "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0260.html"
},
{
"name": "gallery-winxppublishing-command-execution(10943)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10943.php"
}
]
}
}

120
2005/1xxx/CVE-2005-1170.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050416 phpBB datenbank mod has XSS/SQL Injection in the id variable",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111367077709726&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050416 phpBB datenbank mod has XSS/SQL Injection in the id variable",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111367077709726&w=2"
}
]
}
}

170
2009/1xxx/CVE-2009-1219.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502320/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/content/sun-calendar-express",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/sun-calendar-express"
},
{
"name" : "256228",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1"
},
{
"name" : "255008",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1"
},
{
"name" : "34150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34150"
},
{
"name" : "ADV-2009-0905",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0905"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allows remote attackers to cause a denial of service (daemon crash) via multiple requests to the default URI with alphabetic characters in the tzid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0905",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0905"
},
{
"name": "256228",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256228-1"
},
{
"name": "34150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34150"
},
{
"name": "20090331 CORE-2009-0108: Multiple vulnerabilities in Sun Calendar Express Web Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502320/100/0/threaded"
},
{
"name": "255008",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-255008-1"
},
{
"name": "http://www.coresecurity.com/content/sun-calendar-express",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/sun-calendar-express"
}
]
}
}

470
2009/1xxx/CVE-2009-1377.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=openssl-dev&m=124247675613888&w=2"
},
{
"name" : "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/18/1"
},
{
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name" : "https://launchpad.net/bugs/cve/2009-1377",
"refsource" : "MISC",
"url" : "https://launchpad.net/bugs/cve/2009-1377"
},
{
"name" : "http://cvs.openssl.org/chngview?cn=18187",
"refsource" : "CONFIRM",
"url" : "http://cvs.openssl.org/chngview?cn=18187"
},
{
"name" : "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest",
"refsource" : "CONFIRM",
"url" : "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"
},
{
"name" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
},
{
"name" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
"refsource" : "CONFIRM",
"url" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
},
{
"name" : "https://kb.bluecoat.com/index?page=content&id=SA50",
"refsource" : "CONFIRM",
"url" : "https://kb.bluecoat.com/index?page=content&id=SA50"
},
{
"name" : "GLSA-200912-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name" : "HPSBMA02492",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"name" : "SSRT100079",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"name" : "MDVSA-2009:120",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
},
{
"name" : "NetBSD-SA2009-009",
"refsource" : "NETBSD",
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
},
{
"name" : "RHSA-2009:1335",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
},
{
"name" : "SSA:2010-060-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "USN-792-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-792-1"
},
{
"name" : "35001",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35001"
},
{
"name" : "oval:org.mitre.oval:def:6683",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683"
},
{
"name" : "oval:org.mitre.oval:def:9663",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663"
},
{
"name" : "1022241",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022241"
},
{
"name" : "35128",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35128"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "35461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35461"
},
{
"name" : "35571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35571"
},
{
"name" : "35729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35729"
},
{
"name" : "37003",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37003"
},
{
"name" : "38761",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38761"
},
{
"name" : "38794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38794"
},
{
"name" : "38834",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38834"
},
{
"name" : "42724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42724"
},
{
"name" : "42733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42733"
},
{
"name" : "36533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36533"
},
{
"name" : "ADV-2009-1377",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1377"
},
{
"name" : "ADV-2010-0528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of \"future epoch\" DTLS records that are buffered in a queue, aka \"DTLS record buffer limitation bug.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42724"
},
{
"name": "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest",
"refsource": "CONFIRM",
"url": "http://rt.openssl.org/Ticket/Display.html?id=1930&user=guest&pass=guest"
},
{
"name": "SSA:2010-060-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.663049"
},
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "ADV-2009-1377",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1377"
},
{
"name": "35729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35729"
},
{
"name": "GLSA-200912-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
},
{
"name": "RHSA-2009:1335",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
},
{
"name": "HPSBMA02492",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"name": "38761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38761"
},
{
"name": "37003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37003"
},
{
"name": "oval:org.mitre.oval:def:9663",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9663"
},
{
"name": "https://launchpad.net/bugs/cve/2009-1377",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-1377"
},
{
"name": "36533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36533"
},
{
"name": "1022241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022241"
},
{
"name": "USN-792-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-792-1"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
"refsource": "CONFIRM",
"url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
},
{
"name": "[oss-security] 20090518 Two OpenSSL DTLS remote DoS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/18/1"
},
{
"name": "[openssl-dev] 20090516 [openssl.org #1930] [PATCH] DTLS record buffer limitation bug",
"refsource": "MLIST",
"url": "http://marc.info/?l=openssl-dev&m=124247675613888&w=2"
},
{
"name": "NetBSD-SA2009-009",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
},
{
"name": "35001",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35001"
},
{
"name": "oval:org.mitre.oval:def:6683",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6683"
},
{
"name": "38834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38834"
},
{
"name": "http://cvs.openssl.org/chngview?cn=18187",
"refsource": "CONFIRM",
"url": "http://cvs.openssl.org/chngview?cn=18187"
},
{
"name": "MDVSA-2009:120",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:120"
},
{
"name": "35461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35461"
},
{
"name": "35128",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35128"
},
{
"name": "35571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35571"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
},
{
"name": "https://kb.bluecoat.com/index?page=content&id=SA50",
"refsource": "CONFIRM",
"url": "https://kb.bluecoat.com/index?page=content&id=SA50"
},
{
"name": "SSRT100079",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"name": "42733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42733"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}

