admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:51:34 +00:00
parent f130849166
commit fa4c4381c3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4035 additions and 4035 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/0xxx/CVE-2002-0025.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS02-005",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005"
},
{
"name" : "20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/255767"
},
{
"name" : "4085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4085"
},
{
"name" : "ie-application-invocation(8118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4085"
},
{
"name": "ie-application-invocation(8118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8118"
},
{
"name": "20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/255767"
},
{
"name": "MS02-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005"
}
]
}
}

150
2002/0xxx/CVE-2002-0206.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020116 PHP-Nuke allows Command Execution & Much more",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101121913914205&w=2"
},
{
"name" : "VU#221683",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/221683"
},
{
"name" : "3889",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3889"
},
{
"name" : "phpnuke-index-command-execution(7914)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7914"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly other versions before 5.5, allows remote attackers to execute arbitrary PHP code by specifying a URL to the malicious code in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#221683",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/221683"
},
{
"name": "phpnuke-index-command-execution(7914)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7914"
},
{
"name": "3889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3889"
},
{
"name": "20020116 PHP-Nuke allows Command Execution & Much more",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101121913914205&w=2"
}
]
}
}

34
2002/0xxx/CVE-2002-0383.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0383",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0383",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2002/0xxx/CVE-2002-0779.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html"
},
{
"name" : "20020508 cqure.net.20020412.bordermanager_36_mv1.a",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/271475"
},
{
"name" : "4696",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4696"
},
{
"name" : "novell-bordermanager-ftp-dos(9031)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9031.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020508 cqure.net.20020412.bordermanager_36_mv1.a",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/271475"
},
{
"name": "20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html"
},
{
"name": "4696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4696"
},
{
"name": "novell-bordermanager-ftp-dos(9031)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9031.php"
}
]
}
}

160
2002/1xxx/CVE-2002-1460.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020813 L-Forum XSS and upload spoofing",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html"
},
{
"name" : "http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343"
},
{
"name" : "5463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5463"
},
{
"name" : "lforum-upload-read-files(9839)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9839.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=579278&group_id=53716&atid=471343"
},
{
"name": "http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278"
},
{
"name": "lforum-upload-read-files(9839)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9839.php"
},
{
"name": "20020813 L-Forum XSS and upload spoofing",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html"
},
{
"name": "5463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5463"
}
]
}
}

140
2002/1xxx/CVE-2002-1986.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (\".\")."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021114 Perception LiteServe HTTP CGI Disclosure Vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0074.html"
},
{
"name" : "6188",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6188"
},
{
"name" : "liteserve-script-source-disclosure(10635)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10635.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (\".\")."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021114 Perception LiteServe HTTP CGI Disclosure Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0074.html"
},
{
"name": "liteserve-script-source-disclosure(10635)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10635.php"
},
{
"name": "6188",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6188"
}
]
}
}

140
2002/2xxx/CVE-2002-2191.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021107 Lotus Domino HTTP Server security issue",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"name" : "lotus-domino-version-disclosure(10557)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10557.php"
},
{
"name" : "6128",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20021107 Lotus Domino HTTP Server security issue",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/298874/2002-11-05/2002-11-11/2"
},
{
"name": "6128",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6128"
},
{
"name": "lotus-domino-version-disclosure(10557)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10557.php"
}
]
}
}

34
2005/0xxx/CVE-2005-0166.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0166",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0166",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

140
2005/0xxx/CVE-2005-0278.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050104 3Com 3CDaemon Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110485674622696&w=2"
},
{
"name" : "12155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12155"
},
{
"name" : "3cdaemon-command-obtain-information(18756)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12155"
},
{
"name": "20050104 3Com 3CDaemon Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110485674622696&w=2"
},
{
"name": "3cdaemon-command-obtain-information(18756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18756"
}
]
}
}

180
2005/1xxx/CVE-2005-1323.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050426 ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396959"
},
{
"name" : "http://www.securenetterm.com/html/what_s_new.html",
"refsource" : "CONFIRM",
"url" : "http://www.securenetterm.com/html/what_s_new.html"
},
{
"name" : "13396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13396"
},
{
"name" : "ADV-2005-0407",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0407"
},
{
"name" : "15865",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15865"
},
{
"name" : "15140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15140"
},
{
"name" : "netterm-netftpd-user-bo(20285)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20285"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15140"
},
{
"name": "20050426 ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396959"
},
{
"name": "13396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13396"
},
{
"name": "ADV-2005-0407",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0407"
},
{
"name": "netterm-netftpd-user-bo(20285)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20285"
},
{
"name": "15865",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15865"
},
{
"name": "http://www.securenetterm.com/html/what_s_new.html",
"refsource": "CONFIRM",
"url": "http://www.securenetterm.com/html/what_s_new.html"
}
]
}
}

