admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:36:41 +00:00
parent ba8c8ae9cd
commit fdcddaab27
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3167 additions and 3167 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0477.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0477", "ID": "CVE-2002-0477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the \"exec\" FSCommand."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020109 Shockwave Flash player issue", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101071988413107&w=2" "lang": "eng",
}, "value": "Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the \"exec\" FSCommand."
{ }
"name" : "20020319 More SWF vulnerabilities?", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/262990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm" ]
}, },
{ "references": {
"name" : "flash-fscommand-exec(8587)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8587.php" "name": "http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm",
}, "refsource": "CONFIRM",
{ "url": "http://www.macromedia.com/support/flash/ts/documents/swf_clear.htm"
"name" : "4321", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4321" "name": "20020109 Shockwave Flash player issue",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=101071988413107&w=2"
} },
} {
"name": "20020319 More SWF vulnerabilities?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/262990"
},
{
"name": "flash-fscommand-exec(8587)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8587.php"
},
{
"name": "http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/support/flash/ts/documents/standalone_update.htm"
},
{
"name": "4321",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4321"
}
]
}
}

200
2002/0xxx/CVE-2002-0648.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0648", "ID": "CVE-2002-0648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose \"src\" attribute redirects to a local file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020823 Accessing remote/local content in IE (GM#009-IE)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103011639524314&w=2" "lang": "eng",
}, "value": "The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose \"src\" attribute redirects to a local file."
{ }
"name" : "MS02-047", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5560", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5560" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:1026", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:1148", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148" "name": "MS02-047",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047"
"name" : "oval:org.mitre.oval:def:1207", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207" "name": "oval:org.mitre.oval:def:1207",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207"
"name" : "oval:org.mitre.oval:def:608", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608" "name": "5560",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/5560"
"name" : "oval:org.mitre.oval:def:776", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776" "name": "oval:org.mitre.oval:def:1026",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026"
"name" : "ie-xml-redirect-read-files(9936)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9936.php" "name": "oval:org.mitre.oval:def:776",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776"
} },
} {
"name": "ie-xml-redirect-read-files(9936)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9936.php"
},
{
"name": "oval:org.mitre.oval:def:1148",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148"
},
{
"name": "oval:org.mitre.oval:def:608",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608"
},
{
"name": "20020823 Accessing remote/local content in IE (GM#009-IE)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103011639524314&w=2"
}
]
}
}

150
2002/1xxx/CVE-2002-1657.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1657", "ID": "CVE-2002-1657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[pgsql-admin] 20020821 Re: OT: password encryption (salt theory)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php" "lang": "eng",
}, "value": "PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack."
{ }
"name" : "20050420 Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=111402558115859&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20050420 Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111403050902165&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "postgresql-md5-salt-weak-security(20215)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20215" ]
} },
] "references": {
} "reference_data": [
} {
"name": "postgresql-md5-salt-weak-security(20215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20215"
},
{
"name": "20050420 Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111402558115859&w=2"
},
{
"name": "20050420 Re: Postgres: pg_hba.conf, md5, pg_shadow, encrypted passwords",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111403050902165&w=2"
},
{
"name": "[pgsql-admin] 20020821 Re: OT: password encryption (salt theory)",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-admin/2002-08/msg00253.php"
}
]
}
}

140
2002/1xxx/CVE-2002-1722.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1722", "ID": "CVE-2002-1722",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020502 Logitech Keyboard Insecurity", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/270702" "lang": "eng",
}, "value": "Logitech iTouch keyboards allows attackers with physical access to the system to bypass the screen locking function and execute user-defined commands that have been assigned to a button."
{ }
"name" : "logitech-itouch-execute-commands(8994)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8994" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4662", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4662" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "logitech-itouch-execute-commands(8994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8994"
},
{
"name": "4662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4662"
},
{
"name": "20020502 Logitech Keyboard Insecurity",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/270702"
}
]
}
}