140
2009/1xxx/CVE-2009-1842.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource" : "MISC",
"url" : "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name" : "35117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35117"
},
{
"name" : "phpnuke-userlog-sql-injection(50818)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main/tracking/userLog.php in Francisco Burzi PHP-Nuke 8.0 allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35117"
},
{
"name": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html",
"refsource": "MISC",
"url": "http://gsasec.blogspot.com/2009/05/php-nuke-v80-referer-sql-injection.html"
},
{
"name": "phpnuke-userlog-sql-injection(50818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50818"
}
]
}
}

160
2009/5xxx/CVE-2009-5098.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091013 Palm Pre WebOS version <= 1.1 Floating Point Exception",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507126/100/0/threaded"
},
{
"name" : "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html",
"refsource" : "MISC",
"url" : "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html"
},
{
"name" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12",
"refsource" : "CONFIRM",
"url" : "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12"
},
{
"name" : "36936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36936"
},
{
"name" : "8373",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091013 Palm Pre WebOS version <= 1.1 Floating Point Exception",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507126/100/0/threaded"
},
{
"name": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12",
"refsource": "CONFIRM",
"url": "http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#12"
},
{
"name": "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html",
"refsource": "MISC",
"url": "http://tlhsecurity.blogspot.com/2009/10/palm-pre-webos-version-11-floating.html"
},
{
"name": "8373",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8373"
},
{
"name": "36936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36936"
}
]
}
}

130
2012/0xxx/CVE-2012-0244.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name" : "52051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-047-01.pdf"
},
{
"name": "52051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52051"
}
]
}
}

140
2012/0xxx/CVE-2012-0409.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0409",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-0409",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522835"
},
{
"name" : "53682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53682"
},
{
"name" : "1027100",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027100"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53682"
},
{
"name": "1027100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027100"
},
{
"name": "20120522 ESA-2012-020: EMC AutoStart Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522835"
}
]
}
}

190
2012/0xxx/CVE-2012-0769.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-0769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-05.html"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "GLSA-201204-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201204-07.xml"
},
{
"name" : "SUSE-SU-2012:0332",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html"
},
{
"name" : "openSUSE-SU-2012:0331",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html"
},
{
"name" : "oval:org.mitre.oval:def:14828",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14828"
},
{
"name" : "oval:org.mitre.oval:def:16212",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16212"
},
{
"name" : "48819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x does not properly handle integers, which allows attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:14828",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14828"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-05.html"
},
{
"name": "GLSA-201204-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201204-07.xml"
},
{
"name": "oval:org.mitre.oval:def:16212",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16212"
},
{
"name": "SUSE-SU-2012:0332",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00006.html"
},
{
"name": "openSUSE-SU-2012:0331",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00005.html"
},
{
"name": "48819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48819"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