170
2005/1xxx/CVE-2005-1329.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html"
},
{
"name" : "http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon",
"refsource" : "CONFIRM",
"url" : "http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon"
},
{
"name" : "13361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13361"
},
{
"name" : "15781",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15781"
},
{
"name" : "1013796",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013796"
},
{
"name" : "15104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013796",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013796"
},
{
"name": "13361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13361"
},
{
"name": "15104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15104"
},
{
"name": "15781",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15781"
},
{
"name": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon",
"refsource": "CONFIRM",
"url": "http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon"
},
{
"name": "http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/04/oneworldstore-user-information.html"
}
]
}
}

170
2005/1xxx/CVE-2005-1406.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-10-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name" : "FreeBSD-SA-05:08",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
},
{
"name" : "15252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15252"
},
{
"name" : "13526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13526"
},
{
"name" : "ADV-2005-2256",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name" : "17368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17368"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2256"
},
{
"name": "FreeBSD-SA-05:08",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc"
},
{
"name": "17368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17368"
},
{
"name": "APPLE-SA-2005-10-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Oct/msg00000.html"
},
{
"name": "15252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15252"
},
{
"name": "13526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13526"
}
]
}
}

140
2005/1xxx/CVE-2005-1678.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/JGEI-6BCRD6",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/JGEI-6BCRD6"
},
{
"name" : "VU#232232",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/232232"
},
{
"name" : "15421",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15421"
},
{
"name": "VU#232232",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/232232"
},
{
"name": "http://www.kb.cert.org/vuls/id/JGEI-6BCRD6",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JGEI-6BCRD6"
}
]
}
}

290
2009/0xxx/CVE-2009-0200.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
},
{
"name" : "http://development.openoffice.org/releases/3.1.1.html",
"refsource" : "MISC",
"url" : "http://development.openoffice.org/releases/3.1.1.html"
},
{
"name" : "http://secunia.com/secunia_research/2009-26/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-26/"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
},
{
"name" : "DSA-1880",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1880"
},
{
"name" : "GLSA-201408-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name" : "MDVSA-2010:035",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name" : "MDVSA-2010:091",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name" : "MDVSA-2010:105",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name" : "263508",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
},
{
"name" : "1020715",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
},
{
"name" : "SUSE-SR:2009:015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name" : "36200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36200"
},
{
"name" : "oval:org.mitre.oval:def:10881",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
},
{
"name" : "35036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35036"
},
{
"name" : "36750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36750"
},
{
"name" : "60799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60799"
},
{
"name" : "ADV-2009-2490",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2490"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in OpenOffice.org (OOo) before 3.1.1 and StarOffice/StarSuite 7, 8, and 9 might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2009-0200-0201.html"
},
{
"name": "60799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60799"
},
{
"name": "GLSA-201408-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml"
},
{
"name": "http://development.openoffice.org/releases/3.1.1.html",
"refsource": "MISC",
"url": "http://development.openoffice.org/releases/3.1.1.html"
},
{
"name": "MDVSA-2010:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "MDVSA-2010:091",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name": "http://secunia.com/secunia_research/2009-26/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-26/"
},
{
"name": "MDVSA-2010:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "1020715",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020715.1-1"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "DSA-1880",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1880"
},
{
"name": "oval:org.mitre.oval:def:10881",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10881"
},
{
"name": "35036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35036"
},
{
"name": "263508",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263508-1"
},
{
"name": "36750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36750"
},
{
"name": "20090901 Secunia Research: OpenOffice.org Word Document Table Parsing Integer Underflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506194/100/0/threaded"
},
{
"name": "36200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36200"
},
{
"name": "ADV-2009-2490",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2490"
}
]
}
}

140
2009/0xxx/CVE-2009-0392.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500545/100/0/threaded"
},
{
"name" : "7915",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7915"
},
{
"name" : "33519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33519"
},
{
"name": "7915",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7915"
},
{
"name": "20090129 Motorola Wimax Modem CPEi300 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500545/100/0/threaded"
}
]
}
}

