admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:45:32 +00:00
parent 2c39c26555
commit fdd3d65088
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 3903 additions and 3903 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2002/0xxx/CVE-2002-0130.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0130", "ID": "CVE-2002-0130",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020116 Re: efax", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/bugtraq/2002/Jan/0212.html" "lang": "eng",
}, "value": "Buffer overflow in efax 0.9 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -x argument."
{ }
"name" : "20020117 Re: efax - Exploitation info", ]
"refsource" : "VULN-DEV", },
"url" : "http://marc.info/?l=vuln-dev&m=101133782204289&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3894", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/3894" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "efax-x-bo(7920)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/7920.php" ]
} },
] "references": {
} "reference_data": [
{
"name": "20020117 Re: efax - Exploitation info",
"refsource": "VULN-DEV",
"url": "http://marc.info/?l=vuln-dev&m=101133782204289&w=2"
},
{
"name": "20020116 Re: efax",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2002/Jan/0212.html"
},
{
"name": "efax-x-bo(7920)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7920.php"
},
{
"name": "3894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3894"
}
]
}
} }

138
2002/0xxx/CVE-2002-0315.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0315", "ID": "CVE-2002-0315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=101441689224760&w=2" "lang": "eng",
}, "value": "fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header."
{ }
"name" : "fasttrack-message-service-spoof(8272)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/8272.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4121", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4121" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20020222 Morpheus, Kazaa and Grokster Remote DoS. Also Identity faking vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101441689224760&w=2"
},
{
"name": "fasttrack-message-service-spoof(8272)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8272.php"
},
{
"name": "4121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4121"
}
]
}
} }

138
2002/0xxx/CVE-2002-0783.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-0783", "ID": "CVE-2002-0783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html" "lang": "eng",
}, "value": "Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL."
{ }
"name" : "opera-sameoriginpolicy-bypass(9096)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9096.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4745", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/4745" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "opera-sameoriginpolicy-bypass(9096)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9096.php"
},
{
"name": "20020515 Opera javascript protocoll vulnerability [Sandblad advisory #6]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0117.html"
},
{
"name": "4745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4745"
}
]
}
} }

168
2002/1xxx/CVE-2002-1069.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1069", "ID": "CVE-2002-1069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020822 Re: possible exploit: D-Link DI-804 unauthorized DHCP release", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103004834131542&w=2" "lang": "eng",
}, "value": "The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information."
{ }
"name" : "20020822 possible exploit: D-Link DI-804 unauthorized DHCP release from WAN", ]
"refsource" : "BUGTRAQ", },
"url" : "http://online.securityfocus.com/archive/1/288584" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dlink-admin-dhcp-release(9967)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9967.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "dlink-admin-device-information(9969)", ]
"refsource" : "XF", }
"url" : "http://www.iss.net/security_center/static/9969.php" ]
}, },
{ "references": {
"name" : "5544", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5544" "name": "dlink-admin-device-information(9969)",
}, "refsource": "XF",
{ "url": "http://www.iss.net/security_center/static/9969.php"
"name" : "5553", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5553" "name": "20020822 possible exploit: D-Link DI-804 unauthorized DHCP release from WAN",
} "refsource": "BUGTRAQ",
] "url": "http://online.securityfocus.com/archive/1/288584"
} },
{
"name": "dlink-admin-dhcp-release(9967)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9967.php"
},
{
"name": "5553",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5553"
},
{
"name": "20020822 Re: possible exploit: D-Link DI-804 unauthorized DHCP release",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103004834131542&w=2"
},
{
"name": "5544",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5544"
}
]
}
} }

168
2002/1xxx/CVE-2002-1113.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1113", "ID": "CVE-2002-1113",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020813 mantisbt security flaw", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=102927873301965&w=2" "lang": "eng",
}, "value": "summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code."
{ }
"name" : "20020819 [Mantis Advisory/2002-04] Arbitrary code execution", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=102978924821040&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-153", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-153" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5504", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5504" ]
}, },
{ "references": {
"name" : "mantis-include-remote-files(9829)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829" "name": "DSA-153",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-153"
"name" : "4858", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4858" "name": "5504",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/5504"
} },
{
"name": "mantis-include-remote-files(9829)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9829"
},
{
"name": "4858",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4858"
},
{
"name": "20020819 [Mantis Advisory/2002-04] Arbitrary code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102978924821040&w=2"
},
{
"name": "20020813 mantisbt security flaw",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102927873301965&w=2"
}
]
}
} }