220
2012/0xxx/CVE-2012-0774.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-08.html"
},
{
"name" : "RHSA-2012:0469",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0469.html"
},
{
"name" : "SUSE-SU-2012:0522",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html"
},
{
"name" : "SUSE-SU-2012:0524",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:0512",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html"
},
{
"name" : "TA12-101B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-101B.html"
},
{
"name" : "52951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52951"
},
{
"name" : "oval:org.mitre.oval:def:14860",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14860"
},
{
"name" : "1026908",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026908"
},
{
"name" : "48756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48756"
},
{
"name" : "48846",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:0469",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html"
},
{
"name": "48756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48756"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html"
},
{
"name": "SUSE-SU-2012:0524",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html"
},
{
"name": "48846",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48846"
},
{
"name": "TA12-101B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html"
},
{
"name": "SUSE-SU-2012:0522",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html"
},
{
"name": "52951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52951"
},
{
"name": "openSUSE-SU-2012:0512",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html"
},
{
"name": "1026908",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026908"
},
{
"name": "oval:org.mitre.oval:def:14860",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14860"
}
]
}
}

330
2012/0xxx/CVE-2012-0818.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0818",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0818",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=785631",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
},
{
"name" : "https://issues.jboss.org/browse/RESTEASY-637",
"refsource" : "CONFIRM",
"url" : "https://issues.jboss.org/browse/RESTEASY-637"
},
{
"name" : "RHSA-2012:0441",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name" : "RHSA-2012:0519",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name" : "RHSA-2012:1056",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
},
{
"name" : "RHSA-2012:1057",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
},
{
"name" : "RHSA-2012:1058",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
},
{
"name" : "RHSA-2012:1059",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
},
{
"name" : "RHSA-2012:1125",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
},
{
"name" : "RHSA-2014:0371",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name" : "RHSA-2014:0372",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
},
{
"name" : "51748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51748"
},
{
"name" : "51766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51766"
},
{
"name" : "78679",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/78679"
},
{
"name" : "47818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47818"
},
{
"name" : "47832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47832"
},
{
"name" : "50084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50084"
},
{
"name" : "48697",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48697"
},
{
"name" : "48954",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48954"
},
{
"name" : "57716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57716"
},
{
"name" : "57719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57719"
},
{
"name" : "resteasy-xml-info-disclosure(72808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=785631",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
},
{
"name": "RHSA-2012:1059",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
},
{
"name": "51748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51748"
},
{
"name": "https://issues.jboss.org/browse/RESTEASY-637",
"refsource": "CONFIRM",
"url": "https://issues.jboss.org/browse/RESTEASY-637"
},
{
"name": "RHSA-2012:1056",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
},
{
"name": "RHSA-2012:1058",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
},
{
"name": "51766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51766"
},
{
"name": "78679",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/78679"
},
{
"name": "RHSA-2012:0519",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"name": "50084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50084"
},
{
"name": "RHSA-2014:0371",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"name": "RHSA-2012:1057",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
},
{
"name": "resteasy-xml-info-disclosure(72808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
},
{
"name": "48954",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48954"
},
{
"name": "RHSA-2012:0441",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"name": "47832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47832"
},
{
"name": "57719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57719"
},
{
"name": "57716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57716"
},
{
"name": "47818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47818"
},
{
"name": "RHSA-2014:0372",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
},
{
"name": "48697",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48697"
},
{
"name": "RHSA-2012:1125",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
}
]
}
}

200
2012/1xxx/CVE-2012-1576.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-1576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html"
},
{
"name" : "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/22/3"
},
{
"name" : "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/2"
},
{
"name" : "http://git.atheme.org/atheme/commit/?id=3d9551761db2",
"refsource" : "CONFIRM",
"url" : "http://git.atheme.org/atheme/commit/?id=3d9551761db2"
},
{
"name" : "http://jira.atheme.org/browse/SRV-166",
"refsource" : "CONFIRM",
"url" : "http://jira.atheme.org/browse/SRV-166"
},
{
"name" : "GLSA-201209-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201209-09.xml"
},
{
"name" : "52675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52675"
},
{
"name" : "48481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48481"
},
{
"name" : "50704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The myuser_delete function in libathemecore/account.c in Atheme 5.x before 5.2.7, 6.x before 6.0.10, and 7.x before 7.0.0-beta2 does not properly clean up CertFP entries when a user is deleted, which allows remote attackers to access a different user account or cause a denial of service (daemon crash) via a login as a deleted user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201209-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201209-09.xml"
},
{
"name": "[oss-security] 20120322 Re: atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/2"
},
{
"name": "[oss-security] 20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/22/3"
},
{
"name": "20120321 atheme.org Security Advisory ASA-2012-03-01: Improper cleanup of CertFP entries may result in undefined behaviour",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-03/0248.html"
},
{
"name": "50704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50704"
},
{
"name": "http://jira.atheme.org/browse/SRV-166",
"refsource": "CONFIRM",
"url": "http://jira.atheme.org/browse/SRV-166"
},
{
"name": "52675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52675"
},
{
"name": "48481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48481"
},
{
"name": "http://git.atheme.org/atheme/commit/?id=3d9551761db2",
"refsource": "CONFIRM",
"url": "http://git.atheme.org/atheme/commit/?id=3d9551761db2"
}
]
}
}