150
2009/0xxx/CVE-2009-0464.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7955",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7955"
},
{
"name" : "33578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33578"
},
{
"name" : "51716",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51716"
},
{
"name" : "33768",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33768"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in includes/header.php in Groone GBook 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7955",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7955"
},
{
"name": "33768",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33768"
},
{
"name": "33578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33578"
},
{
"name": "51716",
"refsource": "OSVDB",
"url": "http://osvdb.org/51716"
}
]
}
}

140
2009/0xxx/CVE-2009-0614.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-0614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
},
{
"name" : "33901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33901"
},
{
"name" : "cisco-meetingplace-unauth-access(48888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote attackers to bypass authentication and obtain administrative access via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Cisco Unified MeetingPlace Web Conferencing Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc86.shtml"
},
{
"name": "33901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33901"
},
{
"name": "cisco-meetingplace-unauth-access(48888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48888"
}
]
}
}

140
2009/0xxx/CVE-2009-0863.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8071",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8071"
},
{
"name" : "33799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33799"
},
{
"name" : "scms-deletepage-sql-injection(48806)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48806"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33799"
},
{
"name": "scms-deletepage-sql-injection(48806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48806"
},
{
"name": "8071",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8071"
}
]
}
}

160
2009/1xxx/CVE-2009-1365.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-05.html"
},
{
"name" : "34790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34790"
},
{
"name" : "1022148",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022148"
},
{
"name" : "34878",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34878"
},
{
"name" : "ADV-2009-1234",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe Flash Media Server (FMS) before 3.0.4 and 3.5.x before 3.5.2, as used in Flash Media Interactive Server and Flash Media Streaming Server, allows remote attackers to execute arbitrary remote procedures within an ActionScript file on the server via RPC requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34790"
},
{
"name": "34878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34878"
},
{
"name": "ADV-2009-1234",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1234"
},
{
"name": "1022148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022148"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-05.html"
}
]
}
}

160
2009/1xxx/CVE-2009-1816.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8676",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8676"
},
{
"name" : "34963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34963"
},
{
"name" : "54459",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54459"
},
{
"name" : "35085",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35085"
},
{
"name" : "mygamescript-admin-sql-injection(50528)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54459",
"refsource": "OSVDB",
"url": "http://osvdb.org/54459"
},
{
"name": "mygamescript-admin-sql-injection(50528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50528"
},
{
"name": "35085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35085"
},
{
"name": "34963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34963"
},
{
"name": "8676",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8676"
}
]
}
}

150
2012/2xxx/CVE-2012-2037.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-14.html"
},
{
"name" : "RHSA-2012:0722",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0722.html"
},
{
"name" : "SUSE-SU-2012:0724",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html"
},
{
"name" : "openSUSE-SU-2012:0723",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2012:0722",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0722.html"
},
{
"name": "SUSE-SU-2012:0724",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00007.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-14.html"
},
{
"name": "openSUSE-SU-2012:0723",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00006.html"
}
]
}
}

150
2012/2xxx/CVE-2012-2418.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2418",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/522138"
},
{
"name" : "VU#232979",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/232979"
},
{
"name" : "80820",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80820"
},
{
"name" : "quickbooks-intuit-bo(75170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a URI with a % (percent) character as its (1) last or (2) second-to-last character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quickbooks-intuit-bo(75170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75170"
},
{
"name": "80820",
"refsource": "OSVDB",
"url": "http://osvdb.org/80820"
},
{
"name": "20120330 Intuit Help System Protocol URL Heap Corruption and Memory Leak",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/522138"
},
{
"name": "VU#232979",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/232979"
}
]
}
}

120
2012/2xxx/CVE-2012-2494.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-2494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 2.x before 2.5 MR6 and 3.x before 3.0 MR8 does not compare the timestamp of offered software to the timestamp of installed software, which allows remote attackers to force a version downgrade by using (1) ActiveX or (2) Java components to offer signed code that corresponds to an older software release, aka Bug ID CSCtw48681."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120620 Multiple Vulnerabilities in Cisco AnyConnect Secure Mobility Client",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-ac"
}
]
}
}

