admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:25:19 +00:00
parent e0ce5754ec
commit fdb3cb436b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3609 additions and 3609 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2002/1xxx/CVE-2002-1072.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-1072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented \"jolt\" style ICMP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html"
},
{
"name" : "20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/283999"
},
{
"name" : "5292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5292"
},
{
"name" : "zyxel-jolt-dos(9655)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9655.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented \"jolt\" style ICMP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zyxel-jolt-dos(9655)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9655.php"
},
{
"name": "20020724 [VulnWatch] Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html"
},
{
"name": "20020724 Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1)",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/283999"
},
{
"name": "5292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5292"
}
]
}
}

130
2003/0xxx/CVE-2003-0223.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0223",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS03-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018"
},
{
"name" : "oval:org.mitre.oval:def:66",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS03-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-018"
},
{
"name": "oval:org.mitre.oval:def:66",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A66"
}
]
}
}

270
2003/0xxx/CVE-2003-0255.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105215110111174&w=2"
},
{
"name" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource" : "MISC",
"url" : "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name" : "CLA-2003:694",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694"
},
{
"name" : "ESA-20030515-016",
"refsource" : "ENGARDE",
"url" : "http://marc.info/?l=bugtraq&m=105301357425157&w=2"
},
{
"name" : "20030515-016",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name" : "RHSA-2003:175",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name" : "RHSA-2003:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name" : "MDKSA-2003:061",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name" : "TLSA200334",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name" : "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105311804129104&w=2"
},
{
"name" : "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=105362224514081&w=2"
},
{
"name" : "VU#397604",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/397604"
},
{
"name" : "7497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/7497"
},
{
"name" : "4947",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4947"
},
{
"name" : "oval:org.mitre.oval:def:135",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name" : "gnupg-invalid-key-acceptance(11930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The key validation code in GnuPG before 1.2.2 does not properly determine the validity of keys with multiple user IDs and assigns the greatest validity of the most valid user ID, which prevents GnuPG from warning the encrypting user when a user ID does not have a trusted path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TLSA200334",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-34.txt"
},
{
"name": "RHSA-2003:175",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-175.html"
},
{
"name": "4947",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4947"
},
{
"name": "oval:org.mitre.oval:def:135",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A135"
},
{
"name": "20030522 [slackware-security] GnuPG key validation fix (SSA:2003-141-04)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105362224514081&w=2"
},
{
"name": "7497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7497"
},
{
"name": "20030516 [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105311804129104&w=2"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html",
"refsource": "MISC",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-3266.html"
},
{
"name": "MDKSA-2003:061",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:061"
},
{
"name": "gnupg-invalid-key-acceptance(11930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11930"
},
{
"name": "CLA-2003:694",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000694"
},
{
"name": "RHSA-2003:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-176.html"
},
{
"name": "20030515-016",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/engarde_advisory-3258.html"
},
{
"name": "ESA-20030515-016",
"refsource": "ENGARDE",
"url": "http://marc.info/?l=bugtraq&m=105301357425157&w=2"
},
{
"name": "VU#397604",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/397604"
},
{
"name": "20030504 Key validity bug in GnuPG 1.2.1 and earlier",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105215110111174&w=2"
}
]
}
}

130
2003/0xxx/CVE-2003-0284.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121"
},
{
"name" : "VU#184820",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/184820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat 5 does not properly validate JavaScript in PDF files, which allows remote attackers to write arbitrary files into the Plug-ins folder that spread to other PDF documents, as demonstrated by the W32.Yourde virus."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/downloads/detail.jsp?ftpID=2121"
},
{
"name": "VU#184820",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/184820"
}
]
}
}

160
2003/0xxx/CVE-2003-0547.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource" : "CONFIRM",
"url" : "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name" : "RHSA-2003:258",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name" : "CLA-2003:729",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729"
},
{
"name" : "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=106194792924122&w=2"
},
{
"name" : "oval:org.mitre.oval:def:112",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GDM before 2.4.1.6, when using the \"examine session errors\" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2003:729",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000729"
},
{
"name": "RHSA-2003:258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-258.html"
},
{
"name": "oval:org.mitre.oval:def:112",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A112"
},
{
"name": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html",
"refsource": "CONFIRM",
"url": "http://mail.gnome.org/archives/gnome-hackers/2003-August/msg00045.html"
},
{
"name": "20030824 [slackware-security] GDM security update (SSA:2003-236-01)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106194792924122&w=2"
}
]
}
}

