admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:22:33 +00:00
parent 0331faa851
commit f5deb690fd
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3707 additions and 3707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2002/0xxx/CVE-2002-0148.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0148", "ID": "CVE-2002-0148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS02-018", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page."
{ }
"name" : "CA-2002-09", ]
"refsource" : "CERT", },
"url" : "http://www.cert.org/advisories/CA-2002-09.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018", "description": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "iis-http-error-page-css(8803)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/8803.php" ]
}, },
{ "references": {
"name" : "VU#886699", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/886699" "name": "iis-http-error-page-css(8803)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/8803.php"
"name" : "4486", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4486" "name": "3339",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/3339"
"name" : "3339", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3339" "name": "oval:org.mitre.oval:def:81",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81"
"name" : "oval:org.mitre.oval:def:81", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81" "name": "MS02-018",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018"
"name" : "oval:org.mitre.oval:def:92", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92" "name": "oval:org.mitre.oval:def:92",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92"
} },
} {
"name": "CA-2002-09",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-09.html"
},
{
"name": "VU#886699",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/886699"
},
{
"name": "20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml"
},
{
"name": "4486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4486"
}
]
}
}

160
2002/0xxx/CVE-2002-0824.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0824", "ID": "CVE-2002-0824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FreeBSD-SA-02:32.pppd", "description_data": [
"refsource" : "FREEBSD", {
"url" : "http://marc.info/?l=bugtraq&m=102812546815606&w=2" "lang": "eng",
}, "value": "BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device."
{ }
"name" : "NetBSD-SA2002-010", ]
"refsource" : "NETBSD", },
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20020729 011: SECURITY FIX: July 29, 2002", "description": [
"refsource" : "OPENBSD", {
"url" : "http://www.openbsd.org/errata31.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "pppd-race-condition(9738)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9738.php" ]
}, },
{ "references": {
"name" : "5355", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5355" "name": "20020729 011: SECURITY FIX: July 29, 2002",
} "refsource": "OPENBSD",
] "url": "http://www.openbsd.org/errata31.html"
} },
} {
"name": "pppd-race-condition(9738)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9738.php"
},
{
"name": "NetBSD-SA2002-010",
"refsource": "NETBSD",
"url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc"
},
{
"name": "FreeBSD-SA-02:32.pppd",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=102812546815606&w=2"
},
{
"name": "5355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5355"
}
]
}
}

190
2002/0xxx/CVE-2002-0925.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0925", "ID": "CVE-2002-0925",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html" "lang": "eng",
}, "value": "Format string vulnerability in mmsyslog function allows remote attackers to execute arbitrary code via (1) the USER command to mmpop3d for mmmail 0.0.13 and earlier, (2) the HELO command to mmsmtpd for mmmail 0.0.13 and earlier, or (3) the USER command to mmftpd 0.0.7 and earlier."
{ }
"name" : "20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/276523" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt" ]
}, },
{ "references": {
"name" : "4990", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4990" "name": "mmftpd-mmsyslog-format-string(9337)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/9337.php"
"name" : "mmmail-mmsyslog-format-string(9336)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9336.php" "name": "http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt",
}, "refsource": "CONFIRM",
{ "url": "http://mmondor.gobot.ca/software/linux/mmftpd-changelog.txt"
"name" : "4999", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4999" "name": "4990",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/4990"
"name" : "mmftpd-mmsyslog-format-string(9337)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9337.php" "name": "mmmail-mmsyslog-format-string(9336)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/9336.php"
} },
} {
"name": "20020612 [CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0095.html"
},
{
"name": "20020612 [CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276523"
},
{
"name": "4999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4999"
},
{
"name": "http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt",
"refsource": "CONFIRM",
"url": "http://mmondor.gobot.ca/software/linux/mmmail-changelog.txt"
}
]
}
}