150
2002/1xxx/CVE-2002-1932.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1932", "ID": "CVE-2002-1932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the \"Do not overwrite events (clear log manually)\" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021011 A full event log does not send administrative alerts", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/295341" "lang": "eng",
}, "value": "Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the \"Do not overwrite events (clear log manually)\" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection."
{ }
"name" : "Q329350", ]
"refsource" : "MSKB", },
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];329350" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5972", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5972" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "win-admin-alerts-fail(10377)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/10377.php" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20021011 A full event log does not send administrative alerts",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/295341"
},
{
"name": "5972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5972"
},
{
"name": "Q329350",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];329350"
},
{
"name": "win-admin-alerts-fail(10377)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10377.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2115.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2115", "ID": "CVE-2002-2115",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.h14m.org/SA/2002/hns-SA-2002-01.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.h14m.org/SA/2002/hns-SA-2002-01.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML."
{ }
"name" : "4102", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4102" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "hns-cgi-css(8204)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/8204.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.h14m.org/SA/2002/hns-SA-2002-01.txt",
"refsource": "CONFIRM",
"url": "http://www.h14m.org/SA/2002/hns-SA-2002-01.txt"
},
{
"name": "4102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4102"
},
{
"name": "hns-cgi-css(8204)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8204.php"
}
]
}
}

130
2005/0xxx/CVE-2005-0243.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0243", "ID": "CVE-2005-0243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2005-2/advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2005-2/advisory/" "lang": "eng",
}, "value": "Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions."
{ }
"name" : "13712", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/13712" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secunia.com/secunia_research/2005-2/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-2/advisory/"
},
{
"name": "13712",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13712"
}
]
}
}

160
2005/0xxx/CVE-2005-0632.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0632", "ID": "CVE-2005-0632",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050301 PHP News <= 1.2.4 - Remote File Inclusion (VXSfx)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110971663824719&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter."
{ }
"name" : "20050303 PHP News <= 1.2.4 - Remote File Inclusion Exploit", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110989169008570&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12696", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12696" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013345", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013345" ]
}, },
{ "references": {
"name" : "14449", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14449" "name": "1013345",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1013345"
} },
} {
"name": "12696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12696"
},
{
"name": "20050303 PHP News <= 1.2.4 - Remote File Inclusion Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110989169008570&w=2"
},
{
"name": "20050301 PHP News <= 1.2.4 - Remote File Inclusion (VXSfx)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110971663824719&w=2"
},
{
"name": "14449",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14449"
}
]
}
}

140
2005/1xxx/CVE-2005-1149.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1149", "ID": "CVE-2005-1149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "13148", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13148" "lang": "eng",
}, "value": "SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters."
{ }
"name" : "1013681", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1013681" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15494", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/15494" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "15494",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15494"
},
{
"name": "1013681",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013681"
},
{
"name": "13148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13148"
}
]
}
}

34
2005/1xxx/CVE-2005-1389.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-1389", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-1389",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0175. Reason: This candidate is a duplicate of CVE-2005-0175. Notes: All CVE users should reference CVE-2005-0175 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0175. Reason: This candidate is a duplicate of CVE-2005-0175. Notes: All CVE users should reference CVE-2005-0175 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2005/1xxx/CVE-2005-1682.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1682", "ID": "CVE-2005-1682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating \"The report makes references to source code and files that do not exist in the mentioned products.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050519 JavaMail Information Disclosure (msgno)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111653029605189&w=2" "lang": "eng",
}, "value": "** DISPUTED ** JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating \"The report makes references to source code and files that do not exist in the mentioned products.\""
{ }
"name" : "ADV-2005-0574", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2005/0574" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0574"
},
{
"name": "20050519 JavaMail Information Disclosure (msgno)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111653029605189&w=2"
}
]
}
}

34
2009/0xxx/CVE-2009-0073.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2009-0073", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2009-0073",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
} }
] ]
} }
} }

160
2009/0xxx/CVE-2009-0263.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0263", "ID": "CVE-2009-0263",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7742", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7742" "lang": "eng",
}, "value": "Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file."
{ }
"name" : "33226", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33226" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14756", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-0113", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/0113" ]
}, },
{ "references": {
"name" : "33478", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33478" "name": "oval:org.mitre.oval:def:14756",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14756"
} },
} {
"name": "ADV-2009-0113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0113"
},
{
"name": "33226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33226"
},
{
"name": "33478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33478"
},
{
"name": "7742",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7742"
}
]
}
}