250
2003/0xxx/CVE-2003-0854.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-0854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name" : "115",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/115"
},
{
"name" : "http://www.guninski.com/binls.html",
"refsource" : "MISC",
"url" : "http://www.guninski.com/binls.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name" : "CLA-2003:768",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768"
},
{
"name" : "CLA-2003:771",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771"
},
{
"name" : "DSA-705",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-705"
},
{
"name" : "IMNX-2003-7+-026-01",
"refsource" : "IMMUNIX",
"url" : "http://www.securityfocus.com/advisories/6014"
},
{
"name" : "MDKSA-2003:106",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
},
{
"name" : "RHSA-2003:309",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name" : "RHSA-2003:310",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name" : "TLSA-2003-60",
"refsource" : "TURBO",
"url" : "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name" : "10126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/10126"
},
{
"name" : "17069",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-705",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-705"
},
{
"name": "CLA-2003:771",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000771"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-213.pdf"
},
{
"name": "115",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/115"
},
{
"name": "CLA-2003:768",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000768"
},
{
"name": "20031022 Fun with /bin/ls, yet still ls better than windows",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-October/012548.html"
},
{
"name": "RHSA-2003:309",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-309.html"
},
{
"name": "TLSA-2003-60",
"refsource": "TURBO",
"url": "http://www.turbolinux.com/security/TLSA-2003-60.txt"
},
{
"name": "RHSA-2003:310",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-310.html"
},
{
"name": "IMNX-2003-7+-026-01",
"refsource": "IMMUNIX",
"url": "http://www.securityfocus.com/advisories/6014"
},
{
"name": "17069",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17069"
},
{
"name": "http://www.guninski.com/binls.html",
"refsource": "MISC",
"url": "http://www.guninski.com/binls.html"
},
{
"name": "10126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10126"
},
{
"name": "MDKSA-2003:106",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:106"
}
]
}
}

34
2003/1xxx/CVE-2003-1130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1130",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2003-1130",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2003-1071. Reason: This candidate is a duplicate of CVE-2003-1071. Notes: All CVE users should reference CVE-2003-1071 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

130
2003/1xxx/CVE-2003-1222.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA03-41.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/63"
},
{
"name" : "9034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9034"
},
{
"name": "BEA03-41.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/63"
}
]
}
}

140
2003/1xxx/CVE-2003-1419.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2003-1419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
},
{
"name" : "6959",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6959"
},
{
"name" : "netscape-javascript-reformatdate-dos(11444)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030225 Re: Netscape 6/7 crashes by a simple stylesheet...",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0338.html"
},
{
"name": "6959",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6959"
},
{
"name": "netscape-javascript-reformatdate-dos(11444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11444"
}
]
}
}

250
2004/0xxx/CVE-2004-0184.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108067265931525&w=2"
},
{
"name" : "http://www.rapid7.com/advisories/R7-0017.html",
"refsource" : "MISC",
"url" : "http://www.rapid7.com/advisories/R7-0017.html"
},
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "DSA-478",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2004/dsa-478"
},
{
"name" : "FEDORA-2004-1468",
"refsource" : "FEDORA",
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=1468"
},
{
"name" : "RHSA-2004:219",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-219.html"
},
{
"name" : "2004-0015",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0015"
},
{
"name" : "VU#492558",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/492558"
},
{
"name" : "10004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10004"
},
{
"name" : "oval:org.mitre.oval:def:976",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A976"
},
{
"name" : "oval:org.mitre.oval:def:9581",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9581"
},
{
"name" : "1009593",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1009593"
},
{
"name" : "11258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11258"
},
{
"name" : "tcpdump-isakmp-integer-underflow(15679)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#492558",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/492558"
},
{
"name": "RHSA-2004:219",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-219.html"
},
{
"name": "1009593",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009593"
},
{
"name": "DSA-478",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-478"
},
{
"name": "11258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11258"
},
{
"name": "2004-0015",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0015"
},
{
"name": "oval:org.mitre.oval:def:9581",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9581"
},
{
"name": "http://www.rapid7.com/advisories/R7-0017.html",
"refsource": "MISC",
"url": "http://www.rapid7.com/advisories/R7-0017.html"
},
{
"name": "FEDORA-2004-1468",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=1468"
},
{
"name": "10004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10004"
},
{
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name": "oval:org.mitre.oval:def:976",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A976"
},
{
"name": "20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108067265931525&w=2"
},
{
"name": "tcpdump-isakmp-integer-underflow(15679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15679"
}
]
}
}