160
2002/1xxx/CVE-2002-1769.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1769", "ID": "CVE-2002-1769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the \"Log on locally\" privilege."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020129 RFP2201: MS Site Server Evilness", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html" "lang": "eng",
}, "value": "Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_Anonymous, with a default password of LdapPassword_1, which allows remote attackers the \"Log on locally\" privilege."
{ }
"name" : "Q248840", ]
"refsource" : "MSKB", },
"url" : "http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248840" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://online.securityfocus.com/advisories/3843", "description": [
"refsource" : "MISC", {
"url" : "http://online.securityfocus.com/advisories/3843" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3998", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3998" ]
}, },
{ "references": {
"name" : "siteserver-ldap-anonymous-account(8048)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8048" "name": "http://online.securityfocus.com/advisories/3843",
} "refsource": "MISC",
] "url": "http://online.securityfocus.com/advisories/3843"
} },
} {
"name": "3998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3998"
},
{
"name": "Q248840",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;en-us;Q248840"
},
{
"name": "20020129 RFP2201: MS Site Server Evilness",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0033.html"
},
{
"name": "siteserver-ldap-anonymous-account(8048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8048"
}
]
}
}

140
2002/2xxx/CVE-2002-2210.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2210", "ID": "CVE-2002-2210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021011 OpenOffice 1.0.1 Race condition during installation.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0161.html" "lang": "eng",
}, "value": "The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file."
{ }
"name" : "5950", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5950" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openofficeorg-tmpfile-symlink(10346)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10346.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "openofficeorg-tmpfile-symlink(10346)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10346.php"
},
{
"name": "5950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5950"
},
{
"name": "20021011 OpenOffice 1.0.1 Race condition during installation.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0161.html"
}
]
}
}

160
2005/0xxx/CVE-2005-0249.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0249", "ID": "CVE-2005-0249",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050208 Symantec AntiVirus Library Heap Overflow", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/xforce/alerts/id/187" "lang": "eng",
}, "value": "Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header."
{ }
"name" : "http://www.symantec.com/avcenter/security/Content/2005.02.08.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.symantec.com/avcenter/security/Content/2005.02.08.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#107822", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/107822" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013133", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013133" ]
}, },
{ "references": {
"name" : "upx-engine-gain-control(18869)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869" "name": "VU#107822",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/107822"
} },
} {
"name": "20050208 Symantec AntiVirus Library Heap Overflow",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/187"
},
{
"name": "1013133",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013133"
},
{
"name": "upx-engine-gain-control(18869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18869"
},
{
"name": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/avcenter/security/Content/2005.02.08.html"
}
]
}
}

230
2005/0xxx/CVE-2005-0664.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0664", "ID": "CVE-2005-0664",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-709", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-709" "lang": "eng",
}, "value": "Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag."
{ }
"name" : "GLSA-200503-17", ]
"refsource" : "GENTOO", },
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-17.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDKSA-2005:064", "description": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:064" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:300", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-300.html" ]
}, },
{ "references": {
"name" : "102041", "reference_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102041-1" "name": "1013398",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013398"
"name" : "USN-91-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/91-1/" "name": "102041",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102041-1"
"name" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=7152", },
"refsource" : "MISC", {
"url" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=7152" "name": "DSA-709",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-709"
"name" : "oval:org.mitre.oval:def:10832", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10832" "name": "USN-91-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/91-1/"
"name" : "ADV-2005-0240", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0240" "name": "GLSA-200503-17",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-17.xml"
"name" : "ADV-2005-2565", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2565" "name": "ADV-2005-0240",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/0240"
"name" : "1013398", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013398" "name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=7152",
}, "refsource": "MISC",
{ "url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=7152"
"name" : "17705", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17705" "name": "ADV-2005-2565",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2005/2565"
} },
} {
"name": "oval:org.mitre.oval:def:10832",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10832"
},
{
"name": "17705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17705"
},
{
"name": "MDKSA-2005:064",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:064"
},
{
"name": "RHSA-2005:300",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-300.html"
}
]
}
}

120
2005/0xxx/CVE-2005-0676.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0676", "ID": "CVE-2005-0676",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1013365", "description_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013365" "lang": "eng",
} "value": "index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013365"
}
]
}
}