160
2012/3xxx/CVE-2012-3040.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf"
},
{
"name" : "http://en.securitylab.ru/lab/PT-2012-50",
"refsource" : "MISC",
"url" : "http://en.securitylab.ru/lab/PT-2012-50"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf"
},
{
"name" : "86130",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86130"
},
{
"name" : "50816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50816"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-283-01.pdf"
},
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-279823.pdf"
},
{
"name": "86130",
"refsource": "OSVDB",
"url": "http://osvdb.org/86130"
},
{
"name": "http://en.securitylab.ru/lab/PT-2012-50",
"refsource": "MISC",
"url": "http://en.securitylab.ru/lab/PT-2012-50"
}
]
}
}

34
2012/3xxx/CVE-2012-3098.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3098",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3098",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/4xxx/CVE-2012-4722.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4722",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4722",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
}
]
}
}

120
2012/4xxx/CVE-2012-4753.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4753",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://owncloud.org/changelog/",
"refsource" : "CONFIRM",
"url" : "http://owncloud.org/changelog/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.5 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://owncloud.org/changelog/",
"refsource": "CONFIRM",
"url": "http://owncloud.org/changelog/"
}
]
}
}

34
2012/4xxx/CVE-2012-4910.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4910",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4910",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
}
]
}
}

170
2012/6xxx/CVE-2012-6531.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120626 Re: XXE in Zend",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name" : "[oss-security] 20120626 XXE in Zend",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"name" : "[oss-security] 20120627 Re: XXE in Zend",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"name" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
},
{
"name" : "http://framework.zend.com/security/advisory/ZF2012-01",
"refsource" : "CONFIRM",
"url" : "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"name" : "DSA-2505",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML external entity (XXE) injection attack, a different vulnerability than CVE-2012-3363."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120627 Re: XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2"
},
{
"name": "DSA-2505",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2505"
},
{
"name": "[oss-security] 20120626 Re: XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4"
},
{
"name": "[oss-security] 20120626 XXE in Zend",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2012-01",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2012-01"
},
{
"name": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt"
}
]
}
}

130
2017/2xxx/CVE-2017-2220.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of CASL II simulator(self-extract format)",
"version" : {
"version_data" : [
{
"version_value" : "all versions"
}
]
}
}
]
},
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of CASL II simulator(self-extract format)",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
"refsource" : "MISC",
"url" : "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name" : "JVN#67305782",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN67305782/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of CASL II simulator (self-extract format) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html",
"refsource": "MISC",
"url": "https://www.jitec.ipa.go.jp/1_20casl2/casl2dl_2017_01.html"
},
{
"name": "JVN#67305782",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN67305782/index.html"
}
]
}
}

160
2017/2xxx/CVE-2017-2371.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41451",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41451/"
},
{
"name" : "https://support.apple.com/HT207482",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207482"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "95735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95735"
},
{
"name" : "1037668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the \"WebKit\" component, which allows remote attackers to launch popups via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41451",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41451/"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
},
{
"name": "95735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95735"
}
]
}
}

180
2017/2xxx/CVE-2017-2462.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-17-189/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-17-189/"
},
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207602",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207602"
},
{
"name" : "https://support.apple.com/HT207615",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207615"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97137",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97137"
},
{
"name" : "1038138",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the \"Audio\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted audio file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97137",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97137"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207615",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207615"
},
{
"name": "1038138",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038138"
},
{
"name": "https://support.apple.com/HT207602",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207602"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-17-189/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-17-189/"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