160
2004/0xxx/CVE-2004-0207.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "\"Shatter\" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041013 SetWindowLong Shatter Attacks",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=109777417922695&w=2"
},
{
"name" : "MS04-032",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-032"
},
{
"name" : "win-mngmt-api-gain-privileges(16579)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16579"
},
{
"name" : "win-ms04032-patch(17658)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17658"
},
{
"name" : "VU#218526",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/218526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "\"Shatter\" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "win-mngmt-api-gain-privileges(16579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16579"
},
{
"name": "20041013 SetWindowLong Shatter Attacks",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109777417922695&w=2"
},
{
"name": "VU#218526",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/218526"
},
{
"name": "win-ms04032-patch(17658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17658"
},
{
"name": "MS04-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-032"
}
]
}
}

250
2004/0xxx/CVE-2004-0942.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-0942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041101 DoS in Apache 2.0.52 ?",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name" : "APPLE-SA-2005-08-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name" : "APPLE-SA-2005-08-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name" : "SSRT4876",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=110384374213596&w=2"
},
{
"name" : "HPSBUX01123",
"refsource" : "HP",
"url" : "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123"
},
{
"name" : "MDKSA-2004:135",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:135"
},
{
"name" : "RHSA-2004:562",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2004-562.html"
},
{
"name" : "102198",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name" : "2004-0061",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2004/0061/"
},
{
"name" : "oval:org.mitre.oval:def:10962",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10962"
},
{
"name" : "ADV-2006-0789",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0789"
},
{
"name" : "19072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19072"
},
{
"name" : "apache-http-get-dos(17930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2004:562",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-562.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20041101 DoS in Apache 2.0.52 ?",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028248.html"
},
{
"name": "MDKSA-2004:135",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:135"
},
{
"name": "apache-http-get-dos(17930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17930"
},
{
"name": "19072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19072"
},
{
"name": "HPSBUX01123",
"refsource": "HP",
"url": "http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX01123"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "2004-0061",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2004/0061/"
},
{
"name": "SSRT4876",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=110384374213596&w=2"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:10962",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10962"
},
{
"name": "102198",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name": "ADV-2006-0789",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0789"
}
]
}
}

150
2004/2xxx/CVE-2004-2532.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
},
{
"name" : "10886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/10886"
},
{
"name" : "8877",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8877"
},
{
"name" : "servu-default-admin-account(16925)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10886"
},
{
"name": "servu-default-admin-account(16925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16925"
},
{
"name": "8877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8877"
},
{
"name": "20040808 Serv-U 3.x, 4.x, 5.x local privilege escalation vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0216.html"
}
]
}
}

170
2004/2xxx/CVE-2004-2675.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-2675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html"
},
{
"name" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx"
},
{
"name" : "9770",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9770"
},
{
"name" : "11332",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/11332"
},
{
"name" : "11002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/11002"
},
{
"name" : "argosoftftp-site-pass-dos(15412)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9770",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9770"
},
{
"name": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx",
"refsource": "CONFIRM",
"url": "http://www.argosoft.com/rootpages/FtpServer/ChangeList.aspx"
},
{
"name": "11002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11002"
},
{
"name": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/5RP010KCAO.html"
},
{
"name": "11332",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/11332"
},
{
"name": "argosoftftp-site-pass-dos(15412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15412"
}
]
}
}

150
2008/2xxx/CVE-2008-2065.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5508",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5508"
},
{
"name" : "28963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28963"
},
{
"name" : "29981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29981"
},
{
"name" : "jokessitescript-jokes-sql-injection(42047)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42047"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site Script allows remote attackers to execute arbitrary SQL commands via the catagorie parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28963"
},
{
"name": "29981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29981"
},
{
"name": "jokessitescript-jokes-sql-injection(42047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42047"
},
{
"name": "5508",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5508"
}
]
}
}