130
2009/0xxx/CVE-2009-0479.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0479", "ID": "CVE-2009-0479",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "51711", "description_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/51711" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in admin/admin_login.php in Online Grades 3.2.4 allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "33767", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33767" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51711",
"refsource": "OSVDB",
"url": "http://osvdb.org/51711"
},
{
"name": "33767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33767"
}
]
}
}

340
2009/1xxx/CVE-2009-1387.json
View File

@ -1,172 +1,172 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1387", "ID": "CVE-2009-1387",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/06/02/1" "lang": "eng",
}, "value": "The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL before 1.0.0 Beta 2 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence DTLS handshake message, related to a \"fragment bug.\""
{ }
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", ]
"refsource" : "MLIST", },
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cvs.openssl.org/chngview?cn=17958", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.openssl.org/chngview?cn=17958" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest", ]
"refsource" : "CONFIRM", }
"url" : "http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest" ]
}, },
{ "references": {
"name" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net" "name": "38794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38794"
"name" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html", },
"refsource" : "CONFIRM", {
"url" : "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html" "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
}, "refsource": "MLIST",
{ "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
"name" : "GLSA-200912-01", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200912-01.xml" "name": "http://cvs.openssl.org/chngview?cn=17958",
}, "refsource": "CONFIRM",
{ "url": "http://cvs.openssl.org/chngview?cn=17958"
"name" : "HPSBMA02492", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" "name": "35729",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35729"
"name" : "SSRT100079", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444" "name": "GLSA-200912-01",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml"
"name" : "NetBSD-SA2009-009", },
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc" "name": "[oss-security] 20090602 Re: Two OpenSSL DTLS remote DoS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/06/02/1"
"name" : "RHSA-2009:1335", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1335.html" "name": "RHSA-2009:1335",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1335.html"
"name" : "SUSE-SR:2009:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html" "name": "HPSBMA02492",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
"name" : "USN-792-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-792-1" "name": "37003",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37003"
"name" : "oval:org.mitre.oval:def:10740", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740" "name": "36533",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36533"
"name" : "oval:org.mitre.oval:def:7592", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592" "name": "USN-792-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-792-1"
"name" : "35571", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35571" "name": "http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest",
}, "refsource": "CONFIRM",
{ "url": "http://rt.openssl.org/Ticket/Display.html?id=1838&user=guest&pass=guest"
"name" : "35685", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35685" "name": "oval:org.mitre.oval:def:7592",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7592"
"name" : "35729", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35729" "name": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html",
}, "refsource": "CONFIRM",
{ "url": "http://voodoo-circle.sourceforge.net/sa/sa-20091012-01.html"
"name" : "37003", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37003" "name": "NetBSD-SA2009-009",
}, "refsource": "NETBSD",
{ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-009.txt.asc"
"name" : "38794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38794" "name": "38834",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38834"
"name" : "38834", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38834" "name": "35685",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35685"
"name" : "36533", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36533" "name": "35571",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35571"
"name" : "ADV-2010-0528", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0528" "name": "SUSE-SR:2009:012",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
} },
} {
"name": "oval:org.mitre.oval:def:10740",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10740"
},
{
"name": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/mailarchive/message.php?msg_name=4AD43807.7080105%40users.sourceforge.net"
},
{
"name": "SSRT100079",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}

170
2009/1xxx/CVE-2009-1908.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1908", "ID": "CVE-2009-1908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dev.openskip.org/redmine/issues/show/677", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://dev.openskip.org/redmine/issues/show/677" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "http://portal.openskip.org/top/releasenote-ver1-0-0", ]
"refsource" : "CONFIRM", },
"url" : "http://portal.openskip.org/top/releasenote-ver1-0-0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#43233160", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN43233160/index.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "JVNDB-2009-000025", ]
"refsource" : "JVNDB", }
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000025.html" ]
}, },
{ "references": {
"name" : "34898", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34898" "name": "34898",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34898"
"name" : "35041", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35041" "name": "http://portal.openskip.org/top/releasenote-ver1-0-0",
} "refsource": "CONFIRM",
] "url": "http://portal.openskip.org/top/releasenote-ver1-0-0"
} },
} {
"name": "http://dev.openskip.org/redmine/issues/show/677",
"refsource": "CONFIRM",
"url": "http://dev.openskip.org/redmine/issues/show/677"
},
{
"name": "JVNDB-2009-000025",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000025.html"
},
{
"name": "JVN#43233160",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN43233160/index.html"
},
{
"name": "35041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35041"
}
]
}
}