240
2012/2xxx/CVE-2012-2745.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833428",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833428"
},
{
"name" : "https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33"
},
{
"name" : "RHSA-2012:1064",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
},
{
"name" : "USN-1567-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name" : "USN-1597-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1597-1"
},
{
"name" : "USN-1606-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1606-1"
},
{
"name" : "54365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54365"
},
{
"name" : "1027236",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027236"
},
{
"name" : "50853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50853"
},
{
"name" : "50633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50633"
},
{
"name" : "50961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.2"
},
{
"name": "USN-1606-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1606-1"
},
{
"name": "https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/79549c6dfda0603dba9a70a53467ce62d9335c33"
},
{
"name": "USN-1567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "USN-1597-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1597-1"
},
{
"name": "50853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50853"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833428"
},
{
"name": "50961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50961"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=79549c6dfda0603dba9a70a53467ce62d9335c33"
},
{
"name": "1027236",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027236"
},
{
"name": "54365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54365"
},
{
"name": "RHSA-2012:1064",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1064.html"
},
{
"name": "50633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50633"
}
]
}
}

160
2012/2xxx/CVE-2012-2881.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=139814",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=139814"
},
{
"name" : "openSUSE-SU-2012:1376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
},
{
"name" : "oval:org.mitre.oval:def:14920",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14920"
},
{
"name" : "google-chrome-cve20122881(78825)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service (DOM tree corruption) or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "google-chrome-cve20122881(78825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78825"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=139814",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=139814"
},
{
"name": "oval:org.mitre.oval:def:14920",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14920"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "openSUSE-SU-2012:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
}
]
}
}

160
2012/3xxx/CVE-2012-3001.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a \"command injection vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-3001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mutiny.com/releasehistory.php",
"refsource" : "CONFIRM",
"url" : "http://www.mutiny.com/releasehistory.php"
},
{
"name" : "VU#841851",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/841851"
},
{
"name" : "56165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56165"
},
{
"name" : "86570",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86570"
},
{
"name" : "51094",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51094"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a \"command injection vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#841851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/841851"
},
{
"name": "56165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56165"
},
{
"name": "http://www.mutiny.com/releasehistory.php",
"refsource": "CONFIRM",
"url": "http://www.mutiny.com/releasehistory.php"
},
{
"name": "51094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51094"
},
{
"name": "86570",
"refsource": "OSVDB",
"url": "http://osvdb.org/86570"
}
]
}
}

180
2012/3xxx/CVE-2012-3315.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615770",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615770"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615772",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21615772"
},
{
"name" : "IV26825",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825"
},
{
"name" : "IV26826",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826"
},
{
"name" : "IV26827",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827"
},
{
"name" : "51163",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51163"
},
{
"name" : "tfim-mcs-unauth-access(77796)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java servlets in the management console in IBM Tivoli Federated Identity Manager (TFIM) through 6.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) before 6.2.2 do not require authentication for all resource downloads, which allows remote attackers to bypass intended J2EE security constraints, and obtain sensitive information related to (1) federation metadata or (2) a web plugin configuration template, via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IV26827",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26827"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615772",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615772"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21615770",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21615770"
},
{
"name": "51163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51163"
},
{
"name": "IV26825",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26825"
},
{
"name": "IV26826",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IV26826"
},
{
"name": "tfim-mcs-unauth-access(77796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77796"
}
]
}
}

140
2012/3xxx/CVE-2012-3408.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://puppetlabs.com/security/cve/cve-2012-3408/",
"refsource" : "CONFIRM",
"url" : "http://puppetlabs.com/security/cve/cve-2012-3408/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=839166",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=839166"
},
{
"name" : "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=839166",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=839166"
},
{
"name": "http://puppetlabs.com/security/cve/cve-2012-3408/",
"refsource": "CONFIRM",
"url": "http://puppetlabs.com/security/cve/cve-2012-3408/"
},
{
"name": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"
}
]
}
}

34
2012/3xxx/CVE-2012-3877.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3877",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3877",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/4xxx/CVE-2012-4094.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-4094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130923 Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4094"
},
{
"name" : "1029085",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029085"
},
{
"name" : "cisco-ucs-cve20124094-dos(87370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Smart Call Home feature in the fabric interconnect in Cisco Unified Computing System (UCS) allows remote attackers to cause a denial of service by reading and forging control messages associated with Smart Call Home reports, aka Bug ID CSCtl00198."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1029085",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029085"
},
{
"name": "20130923 Cisco Unified Computing System Fabric Interconnect Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4094"
},
{
"name": "cisco-ucs-cve20124094-dos(87370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87370"
}
]
}
}