300
2008/2xxx/CVE-2008-2382.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name" : "http://www.coresecurity.com/content/vnc-remote-dos",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name" : "FEDORA-2008-11705",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name" : "SUSE-SR:2009:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name" : "SUSE-SR:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name" : "USN-776-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name" : "32910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32910"
},
{
"name" : "34642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34642"
},
{
"name" : "35062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35062"
},
{
"name" : "ADV-2008-3488",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name" : "ADV-2008-3489",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name" : "1021488",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021488"
},
{
"name" : "1021489",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021489"
},
{
"name" : "33293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33293"
},
{
"name" : "33303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33303"
},
{
"name" : "33350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33350"
},
{
"name" : "33568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33568"
},
{
"name" : "4803",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4803"
},
{
"name" : "qemu-kvm-protocolclientmsg-dos(47561)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name": "1021489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021489"
},
{
"name": "4803",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4803"
},
{
"name": "ADV-2008-3488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3488"
},
{
"name": "FEDORA-2008-11705",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html"
},
{
"name": "33303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33303"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "33293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33293"
},
{
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name": "33350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33350"
},
{
"name": "http://www.coresecurity.com/content/vnc-remote-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vnc-remote-dos"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499502/100/0/threaded"
},
{
"name": "1021488",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021488"
},
{
"name": "32910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32910"
},
{
"name": "ADV-2008-3489",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3489"
},
{
"name": "qemu-kvm-protocolclientmsg-dos(47561)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47561"
}
]
}
}

160
2012/0xxx/CVE-2012-0401.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-0401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html"
},
{
"name" : "52557",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52557"
},
{
"name" : "1026819",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026819"
},
{
"name" : "48484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48484"
},
{
"name" : "envision-unspec-sql-injection(74137)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before 4.1 Patch 4 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52557",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52557"
},
{
"name": "48484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48484"
},
{
"name": "envision-unspec-sql-injection(74137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74137"
},
{
"name": "1026819",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026819"
},
{
"name": "20120318 ESA-2012-014: RSA enVision Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0081.html"
}
]
}
}

160
2012/0xxx/CVE-2012-0524.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-0524",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-0524",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "53127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53127"
},
{
"name" : "1026954",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026954"
},
{
"name" : "48882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48882"
},
{
"name": "53127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53127"
},
{
"name": "1026954",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026954"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

160
2012/1xxx/CVE-2012-1310.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw"
},
{
"name" : "52753",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52753"
},
{
"name" : "80696",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80696"
},
{
"name" : "1026861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026861"
},
{
"name" : "48608",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, and 15.2 allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted IP packets, aka Bug ID CSCto89536."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52753",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52753"
},
{
"name": "20120328 Cisco IOS Software Zone-Based Firewall Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120328-zbfw"
},
{
"name": "80696",
"refsource": "OSVDB",
"url": "http://osvdb.org/80696"
},
{
"name": "48608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48608"
},
{
"name": "1026861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026861"
}
]
}
}

130
2012/1xxx/CVE-2012-1338.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html"
},
{
"name" : "1027349",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches allows remote authenticated users to cause a denial of service (device reload) by completing local web authentication quickly, aka Bug ID CSCts88664."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027349",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027349"
},
{
"name": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/release/notes/OL25302.html"
}
]
}
}

180
2012/1xxx/CVE-2012-1665.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-1665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120404 Multiple vulnerabilities in osCmax",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23081",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23081"
},
{
"name" : "http://bugtrack.oscmax.com/view.php?id=1165",
"refsource" : "CONFIRM",
"url" : "http://bugtrack.oscmax.com/view.php?id=1165"
},
{
"name" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update",
"refsource" : "CONFIRM",
"url" : "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"
},
{
"name" : "80900",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80900"
},
{
"name" : "80901",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80901"
},
{
"name" : "80902",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23081",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23081"
},
{
"name": "80901",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80901"
},
{
"name": "20120404 Multiple vulnerabilities in osCmax",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0021.html"
},
{
"name": "http://bugtrack.oscmax.com/view.php?id=1165",
"refsource": "CONFIRM",
"url": "http://bugtrack.oscmax.com/view.php?id=1165"
},
{
"name": "80902",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80902"
},
{
"name": "80900",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80900"
},
{
"name": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update",
"refsource": "CONFIRM",
"url": "http://www.oscmax.com/blog/michael_s/oscmax_v251_has_been_released_security_update"
}
]
}
}