180
2009/1xxx/CVE-2009-1910.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1910", "ID": "CVE-2009-1910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090508 BLIND SQL INJECTION exploit (GET var 'AlbumID')--RTWebalbum 1.0.462-->", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/503374/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows remote attackers to execute arbitrary SQL commands via the AlbumId parameter."
{ }
"name" : "8648", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8648" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log", ]
"refsource" : "CONFIRM", }
"url" : "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log" ]
}, },
{ "references": {
"name" : "34888", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34888" "name": "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log",
}, "refsource": "CONFIRM",
{ "url": "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log"
"name" : "35022", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35022" "name": "35022",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35022"
"name" : "rtwebalbum-index-sql-injection(50406)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50406" "name": "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/",
} "refsource": "CONFIRM",
] "url": "http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/"
} },
} {
"name": "34888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34888"
},
{
"name": "20090508 BLIND SQL INJECTION exploit (GET var 'AlbumID')--RTWebalbum 1.0.462-->",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503374/100/0/threaded"
},
{
"name": "rtwebalbum-index-sql-injection(50406)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50406"
},
{
"name": "8648",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8648"
}
]
}
}

140
2009/5xxx/CVE-2009-5086.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2009-5086", "ID": "CVE-2009-5086",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#44642341", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN44642341/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2011-000071", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000071.html" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2011-000071",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000071.html"
},
{
"name": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view",
"refsource": "CONFIRM",
"url": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view"
},
{
"name": "JVN#44642341",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN44642341/index.html"
}
]
}
}

140
2012/0xxx/CVE-2012-0014.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0014", "ID": "CVE-2012-0014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Unmanaged Objects Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-016", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016" "lang": "eng",
}, "value": "Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka \".NET Framework Unmanaged Objects Vulnerability.\""
{ }
"name" : "TA12-045A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:13972", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "TA12-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name": "MS12-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
},
{
"name": "oval:org.mitre.oval:def:13972",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13972"
}
]
}
}

150
2012/2xxx/CVE-2012-2223.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2223", "ID": "CVE-2012-2223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.novell.com/support/viewContent.do?externalId=7008244", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7008244" "lang": "eng",
}, "value": "The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors."
{ }
"name" : "http://www.novell.com/support/viewContent.do?externalId=7010044", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/viewContent.do?externalId=7010044" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.novell.com/support/viewContent.do?externalId=7010137", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.novell.com/support/viewContent.do?externalId=7010137" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "novell-zenworks-xplat-xst(74818)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818" ]
} },
] "references": {
} "reference_data": [
} {
"name": "novell-zenworks-xplat-xst(74818)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74818"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7010044",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7010044"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7010137",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7010137"
},
{
"name": "http://www.novell.com/support/viewContent.do?externalId=7008244",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=7008244"
}
]
}
}

34
2012/2xxx/CVE-2012-2650.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2650", "ID": "CVE-2012-2650",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2012/3xxx/CVE-2012-3122.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-3122", "ID": "CVE-2012-3122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54562", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54562" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "83929", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/83929" ]
}, },
{ "references": {
"name" : "1027274", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027274" "name": "solaris-sort1-cve20123122(77055)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77055"
"name" : "solaris-sort1-cve20123122(77055)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77055" "name": "1027274",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027274"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "54562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54562"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "83929",
"refsource": "OSVDB",
"url": "http://osvdb.org/83929"
}
]
}
}