34
2012/4xxx/CVE-2012-4200.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4200",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4200",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/4xxx/CVE-2012-4473.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"view any node page\" or \"view any node {type} page\" permission to access unpublished nodes via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name" : "http://drupal.org/node/1679466",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1679466"
},
{
"name" : "http://drupal.org/node/1662724",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1662724"
},
{
"name" : "54407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54407"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"view any node page\" or \"view any node {type} page\" permission to access unpublished nodes via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121003 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/3"
},
{
"name": "http://drupal.org/node/1679466",
"refsource": "MISC",
"url": "http://drupal.org/node/1679466"
},
{
"name": "54407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54407"
},
{
"name": "http://drupal.org/node/1662724",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1662724"
}
]
}
}

170
2012/4xxx/CVE-2012-4772.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121017 Multiple vulnerabilities in Subrion CMS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23113",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23113"
},
{
"name" : "http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html"
},
{
"name" : "http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html",
"refsource" : "CONFIRM",
"url" : "http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html"
},
{
"name" : "51013",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51013"
},
{
"name" : "subrioncms-planid-sql-injection(79466)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79466"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20121017 Multiple vulnerabilities in Subrion CMS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0096.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23113",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23113"
},
{
"name": "subrioncms-planid-sql-injection(79466)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79466"
},
{
"name": "http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117460/Subrion-CMS-2.2.1-XSS-CSRF-SQL-Injection.html"
},
{
"name": "http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html",
"refsource": "CONFIRM",
"url": "http://www.subrion.com/forums/announcements/934-subrion-2-2-3-open-source-cms-core-available.html"
},
{
"name": "51013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51013"
}
]
}
}

150
2012/4xxx/CVE-2012-4951.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-4951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf",
"refsource" : "MISC",
"url" : "http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf"
},
{
"name" : "VU#180091",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/180091"
},
{
"name" : "56409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56409"
},
{
"name" : "vericentre-paramedit-sql-injection(79832)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79832"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalId, (2) ModelName, or (3) ApplicationName parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#180091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180091"
},
{
"name": "http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf",
"refsource": "MISC",
"url": "http://www.clearskies.net/documents/css-advisory-css1211-vericentre.pdf"
},
{
"name": "56409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56409"
},
{
"name": "vericentre-paramedit-sql-injection(79832)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79832"
}
]
}
}

180
2012/6xxx/CVE-2012-6542.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3592aaeb80290bda0f2cf0b5456c97bfc638b192",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3592aaeb80290bda0f2cf0b5456c97bfc638b192"
},
{
"name" : "https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192"
},
{
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource" : "CONFIRM",
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
},
{
"name" : "RHSA-2013:1645",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name" : "USN-1805-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name" : "USN-1808-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1808-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/3592aaeb80290bda0f2cf0b5456c97bfc638b192"
},
{
"name": "USN-1805-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1805-1"
},
{
"name": "[oss-security] 20130305 CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/05/13"
},
{
"name": "USN-1808-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1808-1"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3592aaeb80290bda0f2cf0b5456c97bfc638b192",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3592aaeb80290bda0f2cf0b5456c97bfc638b192"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.6.bz2"
}
]
}
}

130
2017/2xxx/CVE-2017-2218.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2218",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of QuickTime for Windows",
"version" : {
"version_data" : [
{
"version_value" : "all versions"
}
]
}
}
]
},
"vendor_name" : "Apple"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of QuickTime for Windows",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/DL837?viewlocale=en_US",
"refsource" : "MISC",
"url" : "https://support.apple.com/kb/DL837?viewlocale=en_US"
},
{
"name" : "JVN#94771799",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN94771799/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#94771799",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN94771799/index.html"
},
{
"name": "https://support.apple.com/kb/DL837?viewlocale=en_US",
"refsource": "MISC",
"url": "https://support.apple.com/kb/DL837?viewlocale=en_US"
}
]
}
}

34
2017/2xxx/CVE-2017-2375.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2375",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2375",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2017/2xxx/CVE-2017-2618.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "anemec@redhat.com",
"ID" : "CVE-2017-2618",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "kernel",
"version" : {
"version_data" : [
{
"version_value" : "4.9.10"
}
]
}
}
]
},
"vendor_name" : "Linux"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-193"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "kernel",
"version": {
"version_data": [
{
"version_value": "4.9.10"
}
]
}
}
]
},
"vendor_name": "Linux"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[selinux] 20170131 [PATCH] selinux: fix off-by-one in setprocattr",
"refsource" : "MLIST",
"url" : "https://marc.info/?l=selinux&m=148588165923772&w=2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618"
},
{
"name" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125",
"refsource" : "CONFIRM",
"url" : "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125"
},
{
"name" : "DSA-3791",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-3791"
},
{
"name" : "RHSA-2017:0931",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"name" : "RHSA-2017:0932",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name" : "RHSA-2017:0933",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"name" : "96272",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96272"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-193"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[selinux] 20170131 [PATCH] selinux: fix off-by-one in setprocattr",
"refsource": "MLIST",
"url": "https://marc.info/?l=selinux&m=148588165923772&w=2"
},
{
"name": "DSA-3791",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3791"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2618"
},
{
"name": "RHSA-2017:0932",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0932"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0c461cb727d146c9ef2d3e86214f498b78b7d125"
},
{
"name": "RHSA-2017:0933",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0933"
},
{
"name": "RHSA-2017:0931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:0931"
},
{
"name": "96272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96272"
}
]
}
}