34
2017/2xxx/CVE-2017-2573.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2573",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2573",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/2xxx/CVE-2017-2802.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-06-30T00:00:00",
"ID" : "CVE-2017-2802",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Dell",
"version" : {
"version_data" : [
{
"version_value" : "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0"
}
]
}
}
]
},
"vendor_name" : "dell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "dll hijiacking"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-06-30T00:00:00",
"ID": "CVE-2017-2802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Dell",
"version": {
"version_data": [
{
"version_value": "Precision Tower 5810 with nvidia graphic cards. PPO Policy Processing Engine - FileVersion : 3.5.5.0 ati.dll ( PPO Monitoring Plugin ) - FileVersion : 3.5.5.0"
}
]
}
}
]
},
"vendor_name": "dell"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
},
{
"name" : "99360",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. An attacker with local access to vulnerable system can exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "dll hijiacking"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0247"
},
{
"name": "99360",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99360"
}
]
}
}

34
2017/6xxx/CVE-2017-6000.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6000",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-6000",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

160
2017/6xxx/CVE-2017-6059.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170217 OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/17/6"
},
{
"name" : "https://github.com/pingidentity/mod_auth_openidc/issues/212",
"refsource" : "MISC",
"url" : "https://github.com/pingidentity/mod_auth_openidc/issues/212"
},
{
"name" : "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4",
"refsource" : "CONFIRM",
"url" : "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4"
},
{
"name" : "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4",
"refsource" : "CONFIRM",
"url" : "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4"
},
{
"name" : "96299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pingidentity/mod_auth_openidc/issues/212",
"refsource": "MISC",
"url": "https://github.com/pingidentity/mod_auth_openidc/issues/212"
},
{
"name": "96299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96299"
},
{
"name": "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4",
"refsource": "CONFIRM",
"url": "https://github.com/pingidentity/mod_auth_openidc/releases/tag/v2.1.4"
},
{
"name": "[oss-security] 20170217 OpenID Connect authentication module for Apache: CVE-2017-6059 CVE-2017-6062",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/17/6"
},
{
"name": "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4",
"refsource": "CONFIRM",
"url": "https://github.com/pingidentity/mod_auth_openidc/commit/612e309bfffd6f9b8ad7cdccda3019fc0865f3b4"
}
]
}
}

160
2017/6xxx/CVE-2017-6060.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20170218 mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2017/02/18/1"
},
{
"name" : "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=697551",
"refsource" : "MISC",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=697551"
},
{
"name" : "GLSA-201706-08",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-08"
},
{
"name" : "96266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in jstest_main.c in mujstest in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to have unspecified impact via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96266"
},
{
"name": "[oss-security] 20170218 mupdf: mujstest: stack-based buffer overflow in main (jstest_main.c)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/02/18/1"
},
{
"name": "GLSA-201706-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-08"
},
{
"name": "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/02/17/mupdf-mujstest-stack-based-buffer-overflow-in-main-jstest_main-c/"
},
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=697551",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=697551"
}
]
}
}

34
2017/6xxx/CVE-2017-6064.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6064",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6064",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/6xxx/CVE-2017-6071.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://dev.cmsmadesimple.org/project/files/69",
"refsource" : "MISC",
"url" : "http://dev.cmsmadesimple.org/project/files/69"
},
{
"name" : "https://daylight-it.com/security-advisory-dlcs0001.html",
"refsource" : "MISC",
"url" : "https://daylight-it.com/security-advisory-dlcs0001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://daylight-it.com/security-advisory-dlcs0001.html",
"refsource": "MISC",
"url": "https://daylight-it.com/security-advisory-dlcs0001.html"
},
{
"name": "http://dev.cmsmadesimple.org/project/files/69",
"refsource": "MISC",
"url": "http://dev.cmsmadesimple.org/project/files/69"
}
]
}
}

122
2017/6xxx/CVE-2017-6284.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-02-26T00:00:00",
"ID" : "CVE-2017-6284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SHIELD TV",
"version" : {
"version_data" : [
{
"version_value" : "NA"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-02-26T00:00:00",
"ID": "CVE-2017-6284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SHIELD TV",
"version": {
"version_data": [
{
"version_value": "NA"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Security Engine contains a vulnerability in the Deterministic Random Bit Generator (DRBG) where the DRBG does not properly initialize and store or transmits sensitive data using a weakened encryption scheme that is unable to protect sensitive data which may lead to information disclosure.This issue is rated as moderate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4631"
}
]
}
}

140
2017/7xxx/CVE-2017-7072.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"iBooks\" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208112",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208112"
},
{
"name" : "100892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100892"
},
{
"name" : "1039385",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11 is affected. The issue involves the \"iBooks\" component. It allows remote attackers to cause a denial of service (persistent outage) via a crafted iBooks file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100892"
},
{
"name": "1039385",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039385"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
}
]
}
}