150
2012/3xxx/CVE-2012-3464.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3464", "ID": "CVE-2012-3464",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rubyonrails-security] 20120810 Potential XSS Vulnerability in Ruby on Rails", "description_data": [
"refsource" : "MLIST", {
"url" : "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow remote attackers to inject arbitrary web script or HTML via vectors involving a ' (quote) character."
{ }
"name" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/", ]
"refsource" : "CONFIRM", },
"url" : "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:0154", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50694", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/50694" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/",
"refsource": "CONFIRM",
"url": "http://weblog.rubyonrails.org/2012/8/9/ann-rails-3-2-8-has-been-released/"
},
{
"name": "50694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50694"
},
{
"name": "RHSA-2013:0154",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
},
{
"name": "[rubyonrails-security] 20120810 Potential XSS Vulnerability in Ruby on Rails",
"refsource": "MLIST",
"url": "https://groups.google.com/group/rubyonrails-security/msg/8f1bbe1cef8c6caf?dmode=source&output=gplain"
}
]
}
}

130
2012/3xxx/CVE-2012-3885.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3885", "ID": "CVE-2012-3885",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120712 security advisory: AirDroid 1.0.4 beta", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html" "lang": "eng",
}, "value": "The default configuration of AirDroid 1.0.4 beta uses a four-character alphanumeric password, which makes it easier for remote attackers to obtain access via a brute-force attack."
{ }
"name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt", ]
"refsource" : "MISC", },
"url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120712 security advisory: AirDroid 1.0.4 beta",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt"
}
]
}
}

300
2012/3xxx/CVE-2012-3990.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3990", "ID": "CVE-2012-3990",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the IME State Manager implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code via unspecified vectors, related to the nsIContent::GetNameSpaceID function."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=787704", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=787704" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2569", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2569" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2565", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2565" ]
}, },
{ "references": {
"name" : "DSA-2572", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2572" "name": "50904",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50904"
"name" : "MDVSA-2012:163", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" "name": "50984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50984"
"name" : "RHSA-2012:1351", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" "name": "50935",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50935"
"name" : "SUSE-SU-2012:1351", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-87.html"
"name" : "USN-1611-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1611-1" "name": "50856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50856"
"name" : "oval:org.mitre.oval:def:16642", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642" "name": "DSA-2565",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2565"
"name" : "50856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50856" "name": "50892",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50892"
"name" : "50892", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50892" "name": "firefox-nsicontent-code-exec(79172)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79172"
"name" : "50904", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50904" "name": "DSA-2572",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2012/dsa-2572"
"name" : "50935", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50935" "name": "RHSA-2012:1351",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
"name" : "50936", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50936" "name": "oval:org.mitre.oval:def:16642",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16642"
"name" : "50984", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50984" "name": "50936",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50936"
"name" : "51181", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51181" "name": "51181",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51181"
"name" : "55318", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55318" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=787704",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=787704"
"name" : "firefox-nsicontent-code-exec(79172)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79172" "name": "55318",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/55318"
} },
} {
"name": "SUSE-SU-2012:1351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name": "MDVSA-2012:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"name": "USN-1611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
},
{
"name": "DSA-2569",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2569"
}
]
}
}

220
2012/4xxx/CVE-2012-4437.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4437", "ID": "CVE-2012-4437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120919 CVE Request Smarty / php-Smarty: XSS in Smarty exception messages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/09/19/1" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors that trigger a Smarty exception."
{ }
"name" : "[oss-security] 20120919 Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/09/20/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://code.google.com/p/smarty-php/source/detail?r=4658", ]
"refsource" : "CONFIRM", }
"url" : "http://code.google.com/p/smarty-php/source/detail?r=4658" ]
}, },
{ "references": {
"name" : "http://advisories.mageia.org/MGASA-2014-0468.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://advisories.mageia.org/MGASA-2014-0468.html" "name": "[oss-security] 20120919 CVE Request Smarty / php-Smarty: XSS in Smarty exception messages",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/09/19/1"
"name" : "FEDORA-2012-14578", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html" "name": "FEDORA-2012-14578",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088138.html"
"name" : "MDVSA-2014:221", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221" "name": "http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt",
}, "refsource": "CONFIRM",
{ "url": "http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt"
"name" : "JVN#63650108", },
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN63650108/index.html" "name": "http://advisories.mageia.org/MGASA-2014-0468.html",
}, "refsource": "CONFIRM",
{ "url": "http://advisories.mageia.org/MGASA-2014-0468.html"
"name" : "JVNDB-2012-000094", },
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000094.html" "name": "50589",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50589"
"name" : "55506", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55506" "name": "MDVSA-2014:221",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:221"
"name" : "50589", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50589" "name": "JVNDB-2012-000094",
} "refsource": "JVNDB",
] "url": "http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000094.html"
} },
} {
"name": "JVN#63650108",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN63650108/index.html"
},
{
"name": "[oss-security] 20120919 Re: CVE Request Smarty / php-Smarty: XSS in Smarty exception messages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/20/3"
},
{
"name": "55506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55506"
},
{
"name": "http://code.google.com/p/smarty-php/source/detail?r=4658",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/smarty-php/source/detail?r=4658"
}
]
}
}