218
2002/1xxx/CVE-2002-1232.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1232", "ID": "CVE-2002-1232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "CSSA-2002-054.0", "description_data": [
"refsource" : "CALDERA", {
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt" "lang": "eng",
}, "value": "Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist."
{ }
"name" : "CLA-2002:539", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-180", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2002/dsa-180" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBTL0210-074", ]
"refsource" : "HP", }
"url" : "http://online.securityfocus.com/advisories/4605" ]
}, },
{ "references": {
"name" : "MDKSA-2002:078", "reference_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php" "name": "HPSBTL0210-074",
}, "refsource": "HP",
{ "url": "http://online.securityfocus.com/advisories/4605"
"name" : "RHSA-2002:223", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-223.html" "name": "RHSA-2003:229",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2003-229.html"
"name" : "RHSA-2002:224", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2002-224.html" "name": "CSSA-2002-054.0",
}, "refsource": "CALDERA",
{ "url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt"
"name" : "RHSA-2003:229", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2003-229.html" "name": "DSA-180",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2002/dsa-180"
"name" : "20021028 GLSA: ypserv", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=103582692228894&w=2" "name": "RHSA-2002:224",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2002-224.html"
"name" : "6016", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6016" "name": "MDKSA-2002:078",
}, "refsource": "MANDRAKE",
{ "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php"
"name" : "ypserv-map-memory-leak(10423)", },
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10423.php" "name": "ypserv-map-memory-leak(10423)",
} "refsource": "XF",
] "url": "http://www.iss.net/security_center/static/10423.php"
} },
{
"name": "CLA-2002:539",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539"
},
{
"name": "RHSA-2002:223",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-223.html"
},
{
"name": "6016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6016"
},
{
"name": "20021028 GLSA: ypserv",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103582692228894&w=2"
}
]
}
} }

158
2002/1xxx/CVE-2002-1599.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1599", "ID": "CVE-2002-1599",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://dansguardian.org/?page=history", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://dansguardian.org/?page=history" "lang": "eng",
}, "value": "DansGuardian before 2.4.5-1 allows remote attackers to bypass content filtering rules via hex-encoded URLs."
{ }
"name" : "http://dansguardian.org/?page=knownbugs", ]
"refsource" : "CONFIRM", },
"url" : "http://dansguardian.org/?page=knownbugs" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#940203", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/940203" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "5291", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/5291" ]
}, },
{ "references": {
"name" : "dansguardian-url-bypass-filtering(9681)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9681" "name": "5291",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/5291"
} },
{
"name": "VU#940203",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/940203"
},
{
"name": "dansguardian-url-bypass-filtering(9681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9681"
},
{
"name": "http://dansguardian.org/?page=history",
"refsource": "CONFIRM",
"url": "http://dansguardian.org/?page=history"
},
{
"name": "http://dansguardian.org/?page=knownbugs",
"refsource": "CONFIRM",
"url": "http://dansguardian.org/?page=knownbugs"
}
]
}
} }

158
2002/2xxx/CVE-2002-2069.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2069", "ID": "CVE-2002-2069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/251565" "lang": "eng",
}, "value": "PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted."
{ }
"name" : "http://www.seifried.org/security/advisories/kssa-003.html", ]
"refsource" : "MISC", },
"url" : "http://www.seifried.org/security/advisories/kssa-003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "M-034", "description": [
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/m-034.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "3912", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/3912" ]
}, },
{ "references": {
"name" : "ntfs-ads-file-wipe(7953)", "reference_data": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7953.php" "name": "3912",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/3912"
} },
{
"name": "http://www.seifried.org/security/advisories/kssa-003.html",
"refsource": "MISC",
"url": "http://www.seifried.org/security/advisories/kssa-003.html"
},
{
"name": "ntfs-ads-file-wipe(7953)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7953.php"
},
{
"name": "M-034",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/m-034.shtml"
},
{
"name": "20020120 KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/251565"
}
]
}
} }

128
2002/2xxx/CVE-2002-2218.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2218", "ID": "CVE-2002-2218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14" "lang": "eng",
}, "value": "CRLF injection vulnerability in the setUserValue function in sipssys/code/site.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) before 20020209 has unknown impact, possibly gaining privileges or modifying critical configuration, via a CRLF sequence in a key value."
{ }
"name" : "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log", ]
"refsource" : "CONFIRM", },
"url" : "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14",
"refsource": "CONFIRM",
"url": "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?r1=1.13&r2=1.14"
},
{
"name": "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log",
"refsource": "CONFIRM",
"url": "http://sips.cvs.sourceforge.net/sips/sips/sipssys/code/site.inc.php?view=log"
}
]
}
} }

128
2003/0xxx/CVE-2003-0500.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0500", "ID": "CVE-2003-0500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html" "lang": "eng",
}, "value": "SQL injection vulnerability in the PostgreSQL authentication module (mod_sql_postgres) for ProFTPD before 1.2.9rc1 allows remote attackers to execute arbitrary SQL and gain privileges by bypassing authentication or stealing passwords via the USER name."
{ }
"name" : "DSA-338", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2003/dsa-338" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030618 SQL Inject in ProFTPD login against Postgresql using mod_sql",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/005826.html"
},
{
"name": "DSA-338",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-338"
}
]
}
} }