140
2017/7xxx/CVE-2017-7142.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208116",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208116"
},
{
"name" : "100996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100996"
},
{
"name" : "1039384",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039384"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 11 is affected. The issue involves the \"WebKit Storage\" component. It allows attackers to bypass the Safari Private Browsing protection mechanism, and consequently obtain sensitive information about visited web sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039384",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039384"
},
{
"name": "100996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100996"
},
{
"name": "https://support.apple.com/HT208116",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208116"
}
]
}
}

152
2017/7xxx/CVE-2017-7653.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "emo@eclipse.org",
"ID" : "CVE-2017-7653",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Eclipse Mosquitto",
"version" : {
"version_data" : [
{
"version_affected" : "<=",
"version_value" : "1.4.15"
}
]
}
}
]
},
"vendor_name" : "The Eclipse Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20: Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "security@eclipse.org",
"ID": "CVE-2017-7653",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eclipse Mosquitto",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_value": "1.4.15"
}
]
}
}
]
},
"vendor_name": "The Eclipse Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180928 [SECURITY] [DLA 1525-1] mosquitto security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html"
},
{
"name" : "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf",
"refsource" : "MISC",
"url" : "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf"
},
{
"name" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113",
"refsource" : "CONFIRM",
"url" : "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113"
},
{
"name" : "DSA-4325",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Eclipse Mosquitto broker up to version 1.4.15 does not reject strings that are not valid UTF-8. A malicious client could cause other clients that do reject invalid UTF-8 strings to disconnect themselves from the broker by sending a topic string which is not valid UTF-8, and so cause a denial of service for the clients."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113",
"refsource": "CONFIRM",
"url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=532113"
},
{
"name": "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf",
"refsource": "MISC",
"url": "http://docs.oasis-open.org/mqtt/disallowed-chars/v1.0/disallowed-chars-v1.0.pdf"
},
{
"name": "[debian-lts-announce] 20180928 [SECURITY] [DLA 1525-1] mosquitto security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00036.html"
},
{
"name": "DSA-4325",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4325"
}
]
}
}

296
2017/7xxx/CVE-2017-7826.json
View File

@ -1,150 +1,150 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2017-7826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "57"
}
]
}
},
{
"product_name" : "Firefox ESR",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.5"
}
]
}
},
{
"product_name" : "Thunderbird",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "52.5"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2017-7826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "57"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.5"
}
]
}
},
{
"product_name": "Thunderbird",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "52.5"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"
},
{
"name" : "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"
},
{
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-24/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-24/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-25/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-25/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-26/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-26/"
},
{
"name" : "DSA-4035",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4035"
},
{
"name" : "DSA-4061",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4061"
},
{
"name" : "DSA-4075",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4075"
},
{
"name" : "RHSA-2017:3247",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3247"
},
{
"name" : "RHSA-2017:3372",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3372"
},
{
"name" : "USN-3688-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3688-1/"
},
{
"name" : "101832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101832"
},
{
"name" : "1039803",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039803"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171209 [SECURITY] [DLA 1199-1] thunderbird security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00001.html"
},
{
"name": "DSA-4035",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4035"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-24/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-24/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-25/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-25/"
},
{
"name": "101832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101832"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2017-26/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2017-26/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1394530%2C1369561%2C1411458%2C1400003%2C1395138%2C1408412%2C1393840%2C1400763%2C1339259%2C1394265%2C1407740%2C1407751%2C1408005%2C1406398%2C1387799%2C1261175%2C1400554%2C1375146%2C1397811%2C1404636%2C1401804"
},
{
"name": "1039803",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039803"
},
{
"name": "DSA-4061",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4061"
},
{
"name": "[debian-lts-announce] 20171115 [SECURITY] [DLA 1172-1] firefox-esr security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00018.html"
},
{
"name": "RHSA-2017:3247",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3247"
},
{
"name": "DSA-4075",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4075"
},
{
"name": "USN-3688-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3688-1/"
},
{
"name": "RHSA-2017:3372",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3372"
}
]
}
}