150
2017/2xxx/CVE-2017-2641.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"ID" : "CVE-2017-2641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moodle 2.x and 3.x",
"version" : {
"version_data" : [
{
"version_value" : "Moodle 2.x and 3.x"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Moodle 2.x and 3.x, SQL injection can occur via user preferences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL injection"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2017-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moodle 2.x and 3.x",
"version": {
"version_data": [
{
"version_value": "Moodle 2.x and 3.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41828",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41828/"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=349419",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=349419"
},
{
"name" : "96977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96977"
},
{
"name" : "1038174",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038174"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Moodle 2.x and 3.x, SQL injection can occur via user preferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41828",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41828/"
},
{
"name": "96977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96977"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=349419",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=349419"
},
{
"name": "1038174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038174"
}
]
}
}

132
2017/2xxx/CVE-2017-2690.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-2690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SoftCo,eSpace U1910,eSpace U1911,eSpace U1930,eSpace U1960,eSpace U1980,eSpace U1981",
"version" : {
"version_data" : [
{
"version_value" : "SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SoftCo,eSpace U1910,eSpace U1911,eSpace U1930,eSpace U1960,eSpace U1980,eSpace U1981",
"version": {
"version_data": [
{
"version_value": "SoftCo V200R003C20,eSpace U1910 V200R003C00,eSpace U1910 V200R003C20,eSpace U1910 V200R003C30,eSpace U1911 V200R003C20,eSpace U1911 V200R003C30,eSpace U1930 V200R003C20,eSpace U1930 V200R003C30,eSpace U1960 V200R003C20,eSpace U1960 V200R003C30,eSpace U1980 V200R003C20,eSpace U1980 V200R003C30,eSpace U1981 V200R003C20,eSpace U1981 V200R003C30,"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en"
},
{
"name" : "95382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SoftCo with software V200R003C20,eSpace U1910 with software V200R003C00, V200R003C20 and V200R003C30,eSpace U1911 with software V200R003C20, V200R003C30,eSpace U1930 with software V200R003C20 and V200R003C30,eSpace U1960 with software V200R003C20, V200R003C30,eSpace U1980 with software V200R003C20, V200R003C30,eSpace U1981 with software V200R003C20 and V200R003C30 have an denial of service (DoS) vulnerability, which allow an attacker with specific permission to craft a file containing malicious data and upload it to the device to exhaust memory, causing a DoS condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95382"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170111-01-parser-en"
}
]
}
}

140
2017/2xxx/CVE-2017-2775.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2017-2775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LabVIEW 2016 Evaluation",
"version" : {
"version_data" : [
{
"version_value" : "16.0.0.49152"
}
]
}
}
]
},
"vendor_name" : "National Instruments"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LabVIEW 2016 Evaluation",
"version": {
"version_data": [
{
"version_value": "16.0.0.49152"
}
]
}
}
]
},
"vendor_name": "National Instruments"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.talosintelligence.com/reports/TALOS-2017-0269/",
"refsource" : "MISC",
"url" : "http://www.talosintelligence.com/reports/TALOS-2017-0269/"
},
{
"name" : "http://www.ni.com/product-documentation/53778/en/",
"refsource" : "CONFIRM",
"url" : "http://www.ni.com/product-documentation/53778/en/"
},
{
"name" : "97020",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable memory corruption vulnerability exists in the LvVariantUnflatten functionality in 64-bit versions of LabVIEW before 2015 SP1 f7 Patch and 2016 before f2 Patch. A specially crafted VI file can cause a user controlled value to be used as a loop terminator resulting in internal heap corruption. An attacker controlled VI file can be used to trigger this vulnerability, exploitation could lead to remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.talosintelligence.com/reports/TALOS-2017-0269/",
"refsource": "MISC",
"url": "http://www.talosintelligence.com/reports/TALOS-2017-0269/"
},
{
"name": "http://www.ni.com/product-documentation/53778/en/",
"refsource": "CONFIRM",
"url": "http://www.ni.com/product-documentation/53778/en/"
},
{
"name": "97020",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97020"
}
]
}
}