198
2003/0xxx/CVE-2003-0719.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0719", "ID": "CVE-2003-0719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040413 Microsoft SSL Library Remote Compromise Vulnerability", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/xforce/alerts/id/168" "lang": "eng",
}, "value": "Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets."
{ }
"name" : "MS04-011", ]
"refsource" : "MS", },
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/361836" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA04-104A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/cas/techalerts/TA04-104A.html" ]
}, },
{ "references": {
"name" : "VU#586540", "reference_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/586540" "name": "oval:org.mitre.oval:def:1093",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093"
"name" : "oval:org.mitre.oval:def:1093", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1093" "name": "20040430 A technical description of the SSL PCT vulnerability (CVE-2003-0719)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/361836"
"name" : "oval:org.mitre.oval:def:889", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889" "name": "MS04-011",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011"
"name" : "oval:org.mitre.oval:def:903", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903" "name": "VU#586540",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/586540"
"name" : "oval:org.mitre.oval:def:951", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951" "name": "TA04-104A",
} "refsource": "CERT",
] "url": "http://www.us-cert.gov/cas/techalerts/TA04-104A.html"
} },
{
"name": "20040413 Microsoft SSL Library Remote Compromise Vulnerability",
"refsource": "ISS",
"url": "http://xforce.iss.net/xforce/alerts/id/168"
},
{
"name": "oval:org.mitre.oval:def:889",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A889"
},
{
"name": "oval:org.mitre.oval:def:903",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A903"
},
{
"name": "oval:org.mitre.oval:def:951",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A951"
}
]
}
} }

118
2003/0xxx/CVE-2003-0863.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0863", "ID": "CVE-2003-0863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030716 PHP safe mode broken?", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105839111204227" "lang": "eng",
} "value": "The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote attackers to exploit file include vulnerabilities in PHP applications."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030716 PHP safe mode broken?",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105839111204227"
}
]
}
} }

228
2009/1xxx/CVE-2009-1696.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1696", "ID": "CVE-2009-1696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3613", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3613" "lang": "eng",
}, "value": "WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session."
{ }
"name" : "http://support.apple.com/kb/HT3639", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3639" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2009-06-08-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2009-06-17-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" ]
}, },
{ "references": {
"name" : "SUSE-SR:2011:002", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "http://support.apple.com/kb/HT3639",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3639"
"name" : "35260", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35260" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "55027", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55027" "name": "55027",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/55027"
"name" : "35379", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35379" "name": "ADV-2009-1621",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1621"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "ADV-2009-1522", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1522" "name": "APPLE-SA-2009-06-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
"name" : "ADV-2009-1621", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1621" "name": "35260",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35260"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "ADV-2009-1522",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/1522"
} },
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
} }

178
2009/5xxx/CVE-2009-5135.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2009-5135", "ID": "CVE-2009-5135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090310 SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/501637/100/0/threaded" "lang": "eng",
}, "value": "The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows remote attackers to read arbitrary files via a request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."
{ }
"name" : "8191", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/8191/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt", "description": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://echo.nextapp.com/site/node/5742", ]
"refsource" : "CONFIRM", }
"url" : "http://echo.nextapp.com/site/node/5742" ]
}, },
{ "references": {
"name" : "34218", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34218" "name": "34218",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34218"
"name" : "ADV-2009-0653", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0653" "name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt",
}, "refsource": "MISC",
{ "url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20090305-0_echo_nextapp_xml_injection.txt"
"name" : "echo2-xml-information-disclosure(49167)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49167" "name": "echo2-xml-information-disclosure(49167)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49167"
} },
{
"name": "20090310 SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501637/100/0/threaded"
},
{
"name": "http://echo.nextapp.com/site/node/5742",
"refsource": "CONFIRM",
"url": "http://echo.nextapp.com/site/node/5742"
},
{
"name": "8191",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8191/"
},
{
"name": "ADV-2009-0653",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0653"
}
]
}
} }

138
2012/0xxx/CVE-2012-0015.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-0015", "ID": "CVE-2012-0015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework Heap Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-016", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016" "lang": "eng",
}, "value": "Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \".NET Framework Heap Corruption Vulnerability.\""
{ }
"name" : "TA12-045A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-045A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14513", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14513" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-045A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-045A.html"
},
{
"name": "MS12-016",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-016"
},
{
"name": "oval:org.mitre.oval:def:14513",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14513"
}
]
}
} }