160
2017/7xxx/CVE-2017-7869.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"name" : "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
"refsource" : "MISC",
"url" : "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"name" : "https://www.gnutls.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.gnutls.org/security.html"
},
{
"name" : "RHSA-2017:2292",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name" : "97040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GnuTLS before 2017-02-20 has an out-of-bounds write caused by an integer overflow and heap-based buffer overflow related to the cdk_pkt_read function in opencdk/read-packet.c. This issue (which is a subset of the vendor's GNUTLS-SA-2017-3 report) is fixed in 3.5.10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420"
},
{
"name": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe",
"refsource": "MISC",
"url": "https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe"
},
{
"name": "RHSA-2017:2292",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2292"
},
{
"name": "https://www.gnutls.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.gnutls.org/security.html"
},
{
"name": "97040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97040"
}
]
}
}

120
2018/10xxx/CVE-2018-10509.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-10509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro OfficeScan",
"version" : {
"version_data" : [
{
"version_value" : "11.0 SP1, XG"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-10509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro OfficeScan",
"version": {
"version_data": [
{
"version_value": "11.0 SP1, XG"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://success.trendmicro.com/solution/1119961",
"refsource" : "CONFIRM",
"url" : "https://success.trendmicro.com/solution/1119961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Trend Micro OfficeScan 11.0 SP1 and XG could allow a attacker to exploit it via a Browser Refresh attack on vulnerable installations. An attacker must be using a AD logon user account in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://success.trendmicro.com/solution/1119961",
"refsource": "CONFIRM",
"url": "https://success.trendmicro.com/solution/1119961"
}
]
}
}

34
2018/14xxx/CVE-2018-14217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14217",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14217",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14736.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/cloudwu/pbc/issues/123#issue-343906084",
"refsource" : "MISC",
"url" : "https://github.com/cloudwu/pbc/issues/123#issue-343906084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cloudwu/pbc/issues/123#issue-343906084",
"refsource": "MISC",
"url": "https://github.com/cloudwu/pbc/issues/123#issue-343906084"
}
]
}
}

142
2018/14xxx/CVE-2018-14806.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-10-23T00:00:00",
"ID" : "CVE-2018-14806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Advantech WebAccess",
"version" : {
"version_data" : [
{
"version_value" : "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name" : "Advantech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-10-23T00:00:00",
"ID": "CVE-2018-14806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Advantech WebAccess",
"version": {
"version_data": [
{
"version_value": "WebAccess Versions 8.3.1 and prior"
}
]
}
}
]
},
"vendor_name": "Advantech"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name" : "105728",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105728"
},
{
"name" : "1041939",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Advantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041939"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-01,"
},
{
"name": "105728",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105728"
}
]
}
}

130
2018/20xxx/CVE-2018-20098.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Exiv2/exiv2/issues/590",
"refsource" : "MISC",
"url" : "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a heap-based buffer over-read in Exiv2::Jp2Image::encodeJp2Header of jp2image.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/590",
"refsource": "MISC",
"url": "https://github.com/Exiv2/exiv2/issues/590"
},
{
"name": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/tree/master/exiv2/20181206"
}
]
}
}

130
2018/20xxx/CVE-2018-20363.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20363",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/LibRaw/LibRaw/issues/193",
"refsource" : "MISC",
"url" : "https://github.com/LibRaw/LibRaw/issues/193"
},
{
"name" : "106299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106299"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106299"
},
{
"name": "https://github.com/LibRaw/LibRaw/issues/193",
"refsource": "MISC",
"url": "https://github.com/LibRaw/LibRaw/issues/193"
}
]
}
}

130
2018/20xxx/CVE-2018-20460.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf"
},
{
"name" : "https://github.com/radare/radare2/issues/12376",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/12376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In radare2 prior to 3.1.2, the parseOperands function in libr/asm/arch/arm/armass64.c allows attackers to cause a denial-of-service (application crash caused by stack-based buffer overflow) by crafting an input file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/commit/df167c7db545953bb7f71c72e98e7a3ca0c793bf"
},
{
"name": "https://github.com/radare/radare2/issues/12376",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/12376"
}
]
}
}

120
2018/20xxx/CVE-2018-20537.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652611",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1652611"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a NULL pointer dereference at liblas::SpatialReference::GetGTIF() (spatialreference.cpp) in libLAS 1.8.1 that will cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1652611"
}
]
}
}

34
2018/20xxx/CVE-2018-20678.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20678",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20678",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9164",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9164",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9217",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9217",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9783.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9783",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9783",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9932.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9932",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9932",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/9xxx/CVE-2018-9966.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-350",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-350"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Calculate actions of TextBox objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5570."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-350",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-350"
}
]
}
}