170
2012/1xxx/CVE-2012-1758.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-1758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-1758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54571",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54571"
},
{
"name" : "83961",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83961"
},
{
"name" : "1027268",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027268"
},
{
"name" : "supplychain-autovue-dos(77020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027268",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027268"
},
{
"name": "supplychain-autovue-dos(77020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77020"
},
{
"name": "83961",
"refsource": "OSVDB",
"url": "http://osvdb.org/83961"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "54571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54571"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

170
2012/5xxx/CVE-2012-5138.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-5138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=161564",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=161564"
},
{
"name" : "openSUSE-SU-2012:1637",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html"
},
{
"name" : "56741",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56741"
},
{
"name" : "oval:org.mitre.oval:def:15638",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638"
},
{
"name" : "51447",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51447"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 23.0.1271.95 does not properly handle file paths, which has unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/11/stable-channel-update_29.html"
},
{
"name": "openSUSE-SU-2012:1637",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-12/msg00004.html"
},
{
"name": "56741",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56741"
},
{
"name": "oval:org.mitre.oval:def:15638",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15638"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=161564",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=161564"
},
{
"name": "51447",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51447"
}
]
}
}

160
2012/5xxx/CVE-2012-5230.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://joomlaextensions.co.in/product/JE-Story-Submit",
"refsource" : "CONFIRM",
"url" : "http://joomlaextensions.co.in/product/JE-Story-Submit"
},
{
"name" : "51679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51679"
},
{
"name" : "78527",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78527"
},
{
"name" : "47728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47728"
},
{
"name" : "jestorysubmit-joomla-unspecified(72750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JE Story Submit (com_jesubmit) component before 1.9 for Joomla! has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47728"
},
{
"name": "http://joomlaextensions.co.in/product/JE-Story-Submit",
"refsource": "CONFIRM",
"url": "http://joomlaextensions.co.in/product/JE-Story-Submit"
},
{
"name": "51679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51679"
},
{
"name": "jestorysubmit-joomla-unspecified(72750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72750"
},
{
"name": "78527",
"refsource": "OSVDB",
"url": "http://osvdb.org/78527"
}
]
}
}

170
2012/5xxx/CVE-2012-5333.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18614",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18614"
},
{
"name" : "52539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52539"
},
{
"name" : "80190",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/80190"
},
{
"name" : "48443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48443"
},
{
"name" : "preprinting-multiple-sql-injection(74122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122"
},
{
"name" : "preprintingpress-multiple-sql-injection(74125)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in page.php in Pre Printing Press allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "preprintingpress-multiple-sql-injection(74125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74125"
},
{
"name": "18614",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18614"
},
{
"name": "48443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48443"
},
{
"name": "80190",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/80190"
},
{
"name": "52539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52539"
},
{
"name": "preprinting-multiple-sql-injection(74122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74122"
}
]
}
}

150
2012/5xxx/CVE-2012-5506.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-5506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-5506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource" : "CONFIRM",
"url" : "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name" : "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name" : "https://plone.org/products/plone/security/advisories/20121106/22",
"refsource" : "CONFIRM",
"url" : "https://plone.org/products/plone/security/advisories/20121106/22"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt",
"refsource": "CONFIRM",
"url": "https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt"
},
{
"name": "[oss-security] 20121109 Re: Re: CVE Request - Zope / Plone: Multiple vectors corrected within 20121106 fix",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/10/1"
},
{
"name": "https://plone.org/products/plone-hotfix/releases/20121106",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone-hotfix/releases/20121106"
},
{
"name": "https://plone.org/products/plone/security/advisories/20121106/22",
"refsource": "CONFIRM",
"url": "https://plone.org/products/plone/security/advisories/20121106/22"
}
]
}
}