190
2012/4xxx/CVE-2012-4457.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-4457", "ID": "CVE-2012-4457",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.launchpad.net/openstack/msg17035.html" "lang": "eng",
}, "value": "OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 does not properly handle authorization tokens for disabled tenants, which allows remote authenticated users to access the tenant's resources by requesting a token for the tenant."
{ }
"name" : "[oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/09/28/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=861180", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=861180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685" ]
}, },
{ "references": {
"name" : "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5" "name": "50665",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50665"
"name" : "55716", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55716" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=861180",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=861180"
"name" : "50665", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50665" "name": "[openstack] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)",
}, "refsource": "MLIST",
{ "url": "https://lists.launchpad.net/openstack/msg17035.html"
"name" : "keystone-xauth-token-sec-bypass(78947)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947" "name": "keystone-xauth-token-sec-bypass(78947)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78947"
} },
} {
"name": "[oss-security] 20120928 [OSSA 2012-016] Token authorization for a user in a disabled tenant is allowed (CVE-2012-4457)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/28/6"
},
{
"name": "55716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55716"
},
{
"name": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/5373601bbdda10f879c08af1698852142b75f8d5"
},
{
"name": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/4ebfdfaf23c6da8e3c182bf3ec2cb2b7132ef685"
}
]
}
}

34
2012/6xxx/CVE-2012-6012.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6012", "ID": "CVE-2012-6012",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6218.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6218", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6218",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6261.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6261", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6261",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

34
2017/2xxx/CVE-2017-2054.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-2054", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-2054",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
} }
] ]
} }
} }

158
2017/2xxx/CVE-2017-2340.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"ID" : "CVE-2017-2340", "ID": "CVE-2017-2340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured", "product_name": "Junos OS on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "15.1 releases from 15.1R3 to 15.1R4" "version_value": "15.1 releases from 15.1R3 to 15.1R4"
}, },
{ {
"version_value" : "16.1 prior to 16.1R3" "version_value": "16.1 prior to 16.1R3"
}, },
{ {
"version_value" : "16.2R1 and all subsequent releases have a resolution for this vulnerability" "version_value": "16.2R1 and all subsequent releases have a resolution for this vulnerability"
}, },
{ {
"version_value" : "All releases prior to 15.1R3 are not affected." "version_value": "All releases prior to 15.1R3 are not affected."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kb.juniper.net/JSA10786", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kb.juniper.net/JSA10786" "lang": "eng",
}, "value": "On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 prior to 16.1R3, on M/MX platforms where Enhanced Subscriber Management for DHCPv6 subscribers is configured, a vulnerability in processing IPv6 ND packets originating from subscribers and destined to M/MX series routers can result in a PFE (Packet Forwarding Engine) hang or crash."
{ }
"name" : "97607", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97607" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038254", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038254" "lang": "eng",
} "value": "denial of service vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10786",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10786"
},
{
"name": "1038254",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038254"
},
{
"name": "97607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97607"
}
]
}
}

130
2017/2xxx/CVE-2017-2781.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2017-2781", "ID": "CVE-2017-2781",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MatrixSSL", "product_name": "MatrixSSL",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.8.7b" "version_value": "3.8.7b"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Inside Secure" "vendor_name": "Inside Secure"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277" "lang": "eng",
}, "value": "An exploitable heap buffer overflow vulnerability exists in the X509 certificate parsing functionality of InsideSecure MatrixSSL 3.8.7b. A specially crafted x509 certificate can cause a buffer overflow on the heap resulting in remote code execution. To trigger this vulnerability, a specially crafted x509 certificate must be presented to the vulnerable client or server application when initiating secure connection."
{ }
"name" : "99249", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99249" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99249"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277"
}
]
}
}