130
2005/0xxx/CVE-2005-0907.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0907", "ID": "CVE-2005-0907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050327 Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php."
{ }
"name" : "1013565", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1013565" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050327 Multiple sql injection, and xss vulnerabilities in Vladersoft Shopping Cart v.3.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/394406/2005-03-26/2005-04-01/2"
},
{
"name": "1013565",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013565"
}
]
}
}

150
2005/1xxx/CVE-2005-1010.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1010", "ID": "CVE-2005-1010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13000", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13000" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username."
{ }
"name" : "1013634", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1013634" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14825", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14825" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "comersus-username-xss(19962)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19962" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1013634",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013634"
},
{
"name": "comersus-username-xss(19962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19962"
},
{
"name": "13000",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13000"
},
{
"name": "14825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14825"
}
]
}
}

200
2005/1xxx/CVE-2005-1932.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1932", "ID": "CVE-2005-1932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html" "lang": "eng",
}, "value": "Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php."
{ }
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.", ]
"refsource" : "FULLDISC", }
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html" ]
}, },
{ "references": {
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.", "reference_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html" "name": "13869",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/13869"
"name" : "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.", },
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html" "name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to reset the DNS information of any domain name managed by the system.",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034419.html"
"name" : "http://www.lpanel.net/changelog.php", },
"refsource" : "CONFIRM", {
"url" : "http://www.lpanel.net/changelog.php" "name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to the unauthorized viewing of client invoice information.",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034417.html"
"name" : "13869", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13869" "name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to respond to any support ticket on the system.",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034418.html"
"name" : "15589", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15589/" "name": "http://www.lpanel.net/changelog.php",
} "refsource": "CONFIRM",
] "url": "http://www.lpanel.net/changelog.php"
} },
} {
"name": "15589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15589/"
},
{
"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to open any support ticket within the system.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034415.html"
},
{
"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable to unauthorized domain management access.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034416.html"
},
{
"name": "20050606 Lpanel.NET's Lpanel (all versions up to and including 1.59) is vulnerable in that it allows an attacker to close any support ticket within the system.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034414.html"
}
]
}
}

260
2005/1xxx/CVE-2005-1979.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2005-1979", "ID": "CVE-2005-1979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an \"unexpected protocol command during the reconnection request,\" which is not properly handled by the Transaction Internet Protocol (TIP) functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051011 Microsoft Distributed Transaction Controller TIP DoS Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=320&type=vulnerabilities" "lang": "eng",
}, "value": "Distributed Transaction Controller in Microsoft Windows allows remote servers to cause a denial of service (MSDTC service exception and exit) via an \"unexpected protocol command during the reconnection request,\" which is not properly handled by the Transaction Internet Protocol (TIP) functionality."
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS05-051", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15058", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15058" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:1134", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1134" "name": "17161",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17161"
"name" : "oval:org.mitre.oval:def:1283", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1283" "name": "oval:org.mitre.oval:def:1134",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1134"
"name" : "oval:org.mitre.oval:def:1338", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1338" "name": "oval:org.mitre.oval:def:1283",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1283"
"name" : "oval:org.mitre.oval:def:1513", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1513" "name": "oval:org.mitre.oval:def:1513",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1513"
"name" : "oval:org.mitre.oval:def:1550", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1550" "name": "MS05-051",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-051"
"name" : "oval:org.mitre.oval:def:686", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A686" "name": "1015037",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015037"
"name" : "1015037", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015037" "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
"name" : "17161", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17161" "name": "oval:org.mitre.oval:def:1550",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1550"
"name" : "17172", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17172" "name": "oval:org.mitre.oval:def:1338",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1338"
"name" : "17223", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17223" "name": "17223",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17223"
"name" : "17509", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17509" "name": "20051011 Microsoft Distributed Transaction Controller TIP DoS Vulnerability",
} "refsource": "IDEFENSE",
] "url": "http://www.idefense.com/application/poi/display?id=320&type=vulnerabilities"
} },
} {
"name": "17172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17172"
},
{
"name": "oval:org.mitre.oval:def:686",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A686"
},
{
"name": "17509",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17509"
},
{
"name": "15058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15058"
}
]
}
}