160
2017/11xxx/CVE-2017-11698.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Aug/17"
},
{
"name" : "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name" : "http://www.geeknik.net/9brdqk6xu",
"refsource" : "MISC",
"url" : "http://www.geeknik.net/9brdqk6xu"
},
{
"name" : "100345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100345"
},
{
"name" : "1039153",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039153"
},
{
"name": "100345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100345"
},
{
"name": "http://www.geeknik.net/9brdqk6xu",
"refsource": "MISC",
"url": "http://www.geeknik.net/9brdqk6xu"
},
{
"name": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html"
},
{
"name": "20170811 Multiple unpatched flaws exist in NSS (CVE-2017-11695, CVE-2017-11696, CVE-2017-11697, CVE-2017-11698)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Aug/17"
}
]
}
}

130
2017/7xxx/CVE-2017-7113.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-7113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"UIKit\" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-7113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208222",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208222"
},
{
"name" : "1039703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.1 is affected. The issue involves the \"UIKit\" component. It allows attackers to bypass intended read restrictions for secure text fields via vectors involving a focus-change event."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208222",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208222"
},
{
"name": "1039703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039703"
}
]
}
}

250
2017/7xxx/CVE-2017-7184.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition",
"refsource" : "MISC",
"url" : "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition"
},
{
"name" : "https://blog.trendmicro.com/results-pwn2own-2017-day-one/",
"refsource" : "MISC",
"url" : "https://blog.trendmicro.com/results-pwn2own-2017-day-one/"
},
{
"name" : "https://twitter.com/thezdi/status/842126074435665920",
"refsource" : "MISC",
"url" : "https://twitter.com/thezdi/status/842126074435665920"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df"
},
{
"name" : "http://openwall.com/lists/oss-security/2017/03/29/2",
"refsource" : "CONFIRM",
"url" : "http://openwall.com/lists/oss-security/2017/03/29/2"
},
{
"name" : "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a"
},
{
"name" : "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df"
},
{
"name" : "https://source.android.com/security/bulletin/2017-05-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name" : "RHSA-2017:2918",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name" : "RHSA-2017:2930",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2930"
},
{
"name" : "RHSA-2017:2931",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name" : "97018",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97018"
},
{
"name" : "1038166",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.trendmicro.com/results-pwn2own-2017-day-one/",
"refsource": "MISC",
"url": "https://blog.trendmicro.com/results-pwn2own-2017-day-one/"
},
{
"name": "RHSA-2017:2918",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2918"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a"
},
{
"name": "RHSA-2017:2931",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2931"
},
{
"name": "97018",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97018"
},
{
"name": "https://source.android.com/security/bulletin/2017-05-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-05-01"
},
{
"name": "1038166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038166"
},
{
"name": "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/f843ee6dd019bcece3e74e76ad9df0155655d0df"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df"
},
{
"name": "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition",
"refsource": "MISC",
"url": "http://www.eweek.com/security/ubuntu-linux-falls-on-day-1-of-pwn2own-hacking-competition"
},
{
"name": "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/677e806da4d916052585301785d847c3b3e6186a"
},
{
"name": "https://twitter.com/thezdi/status/842126074435665920",
"refsource": "MISC",
"url": "https://twitter.com/thezdi/status/842126074435665920"
},
{
"name": "http://openwall.com/lists/oss-security/2017/03/29/2",
"refsource": "CONFIRM",
"url": "http://openwall.com/lists/oss-security/2017/03/29/2"
},
{
"name": "RHSA-2017:2930",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2930"
}
]
}
}

160
2017/7xxx/CVE-2017-7601.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-7601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-7601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
},
{
"name" : "DSA-3844",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3844"
},
{
"name" : "GLSA-201709-27",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-27"
},
{
"name" : "USN-3602-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3602-1/"
},
{
"name" : "97511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97511"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LibTIFF 4.0.7 has a \"shift exponent too large for 64-bit type long\" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes"
},
{
"name": "DSA-3844",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3844"
},
{
"name": "97511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97511"
},
{
"name": "GLSA-201709-27",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-27"
},
{
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
}
]
}
}