142
2017/2xxx/CVE-2017-2906.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-11T00:00:00",
"ID" : "CVE-2017-2906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Blender",
"version" : {
"version_data" : [
{
"version_value" : "v2.78c"
}
]
}
}
]
},
"vendor_name" : "Blender"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-11T00:00:00",
"ID": "CVE-2017-2906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Blender",
"version": {
"version_data": [
{
"version_value": "v2.78c"
}
]
}
}
]
},
"vendor_name": "Blender"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413"
},
{
"name" : "DSA-4248",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180813 [SECURITY] [DLA 1465-1] blender security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00011.html"
},
{
"name": "DSA-4248",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4248"
},
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413"
}
]
}
}

120
2017/6xxx/CVE-2017-6048.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Satel Iberia SenNet Data Logger and Electricity Meters",
"version" : {
"version_data" : [
{
"version_value" : "Satel Iberia SenNet Data Logger and Electricity Meters"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Satel Iberia SenNet Data Logger and Electricity Meters",
"version": {
"version_data": [
{
"version_value": "Satel Iberia SenNet Data Logger and Electricity Meters"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Command Injection issue was discovered in Satel Iberia SenNet Data Logger and Electricity Meters: SenNet Optimal DataLogger V5.37c-1.43c and prior, SenNet Solar Datalogger V5.03-1.56a and prior, and SenNet Multitask Meter V5.21a-1.18b and prior. Successful exploitation of this vulnerability could result in the attacker breaking out of the jailed shell and gaining full access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-131-02"
}
]
}
}

34
2018/11xxx/CVE-2018-11085.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11085",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-11085",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

120
2018/11xxx/CVE-2018-11638.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11638",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://d3adend.org/blog/?p=1398",
"refsource" : "MISC",
"url" : "https://d3adend.org/blog/?p=1398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted Upload of a File with a Dangerous Type in the administrative console in Dialogic PowerMedia XMS through 3.5 allows remote authenticated users to upload malicious code to the web root to gain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://d3adend.org/blog/?p=1398",
"refsource": "MISC",
"url": "https://d3adend.org/blog/?p=1398"
}
]
}
}

130
2018/11xxx/CVE-2018-11863.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=33abba90b5c570a8334110ff7e1f696908465fd3"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}

120
2018/11xxx/CVE-2018-11872.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SD 850, SDA660"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

120
2018/14xxx/CVE-2018-14044.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md",
"refsource" : "MISC",
"url" : "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and application exit), as demonstrated by SoundStretch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md",
"refsource": "MISC",
"url": "https://github.com/TeamSeri0us/pocs/blob/master/soundtouch/readme.md"
}
]
}
}

34
2018/14xxx/CVE-2018-14407.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14407",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14407",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2018/14xxx/CVE-2018-14649.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-14649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ceph-iscsi-cli",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-77"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph-iscsi-cli",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://access.redhat.com/articles/3623521",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/articles/3623521"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649"
},
{
"name" : "https://github.com/ceph/ceph-iscsi-cli/issues/120",
"refsource" : "CONFIRM",
"url" : "https://github.com/ceph/ceph-iscsi-cli/issues/120"
},
{
"name" : "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b",
"refsource" : "CONFIRM",
"url" : "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b"
},
{
"name" : "RHSA-2018:2837",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2837"
},
{
"name" : "RHSA-2018:2838",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2838"
},
{
"name" : "105434",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105434"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that ceph-isci-cli package as shipped by Red Hat Ceph Storage 2 and 3 is using python-werkzeug in debug shell mode. This is done by setting debug=True in file /usr/bin/rbd-target-api provided by ceph-isci-cli package. This allows unauthenticated attackers to access this debug shell and escalate privileges. Once an attacker has successfully connected to this debug shell they will be able to execute arbitrary commands remotely. These commands will run with the same privileges as of user executing the application which is using python-werkzeug with debug shell mode enabled. In - Red Hat Ceph Storage 2 and 3, ceph-isci-cli package runs python-werkzeug library with root level permissions."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "9.8/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-77"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://access.redhat.com/articles/3623521",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/3623521"
},
{
"name": "105434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105434"
},
{
"name": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph-iscsi-cli/pull/121/commits/c3812075e30c76a800a961e7291087d357403f6b"
},
{
"name": "https://github.com/ceph/ceph-iscsi-cli/issues/120",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph-iscsi-cli/issues/120"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14649"
},
{
"name": "RHSA-2018:2838",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2838"
},
{
"name": "RHSA-2018:2837",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2837"
}
]
}
}