140
2009/0xxx/CVE-2009-0247.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0247", "ID": "CVE-2009-0247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090119 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500169/100/0/threaded" "lang": "eng",
}, "value": "The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable."
{ }
"name" : "33341", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33341" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53kfwebim-msg-xss(48096)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48096" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "33341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33341"
},
{
"name": "53kfwebim-msg-xss(48096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48096"
},
{
"name": "20090119 53KF Web IM 2009 Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500169/100/0/threaded"
}
]
}
}

140
2009/0xxx/CVE-2009-0283.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0283", "ID": "CVE-2009-0283",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090123 Oblog XSS valnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500349/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter."
{ }
"name" : "20090124 Re: Oblog XSS valnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/500397/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33416", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33416" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20090123 Oblog XSS valnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500349/100/0/threaded"
},
{
"name": "20090124 Re: Oblog XSS valnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500397/100/0/threaded"
},
{
"name": "33416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33416"
}
]
}
}

140
2009/0xxx/CVE-2009-0711.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0711", "ID": "CVE-2009-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7636", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7636" "lang": "eng",
}, "value": "filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown."
{ }
"name" : "51102", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/51102" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33367", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33367" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "51102",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51102"
},
{
"name": "33367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33367"
},
{
"name": "7636",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7636"
}
]
}
}

180
2009/1xxx/CVE-2009-1172.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1172", "ID": "CVE-2009-1172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951" "lang": "eng",
}, "value": "The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27014463" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21367223", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21367223" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "PK75992", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992" ]
}, },
{ "references": {
"name" : "34502", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34502" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951"
"name" : "34131", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34131" "name": "34131",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34131"
"name" : "34461", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34461" "name": "34461",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/34461"
} },
} {
"name": "PK75992",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75992"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21367223",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21367223"
},
{
"name": "34502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34502"
}
]
}
}

130
2009/1xxx/CVE-2009-1807.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1807", "ID": "CVE-2009-1807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisrt.org/enblog/read.php?245", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.cisrt.org/enblog/read.php?245" "lang": "eng",
}, "value": "Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009."
{ }
"name" : "ADV-2009-1392", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2009/1392" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1392",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1392"
},
{
"name": "http://www.cisrt.org/enblog/read.php?245",
"refsource": "MISC",
"url": "http://www.cisrt.org/enblog/read.php?245"
}
]
}
}

180
2012/2xxx/CVE-2012-2004.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-2004", "ID": "CVE-2012-2004",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBMU02770", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/522548" "lang": "eng",
}, "value": "Open redirect vulnerability in HP Insight Management Agents before 9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
{ }
"name" : "SSRT100848", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/archive/1/522548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53341", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53341" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "81667", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/81667" ]
}, },
{ "references": {
"name" : "1027003", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027003" "name": "53341",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53341"
"name" : "49054", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49054" "name": "81667",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/81667"
"name" : "hp-ima-url-redirection(75313)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75313" "name": "49054",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/49054"
} },
} {
"name": "HPSBMU02770",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/522548"
},
{
"name": "SSRT100848",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/522548"
},
{
"name": "hp-ima-url-redirection(75313)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75313"
},
{
"name": "1027003",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027003"
}
]
}
}

150
2012/2xxx/CVE-2012-2039.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2012-2039", "ID": "CVE-2012-2039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors."
{ }
"name" : "RHSA-2012:0722", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0722.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2012:0724", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:0723", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "RHSA-2012:0722",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0722.html"
},
{
"name": "SUSE-SU-2012:0724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-14.html"
},
{
"name": "openSUSE-SU-2012:0723",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2443.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2443", "ID": "CVE-2012-2443",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/2xxx/CVE-2012-2457.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2457", "ID": "CVE-2012-2457",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/2xxx/CVE-2012-2492.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2492", "ID": "CVE-2012-2492",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/2xxx/CVE-2012-2872.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2872", "ID": "CVE-2012-2872",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=142956", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=142956" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2012:1215", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "85037", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/85037" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:15853", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15853" "name": "google-chrome-ssl-xss(78181)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78181"
"name" : "google-chrome-ssl-xss(78181)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78181" "name": "85037",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/85037"
} },
} {
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "oval:org.mitre.oval:def:15853",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15853"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=142956",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=142956"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
}
]
}
}