120
2017/7xxx/CVE-2017-7731.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"ID" : "CVE-2017-7731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Fortinet FortiPortal",
"version" : {
"version_data" : [
{
"version_value" : "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name" : "Fortinet, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"ID": "CVE-2017-7731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fortinet FortiPortal",
"version": {
"version_data": [
{
"version_value": "FortiPortal versions 4.0.0 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/psirt/FG-IR-17-114",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/psirt/FG-IR-17-114"
}
]
}
}

120
2017/7xxx/CVE-2017-7915.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-7915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Moxa OnCell",
"version" : {
"version_data" : [
{
"version_value" : "Moxa OnCell"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-307"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-7915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Moxa OnCell",
"version": {
"version_data": [
{
"version_value": "Moxa OnCell"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previous versions, OnCell 5104-HSDPA, OnCell 5104-HSPA, and OnCell 5004-HSPA. An attacker can freely use brute force to determine parameters needed to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-307"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-143-01"
}
]
}
}

122
2017/8xxx/CVE-2017-8140.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00",
"ID" : "CVE-2017-8140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "P9 Plus",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier than VIE-AL10BC00B353"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Double Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "P9 Plus",
"version": {
"version_data": [
{
"version_value": "Versions earlier than VIE-AL10BC00B353"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The soundtrigger driver in P9 Plus smart phones with software versions earlier than VIE-AL10BC00B353 has a memory double free vulnerability. An attacker tricks a user into installing a malicious application, and the application can start multiple threads and try to free specific memory, which could triggers double free and causes a system crash or arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170605-01-smartphone-en"
}
]
}
}

34
2017/8xxx/CVE-2017-8423.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8423",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8423",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2017/8xxx/CVE-2017-8715.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-10-10T00:00:00",
"ID" : "CVE-2017-8715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Device Guard",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Windows Security Feature Bypass\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-10-10T00:00:00",
"ID": "CVE-2017-8715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Device Guard",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715"
},
{
"name" : "101163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101163"
},
{
"name" : "1039526",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039526"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka \"Windows Security Feature Bypass\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039526",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039526"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8715"
},
{
"name": "101163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101163"
}
]
}
}

200
2017/8xxx/CVE-2017-8890.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-8890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name" : "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name" : "https://source.android.com/security/bulletin/2017-09-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name" : "DSA-3886",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3886"
},
{
"name" : "RHSA-2017:2669",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name" : "RHSA-2017:1842",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name" : "RHSA-2017:2077",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name" : "RHSA-2018:1854",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name" : "98562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98562"
},
{
"name": "https://source.android.com/security/bulletin/2017-09-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-09-01"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/657831ffc38e30092a2d5f03d385d710eb88b09a"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "DSA-3886",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3886"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
}
]
}
}

130
2018/10xxx/CVE-2018-10813.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-10813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/aprendecondedos/dedos-web/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/aprendecondedos/dedos-web/pull/1"
},
{
"name" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune",
"refsource" : "MISC",
"url" : "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Dedos-web 1.0, the cookie and session secrets used in the Express.js application have hardcoded values that are visible in the source code published on GitHub. An attacker can edit the contents of the session cookie and re-sign it using the hardcoded secret. Due to the use of Passport.js, this could lead to privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune",
"refsource": "MISC",
"url": "https://www.digitalinterruption.com/single-post/2018/06/04/Are-Your-Cookies-Telling-Your-Fortune"
},
{
"name": "https://github.com/aprendecondedos/dedos-web/pull/1",
"refsource": "MISC",
"url": "https://github.com/aprendecondedos/dedos-web/pull/1"
}
]
}
}