34
2017/2xxx/CVE-2017-2796.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2796", "ID": "CVE-2017-2796",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/6xxx/CVE-2017-6017.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-6017", "ID": "CVE-2017-6017",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Schneider Electric Modicon M340 PLC", "product_name": "Schneider Electric Modicon M340 PLC",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Schneider Electric Modicon M340 PLC" "version_value": "Schneider Electric Modicon M340 PLC"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03" "lang": "eng",
}, "value": "A Resource Exhaustion issue was discovered in Schneider Electric Modicon M340 PLC BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP341000, BMXP342000, BMXP3420102, BMXP3420102CL, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, and BMXP342030H. A remote attacker could send a specially crafted set of packets to the PLC causing it to freeze, requiring the operator to physically press the reset button on the PLC in order to recover."
{ }
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96414", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96414" "lang": "eng",
} "value": "CWE-400"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2017-048-02/"
},
{
"name": "96414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96414"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-054-03"
}
]
}
}

34
2017/6xxx/CVE-2017-6218.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6218", "ID": "CVE-2017-6218",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2017/6xxx/CVE-2017-6501.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6501", "ID": "CVE-2017-6501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.debian.org/856881", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/856881" "lang": "eng",
}, "value": "An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf file could lead to a NULL pointer dereference."
{ }
"name" : "https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96589", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96589" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751"
},
{
"name": "96589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96589"
},
{
"name": "https://bugs.debian.org/856881",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/856881"
}
]
}
}

130
2018/11xxx/CVE-2018-11555.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11555", "ID": "CVE-2018-11555",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/mm2/Little-CMS/issues/167", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/mm2/Little-CMS/issues/167" "lang": "eng",
}, "value": "tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file."
{ }
"name" : "https://github.com/xiaoqx/pocs/tree/master/cms", ]
"refsource" : "MISC", },
"url" : "https://github.com/xiaoqx/pocs/tree/master/cms" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mm2/Little-CMS/issues/167",
"refsource": "MISC",
"url": "https://github.com/mm2/Little-CMS/issues/167"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/cms",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cms"
}
]
}
}

34
2018/11xxx/CVE-2018-11582.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11582", "ID": "CVE-2018-11582",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2018/14xxx/CVE-2018-14358.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14358", "ID": "CVE-2018-14358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html" "lang": "eng",
}, "value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field."
{ }
"name" : "http://www.mutt.org/news.html", ]
"refsource" : "MISC", },
"url" : "http://www.mutt.org/news.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870", ]
"refsource" : "MISC", }
"url" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870" ]
}, },
{ "references": {
"name" : "https://neomutt.org/2018/07/16/release", "reference_data": [
"refsource" : "MISC", {
"url" : "https://neomutt.org/2018/07/16/release" "name": "USN-3719-3",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3719-3/"
"name" : "DSA-4277", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4277" "name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870",
}, "refsource": "MISC",
{ "url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
"name" : "GLSA-201810-07", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201810-07" "name": "DSA-4277",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4277"
"name" : "USN-3719-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3719-1/" "name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
"name" : "USN-3719-3", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3719-3/" "name": "GLSA-201810-07",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201810-07"
} },
} {
"name": "http://www.mutt.org/news.html",
"refsource": "MISC",
"url": "http://www.mutt.org/news.html"
},
{
"name": "https://neomutt.org/2018/07/16/release",
"refsource": "MISC",
"url": "https://neomutt.org/2018/07/16/release"
},
{
"name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
},
{
"name": "USN-3719-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-1/"
}
]
}
}

34
2018/14xxx/CVE-2018-14919.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14919", "ID": "CVE-2018-14919",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15589.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15589", "ID": "CVE-2018-15589",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/15xxx/CVE-2018-15692.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15692", "ID": "CVE-2018-15692",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt" "lang": "eng",
} "value": "Inova Partner 5.0.5-RELEASE, Build 0510-0906 and earlier allows authenticated users authorization bypass and data manipulation in certain functions."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt",
"refsource": "MISC",
"url": "https://www.kpmg.de/noindex/advisories/KPMG-2018-002.txt"
}
]
}
}