130
2012/2xxx/CVE-2012-2899.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2899", "ID": "CVE-2012-2899",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html" "lang": "eng",
}, "value": "Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=147625", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=147625" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=147625",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=147625"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"
}
]
}
}

120
2012/3xxx/CVE-2012-3698.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3698", "ID": "CVE-2012-3698",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "APPLE-SA-2012-07-25-2", "description_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html" "lang": "eng",
} "value": "Apple Xcode before 4.4 does not properly compose a designated requirement (DR) during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a (1) helper tool or (2) command-line tool."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-07-25-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00001.html"
}
]
}
}

170
2012/3xxx/CVE-2012-3795.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3795", "ID": "CVE-2012-3795",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.org/adv/proservrex_1-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.org/adv/proservrex_1-adv.txt" "lang": "eng",
}, "value": "Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, allows remote attackers to cause a denial of service (daemon crash) via a crafted packet with a certain opcode and a large value in a size field."
{ }
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01", ]
"refsource" : "MISC", },
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.hmisource.com/otasuke/news/2012/0606.html", ]
"refsource" : "CONFIRM", }
"url" : "https://www.hmisource.com/otasuke/news/2012/0606.html" ]
}, },
{ "references": {
"name" : "53499", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53499" "name": "https://www.hmisource.com/otasuke/news/2012/0606.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.hmisource.com/otasuke/news/2012/0606.html"
"name" : "49172", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49172" "name": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt",
} "refsource": "CONFIRM",
] "url": "https://www.hmisource.com/otasuke/download/update/server_ex/server_ex/Readme_E.txt"
} },
} {
"name": "http://aluigi.org/adv/proservrex_1-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.org/adv/proservrex_1-adv.txt"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-179-01"
},
{
"name": "53499",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53499"
},
{
"name": "49172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49172"
}
]
}
}

220
2012/3xxx/CVE-2012-3967.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3967", "ID": "CVE-2012-3967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html" "lang": "eng",
}, "value": "The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 on Linux, when a large number of sampler uniforms are used, does not properly interact with Mesa drivers, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted web site."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=777028", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=777028" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1211", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html" ]
}, },
{ "references": {
"name" : "RHSA-2012:1210", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html" "name": "RHSA-2012:1211",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
"name" : "SUSE-SU-2012:1167", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html" "name": "USN-1548-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1548-1"
"name" : "openSUSE-SU-2012:1065", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html" "name": "USN-1548-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1548-2"
"name" : "SUSE-SU-2012:1157", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html" "name": "55277",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55277"
"name" : "USN-1548-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1548-2" "name": "RHSA-2012:1210",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
"name" : "USN-1548-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1548-1" "name": "SUSE-SU-2012:1167",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
"name" : "55277", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55277" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=777028",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777028"
} },
} {
"name": "SUSE-SU-2012:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name": "openSUSE-SU-2012:1065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-62.html"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