202
2018/10xxx/CVE-2018-10861.json
View File

@ -1,103 +1,103 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-07-09T00:00:00",
"ID" : "CVE-2018-10861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ceph",
"version" : {
"version_data" : [
{
"version_value" : "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-07-09T00:00:00",
"ID": "CVE-2018-10861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ceph",
"version": {
"version_data": [
{
"version_value": "all versions in branches master, mimic, luminous and jewel"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tracker.ceph.com/issues/24838",
"refsource" : "CONFIRM",
"url" : "http://tracker.ceph.com/issues/24838"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1593308",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"name" : "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc",
"refsource" : "CONFIRM",
"url" : "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name" : "DSA-4339",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4339"
},
{
"name" : "RHSA-2018:2177",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name" : "RHSA-2018:2179",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name" : "RHSA-2018:2261",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name" : "RHSA-2018:2274",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name" : "104742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in the way ceph mon handles user requests. Any authenticated ceph user having read access to ceph can delete, create ceph storage pools and corrupt snapshot images. Ceph branches master, mimic, luminous and jewel are believed to be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2261",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2261"
},
{
"name": "RHSA-2018:2177",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2177"
},
{
"name": "RHSA-2018:2179",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2179"
},
{
"name": "RHSA-2018:2274",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2274"
},
{
"name": "104742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104742"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593308"
},
{
"name": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc",
"refsource": "CONFIRM",
"url": "https://github.com/ceph/ceph/commit/975528f632f73fbffa3f1fee304e3bbe3296cffc"
},
{
"name": "DSA-4339",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4339"
},
{
"name": "http://tracker.ceph.com/issues/24838",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/24838"
}
]
}
}

120
2018/12xxx/CVE-2018-12335.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource" : "MISC",
"url" : "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect access control in ECOS System Management Appliance (aka SMA) 5.2.68 allows a user to compromise authentication keys, and access and manipulate security relevant configurations, via unrestricted database access during Easy Enrollment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html",
"refsource": "MISC",
"url": "https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html"
}
]
}
}

140
2018/12xxx/CVE-2018-12831.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-12831",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader",
"version" : {
"version_data" : [
{
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-12831",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader",
"version": {
"version_data": [
{
"version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name" : "105441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105441"
},
{
"name" : "1041809",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105441"
}
]
}
}

130
2018/13xxx/CVE-2018-13226.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sell function of a smart contract implementation for YLCToken, an Ethereum token, has an integer overflow in which \"amount * sellPrice\" can be zero, consequently reducing a seller's assets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/YLCToken"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/ETHEREUMBLACK/sell%20integer%20overflow.md"
}
]
}
}

34
2018/13xxx/CVE-2018-13257.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13257",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13257",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/13xxx/CVE-2018-13301.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b",
"refsource" : "MISC",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b"
},
{
"name" : "104675",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FFmpeg 4.0.1, due to a missing check of a profile value before setting it, the ff_mpeg4_decode_picture_header function in libavcodec/mpeg4videodec.c may trigger a NULL pointer dereference while converting a crafted AVI file to MPEG4, leading to a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/2aa9047486dbff12d9e040f917e5f799ed2fd78b"
},
{
"name": "104675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104675"
}
]
}
}

132
2018/13xxx/CVE-2018-13397.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00",
"ID" : "CVE-2018-13397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sourcetree for Windows",
"version" : {
"version_data" : [
{
"version_affected" : ">=",
"version_value" : "0.5.1.0"
},
{
"version_affected" : "<",
"version_value" : "3.0.0"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Argument Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-13397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sourcetree for Windows",
"version": {
"version_data": [
{
"version_affected": ">=",
"version_value": "0.5.1.0"
},
{
"version_affected": "<",
"version_value": "3.0.0"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.atlassian.com/browse/SRCTREEWIN-9077",
"refsource" : "CONFIRM",
"url" : "https://jira.atlassian.com/browse/SRCTREEWIN-9077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Argument Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.atlassian.com/browse/SRCTREEWIN-9077",
"refsource": "CONFIRM",
"url": "https://jira.atlassian.com/browse/SRCTREEWIN-9077"
}
]
}
}

130
2018/13xxx/CVE-2018-13463.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-13463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-13463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap",
"refsource" : "MISC",
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mintToken function of a smart contract implementation for T-Swap-Token (T-S-T), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TSwap"
}
]
}
}

34
2018/17xxx/CVE-2018-17525.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-17525",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-17525",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/9xxx/CVE-2018-9616.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-9616",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-9616",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/9xxx/CVE-2018-9937.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0.29935"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-704-Incorrect Type Conversion or Cast"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-9937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.0.29935"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-321",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-321"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of subform elements. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5371."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-704-Incorrect Type Conversion or Cast"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-321",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-321"
}
]
}
}