196
2018/15xxx/CVE-2018-15762.json
View File

@ -1,100 +1,100 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@dell.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-10-29T07:00:00.000Z", "DATE_PUBLIC": "2018-10-29T07:00:00.000Z",
"ID" : "CVE-2018-15762", "ID": "CVE-2018-15762",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Pivotal Operations Manager gives all users heightened privileges" "TITLE": "Pivotal Operations Manager gives all users heightened privileges"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Pivotal Operations Manager", "product_name": "Pivotal Operations Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"version_name" : "2.0.x", "version_name": "2.0.x",
"version_value" : "2.0.24" "version_value": "2.0.24"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "2.1.x", "version_name": "2.1.x",
"version_value" : "2.1.15" "version_value": "2.1.15"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "2.2.x", "version_name": "2.2.x",
"version_value" : "2.2.7" "version_value": "2.2.7"
}, },
{ {
"affected" : "<", "affected": "<",
"version_name" : "2.3.x", "version_name": "2.3.x",
"version_value" : "2.3.1" "version_value": "2.3.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Pivotal Cloud Foundry" "vendor_name": "Pivotal Cloud Foundry"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 9,
"baseSeverity" : "CRITICAL",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pivotal.io/security/cve-2018-15762", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://pivotal.io/security/cve-2018-15762" "lang": "eng",
} "value": "Pivotal Operations Manager, versions 2.0.x prior to 2.0.24, versions 2.1.x prior to 2.1.15, versions 2.2.x prior to 2.2.7, and versions 2.3.x prior to 2.3.1, grants all users a scope which allows for privilege escalation. A remote malicious user who has been authenticated may create a new client with administrator privileges for Opsman."
] }
}, ]
"source" : { },
"discovery" : "UNKNOWN" "impact": {
} "cvss": {
} "attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15762",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15762"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

160
2018/15xxx/CVE-2018-15864.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15864", "ID": "CVE-2018-15864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2" "lang": "eng",
}, "value": "Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because a map access attempt can occur for a map that was never created."
{ }
"name" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html", ]
"refsource" : "MISC", },
"url" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201810-05", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201810-05" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-3786-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3786-1/" ]
}, },
{ "references": {
"name" : "USN-3786-2", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3786-2/" "name": "GLSA-201810-05",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201810-05"
} },
} {
"name": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html",
"refsource": "MISC",
"url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
},
{
"name": "https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2",
"refsource": "MISC",
"url": "https://github.com/xkbcommon/libxkbcommon/commit/a8ea7a1d3daa7bdcb877615ae0a252c189153bd2"
},
{
"name": "USN-3786-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3786-1/"
},
{
"name": "USN-3786-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3786-2/"
}
]
}
}

34
2018/20xxx/CVE-2018-20255.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20255", "ID": "CVE-2018-20255",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20405.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20405", "ID": "CVE-2018-20405",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/bigtreecms/BigTree-CMS/issues/354", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/bigtreecms/BigTree-CMS/issues/354" "lang": "eng",
} "value": "BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that triggers a syntax error."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bigtreecms/BigTree-CMS/issues/354",
"refsource": "MISC",
"url": "https://github.com/bigtreecms/BigTree-CMS/issues/354"
}
]
}
}

34
2018/20xxx/CVE-2018-20513.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20513", "ID": "CVE-2018-20513",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/20xxx/CVE-2018-20531.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20531", "ID": "CVE-2018-20531",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/20xxx/CVE-2018-20563.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20563", "ID": "CVE-2018-20563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss9", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss9" "lang": "eng",
} "value": "An issue was discovered in DouCo DouPHP 1.5 20181221. admin/mobile.php?rec=system&act=update has XSS via the mobile_name parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss9",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/CVEs/blob/master/DouPHP.md#xss9"
}
]
}
}

130
2018/9xxx/CVE-2018-9984.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-9984", "ID": "CVE-2018-9984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit Reader", "product_name": "Foxit Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.0.0.29935" "version_value": "9.0.0.29935"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-125-Out-of-bounds Read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-382", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-382" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of Texture Image Channels objects in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-5495."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-125-Out-of-bounds Read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-382",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-382"
}
]
}
}