310
2012/4xxx/CVE-2012-4205.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4205", "ID": "CVE-2012-4205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-97.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-97.html" "lang": "eng",
}, "value": "Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 assign the system principal, rather than the sandbox principal, to XMLHttpRequest objects created in sandboxes, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks or obtain sensitive information by leveraging a sandboxed add-on."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=779821", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=779821" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2012:1583", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:1585", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:1586", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=779821",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=779821"
"name" : "SUSE-SU-2012:1592", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" "name": "USN-1638-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-3"
"name" : "openSUSE-SU-2013:0175", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" "name": "51370",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51370"
"name" : "USN-1638-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-1" "name": "USN-1638-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-2"
"name" : "USN-1638-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-3" "name": "openSUSE-SU-2012:1586",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
"name" : "USN-1638-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-2" "name": "USN-1636-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1636-1"
"name" : "USN-1636-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1636-1" "name": "openSUSE-SU-2013:0175",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
"name" : "56621", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56621" "name": "51434",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51434"
"name" : "oval:org.mitre.oval:def:16965", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16965" "name": "openSUSE-SU-2012:1583",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
"name" : "51369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51369" "name": "oval:org.mitre.oval:def:16965",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16965"
"name" : "51381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51381" "name": "51439",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51439"
"name" : "51434", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51434" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-97.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-97.html"
"name" : "51439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51439" "name": "51440",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51440"
"name" : "51440", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51440" "name": "USN-1638-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-1"
"name" : "51370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51370" "name": "SUSE-SU-2012:1592",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
"name" : "firefox-xmlhttprequest-sec-bypass(80175)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80175" "name": "openSUSE-SU-2012:1585",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
} },
} {
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "firefox-xmlhttprequest-sec-bypass(80175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80175"
},
{
"name": "56621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56621"
}
]
}
}

140
2012/4xxx/CVE-2012-4407.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4407", "ID": "CVE-2012-4407",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120917 Moodle security notifications public", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2012/09/17/1" "lang": "eng",
}, "value": "lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file."
{ }
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585", ]
"refsource" : "CONFIRM", },
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://moodle.org/mod/forum/discuss.php?d=211557", "description": [
"refsource" : "CONFIRM", {
"url" : "http://moodle.org/mod/forum/discuss.php?d=211557" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120917 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/09/17/1"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=211557",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=211557"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585"
}
]
}
}

190
2012/4xxx/CVE-2012-4522.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4522", "ID": "CVE-2012-4522",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/12/6" "lang": "eng",
}, "value": "The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected names via a NUL byte in a file path."
{ }
"name" : "[oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/10/13/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/10/16/1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163", ]
"refsource" : "MISC", }
"url" : "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163" ]
}, },
{ "references": {
"name" : "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/" "name": "FEDORA-2012-16071",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html"
"name" : "FEDORA-2012-16071", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090235.html" "name": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163",
}, "refsource": "MISC",
{ "url": "http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=37163"
"name" : "FEDORA-2012-16086", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html" "name": "FEDORA-2012-16086",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090515.html"
"name" : "RHSA-2013:0129", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0129.html" "name": "[oss-security] 20121013 Re: CVE request: ruby file creation due in insertion of illegal NUL character",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2012/10/13/1"
} },
} {
"name": "RHSA-2013:0129",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0129.html"
},
{
"name": "[oss-security] 20121016 Re: CVE request: ruby file creation due in insertion of illegal NUL character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/16/1"
},
{
"name": "[oss-security] 20121012 CVE request: ruby file creation due in insertion of illegal NUL character",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/12/6"
},
{
"name": "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/",
"refsource": "CONFIRM",
"url": "http://www.ruby-lang.org/en/news/2012/10/12/poisoned-NUL-byte-vulnerability/"
}
]
}
}

130
2012/4xxx/CVE-2012-4816.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2012-4816", "ID": "CVE-2012-4816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620359", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620359" "lang": "eng",
}, "value": "IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows remote attackers to bypass intended Env Gen Wizard (aka Environment Generation Wizard) access restrictions by visiting context roots in HTTP sessions on port 8080."
{ }
"name" : "raf-environmentwizard-security-bypass(78379)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78379" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620359",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620359"
},
{
"name": "raf-environmentwizard-security-bypass(78379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78379"
}
]
}
}

130
2012/6xxx/CVE-2012-6627.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6627", "ID": "CVE-2012-6627",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter."
{ }
"name" : "49152", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/49152" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html"
},
{
"name": "49152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49152"
}
]
}
}