130
2018/15xxx/CVE-2018-15335.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"ID" : "CVE-2018-15335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP (APM)",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0-13.1.x"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"ID": "CVE-2018-15335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP (APM)",
"version": {
"version_data": [
{
"version_value": "13.0.0-13.1.x"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K27617652",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K27617652"
},
{
"name" : "106355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM and the OAuth authorization server is lost, APM may not display the intended message in the failure response"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106355"
},
{
"name": "https://support.f5.com/csp/article/K27617652",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K27617652"
}
]
}
}

34
2018/15xxx/CVE-2018-15545.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15545",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15545",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15741.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15741",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15741",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/15xxx/CVE-2018-15936.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105432",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105432"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105432",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105432"
}
]
}
}

120
2018/20xxx/CVE-2018-20438.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html",
"refsource" : "MISC",
"url" : "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Technicolor TC7110.AR STD3.38.03 devices allow remote attackers to discover Wi-Fi credentials via iso.3.6.1.4.1.2863.205.10.1.30.4.1.14.1.3.32 and iso.3.6.1.4.1.2863.205.10.1.30.4.2.4.1.2.32 SNMP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html",
"refsource": "MISC",
"url": "https://misteralfa-hack.blogspot.com/2018/12/technicolor-passwords-wireless-via-snmp.html"
}
]
}
}

120
2018/20xxx/CVE-2018-20450.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/evanmiller/libxls/issues/34",
"refsource" : "MISC",
"url" : "https://github.com/evanmiller/libxls/issues/34"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_MSAT function in ole.c in libxls 1.4.0 has a double free that allows attackers to cause a denial of service (application crash) via a crafted file, a different vulnerability than CVE-2017-2897."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/evanmiller/libxls/issues/34",
"refsource": "MISC",
"url": "https://github.com/evanmiller/libxls/issues/34"
}
]
}
}

34
2018/20xxx/CVE-2018-20521.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20521",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20521",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2018/8xxx/CVE-2018-8011.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-07-17",
"ID" : "CVE-2018-8011",
"STATE" : "PUBLIC",
"TITLE" : "mod_md, DoS via Coredumps on specially crafted requests"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache HTTP Server",
"version" : {
"version_data" : [
{
"version_value" : "Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "The issue was discovered by Daniel Caminada <daniel.caminada@ergon.ch>."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
}
]
},
"impact" : [
{
"lang" : "eng",
"url" : "https://httpd.apache.org/security/impact_levels.html#moderate",
"value" : "moderate"
}
],
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "(undefined)"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-17",
"ID": "CVE-2018-8011",
"STATE": "PUBLIC",
"TITLE": "mod_md, DoS via Coredumps on specially crafted requests"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache HTTP Server",
"version": {
"version_data": [
{
"version_value": "Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
"refsource" : "CONFIRM",
"url" : "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180926-0007/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180926-0007/"
},
{
"name" : "1041401",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041401"
}
]
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "The issue was discovered by Daniel Caminada <daniel.caminada@ergon.ch>."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.33)."
}
]
},
"impact": [
{
"lang": "eng",
"url": "https://httpd.apache.org/security/impact_levels.html#moderate",
"value": "moderate"
}
],
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "(undefined)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041401",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041401"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180926-0007/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180926-0007/"
},
{
"name": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011",
"refsource": "CONFIRM",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011"
}
]
}
}

120
2018/8xxx/CVE-2018-8092.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mautic before 2.13.0 allows CSV injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mautic/mautic/releases/tag/2.13.0",
"refsource" : "MISC",
"url" : "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mautic before 2.13.0 allows CSV injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mautic/mautic/releases/tag/2.13.0",
"refsource": "MISC",
"url": "https://github.com/mautic/mautic/releases/tag/2.13.0"
}
]
}
}

256
2018/8xxx/CVE-2018-8555.json
View File

@ -1,130 +1,130 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
},
{
"version_value" : "Windows Server 2019"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555"
},
{
"name" : "105775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105775"
},
{
"name" : "1042107",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105775"
},
{
"name": "1042107",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042107"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555"
}
]
}
}