130
2017/2xxx/CVE-2017-2282.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2282", "ID": "CVE-2017-2282",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WN-AX1167GR", "product_name": "WN-AX1167GR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "firmware version 3.00 and earlier" "version_value": "firmware version 3.00 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "I-O DATA DEVICE, INC." "vendor_name": "I-O DATA DEVICE, INC."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.iodata.jp/support/information/2017/wn-ax1167gr/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.iodata.jp/support/information/2017/wn-ax1167gr/" "lang": "eng",
}, "value": "Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
{ }
"name" : "JVN#01312667", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN01312667/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#01312667",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN01312667/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-ax1167gr/"
}
]
}
}

130
2017/2xxx/CVE-2017-2780.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-2780", "ID": "CVE-2017-2780",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MatrixSSL", "product_name": "MatrixSSL",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.8.7b" "version_value": "3.8.7b"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Inside Secure" "vendor_name": "Inside Secure"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276" "lang": "eng",
}, "value": "An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection."
{ }
"name" : "99249", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99249" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99249"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276"
}
]
}
}

142
2017/2xxx/CVE-2017-2900.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00", "DATE_PUBLIC": "2018-01-11T00:00:00",
"ID" : "CVE-2017-2900", "ID": "CVE-2017-2900",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Blender", "product_name": "Blender",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "v2.78c" "version_value": "v2.78c"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Blender" "vendor_name": "Blender"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html" "lang": "eng",
}, "value": "An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability."
{ }
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407", ]
"refsource" : "MISC", },
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4248", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4248" "lang": "eng",
} "value": "buffer overflow"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name": "DSA-4248",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4248"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407"
}
]
}
}

140
2018/11xxx/CVE-2018-11311.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11311", "ID": "CVE-2018-11311",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44656", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44656/" "lang": "eng",
}, "value": "A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories, by entering these credentials."
{ }
"name" : "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf", ]
"refsource" : "MISC", },
"url" : "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf",
"refsource": "MISC",
"url": "https://emreovunc.com/blog/en/mySCADA-myPRO7-Exploit.pdf"
},
{
"name": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password",
"refsource": "MISC",
"url": "https://github.com/EmreOvunc/mySCADA-myPRO-7-Hardcoded-FTP-Username-and-Password"
},
{
"name": "44656",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44656/"
}
]
}
}

130
2018/11xxx/CVE-2018-11399.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11399", "ID": "CVE-2018-11399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.simpleorsecure.net/simplisafe-security-advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.simpleorsecure.net/simplisafe-security-advisory/" "lang": "eng",
}, "value": "SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occur."
{ }
"name" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf", ]
"refsource" : "MISC", },
"url" : "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf",
"refsource": "MISC",
"url": "https://simplisafe.com/files/pdf/SimpliSafe_advisory_8-17-18.pdf"
},
{
"name": "https://www.simpleorsecure.net/simplisafe-security-advisory/",
"refsource": "MISC",
"url": "https://www.simpleorsecure.net/simplisafe-security-advisory/"
}
]
}
}

120
2018/11xxx/CVE-2018-11740.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11740", "ID": "CVE-2018-11740",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1264", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1264" "lang": "eng",
} "value": "An issue was discovered in libtskbase.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function tsk_UTF16toUTF8 in tsk/base/tsk_unicode.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sleuthkit/sleuthkit/issues/1264",
"refsource": "MISC",
"url": "https://github.com/sleuthkit/sleuthkit/issues/1264"
}
]
}
}

130
2018/11xxx/CVE-2018-11851.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11851", "ID": "CVE-2018-11851",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0" "lang": "eng",
}, "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack."
{ }
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", ]
"refsource" : "CONFIRM", },
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f6839316f43d48833750667b979aec11558abc0"
}
]
}
}

130
2018/14xxx/CVE-2018-14336.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14336", "ID": "CVE-2018-14336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45064", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45064/" "lang": "eng",
}, "value": "TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses."
{ }
"name" : "https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability/", ]
"refsource" : "MISC", },
"url" : "https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability/",
"refsource": "MISC",
"url": "https://hackingvila.wordpress.com/2018/07/17/cve-2018-14336-tp-link-wireless-n-router-wr840n-vulnerability/"
},
{
"name": "45064",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45064/"
}
]
}
}

34
2018/14xxx/CVE-2018-14476.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14476", "ID": "CVE-2018-14476",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/14xxx/CVE-2018-14482.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14482", "ID": "CVE-2018-14482",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/14xxx/CVE-2018-14958.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14958", "ID": "CVE-2018-14958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/alterebro/WeaselCMS/issues/6", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/alterebro/WeaselCMS/issues/6" "lang": "eng",
} "value": "An issue was discovered in WeaselCMS v0.3.5. CSRF can update the website settings (such as the theme, title, and description) via index.php."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/alterebro/WeaselCMS/issues/6",
"refsource": "MISC",
"url": "https://github.com/alterebro/WeaselCMS/issues/6"
}
]
}
}

120
2018/15xxx/CVE-2018-15161.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15161", "ID": "CVE-2018-15161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/libyal/libesedb/issues/43", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/libyal/libesedb/issues/43" "lang": "eng",
} "value": "** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has disputed this as described in the GitHub issue comments."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libyal/libesedb/issues/43",
"refsource": "MISC",
"url": "https://github.com/libyal/libesedb/issues/43"
}
]
}
}

178
2018/15xxx/CVE-2018-15450.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600", "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-15450", "ID": "CVE-2018-15450",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Prime Collaboration Assurance File Overwrite Vulnerability" "TITLE": "Cisco Prime Collaboration Assurance File Overwrite Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Collaboration Assurance ", "product_name": "Cisco Prime Collaboration Assurance ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.5",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181107 Cisco Prime Collaboration Assurance File Overwrite Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-pca-overwrite" "lang": "eng",
}, "value": "A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a specific UI input field to provide a custom path location. A successful exploit could allow the attacker to overwrite files on the file system."
{ }
"name" : "105864", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105864" "exploit": [
} {
] "lang": "eng",
}, "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"source" : { }
"advisory" : "cisco-sa-20181107-pca-overwrite", ],
"defect" : [ "impact": {
[ "cvss": {
"CSCvj07247" "baseScore": "6.5",
] "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N ",
], "version": "3.0"
"discovery" : "INTERNAL" }
} },
} "problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105864"
},
{
"name": "20181107 Cisco Prime Collaboration Assurance File Overwrite Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-pca-overwrite"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-pca-overwrite",
"defect": [
[
"CSCvj07247"
]
],
"discovery": "INTERNAL"
}
}

130
2018/15xxx/CVE-2018-15484.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15484", "ID": "CVE-2018-15484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html" "lang": "eng",
}, "value": "An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01."
{ }
"name" : "https://www.kone.com/en/vulnerability.aspx", ]
"refsource" : "CONFIRM", },
"url" : "https://www.kone.com/en/vulnerability.aspx" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kone.com/en/vulnerability.aspx",
"refsource": "CONFIRM",
"url": "https://www.kone.com/en/vulnerability.aspx"
},
{
"name": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149252/KONE-KGC-4.6.4-DoS-Code-Execution-LFI-Bypass.html"
}
]
}
}

34
2018/15xxx/CVE-2018-15674.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15674", "ID": "CVE-2018-15674",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20268.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20268", "ID": "CVE-2018-20268",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20501.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20501", "ID": "CVE-2018-20501",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

450
2018/8xxx/CVE-2018-8330.json
View File

@ -1,227 +1,227 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8330", "ID": "CVE-2018-8330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330" "lang": "eng",
}, "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "105477", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105477" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8330"
},
{
"name": "105477",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105477"
}
]
}
}

222
2018/8xxx/CVE-2018-8397.json
View File

@ -1,113 +1,113 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8397", "ID": "CVE-2018-8397",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \"GDI+ Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8397", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8397" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka \"GDI+ Remote Code Execution Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2."
{ }
"name" : "104994", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104994" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041460", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041460" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041460"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8397",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8397"
},
{
"name": "104994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104994"
}
]
}
}