178
2012/0xxx/CVE-2012-0069.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0069", "ID": "CVE-2012-0069",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/01/18/9" "lang": "eng",
}, "value": "SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows remote attackers to execute arbitrary SQL commands via the boxToReload parameter."
{ }
"name" : "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/01/20/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://voxel.dl.sourceforge.net/project/batavi/README.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://voxel.dl.sourceforge.net/project/batavi/README.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51547", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/51547" ]
}, },
{ "references": {
"name" : "78362", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/78362" "name": "78362",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/78362"
"name" : "47582", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/47582" "name": "51547",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/51547"
"name" : "batavi-ajax-sql-injection(72449)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449" "name": "batavi-ajax-sql-injection(72449)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72449"
} },
{
"name": "[oss-security] 20120119 Re: CVE request - Batavi 1.2.1 Fixes Blind SQL Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/20/6"
},
{
"name": "[oss-security] 20120118 CVE request - Batavi 1.2.1 Fixes Blind SQL Injection vulnerability in boxToReload parameter of ajax.php",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/01/18/9"
},
{
"name": "47582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47582"
},
{
"name": "http://voxel.dl.sourceforge.net/project/batavi/README.txt",
"refsource": "CONFIRM",
"url": "http://voxel.dl.sourceforge.net/project/batavi/README.txt"
}
]
}
} }

158
2012/0xxx/CVE-2012-0545.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0545", "ID": "CVE-2012-0545",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0546 and CVE-2012-0567."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0546 and CVE-2012-0567."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53122", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53122" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1026953", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1026953" ]
}, },
{ "references": {
"name" : "48831", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48831" "name": "1026953",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1026953"
} },
{
"name": "53122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53122"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "48831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48831"
}
]
}
} }

198
2012/0xxx/CVE-2012-0864.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-0864", "ID": "CVE-2012-0864",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets", "description_data": [
"refsource" : "MLIST", {
"url" : "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html" "lang": "eng",
}, "value": "Integer overflow in the vfprintf function in stdio-common/vfprintf.c in glibc 2.14 and other versions allows context-dependent attackers to bypass the FORTIFY_SOURCE protection mechanism, conduct format string attacks, and write to arbitrary memory via a large number of arguments."
{ }
"name" : "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e", ]
"refsource" : "MISC", },
"url" : "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.phrack.org/issues.html?issue=67&id=9#article", "description": [
"refsource" : "MISC", {
"url" : "http://www.phrack.org/issues.html?issue=67&id=9#article" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=794766", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=794766" ]
}, },
{ "references": {
"name" : "RHSA-2012:0393", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0393.html" "name": "RHSA-2012:0531",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
"name" : "RHSA-2012:0397", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0397.html" "name": "52201",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/52201"
"name" : "RHSA-2012:0488", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0488.html" "name": "RHSA-2012:0393",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0393.html"
"name" : "RHSA-2012:0531", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0531.html" "name": "RHSA-2012:0397",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-0397.html"
"name" : "52201", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52201" "name": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e",
} "refsource": "MISC",
] "url": "http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=7c1f4834d398163d1ac8101e35e9c36fc3176e6e"
} },
{
"name": "RHSA-2012:0488",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
},
{
"name": "[libc-alpha] 20120202 [PATCH] vfprintf: validate nargs and positional offsets",
"refsource": "MLIST",
"url": "http://sourceware.org/ml/libc-alpha/2012-02/msg00023.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=794766",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=794766"
},
{
"name": "http://www.phrack.org/issues.html?issue=67&id=9#article",
"refsource": "MISC",
"url": "http://www.phrack.org/issues.html?issue=67&id=9#article"
}
]
}
} }

138
2012/0xxx/CVE-2012-0899.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-0899", "ID": "CVE-2012-0899",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/108719/annuaire-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/108719/annuaire-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter."
{ }
"name" : "51434", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51434" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "annuaire-sitesinscription-xss(72407)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72407" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/view/108719/annuaire-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108719/annuaire-xss.txt"
},
{
"name": "annuaire-sitesinscription-xss(72407)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72407"
},
{
"name": "51434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51434"
}
]
}
} }

138
2012/1xxx/CVE-2012-1852.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1852", "ID": "CVE-2012-1852",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka \"Remote Administration Protocol Heap Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-054", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted RAP response packets, aka \"Remote Administration Protocol Heap Overflow Vulnerability.\""
{ }
"name" : "TA12-227A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-227A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:15079", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15079" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15079",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15079"
},
{
"name": "TA12-227A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-227A.html"
},
{
"name": "MS12-054",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-054"
}
]
}
} }

128
2012/1xxx/CVE-2012-1862.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1862", "ID": "CVE-2012-1862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka \"SharePoint URL Redirection Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-050", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050" "lang": "eng",
}, "value": "Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka \"SharePoint URL Redirection Vulnerability.\""
{ }
"name" : "oval:org.mitre.oval:def:15657", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15657" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS12-050",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-050"
},
{
"name": "oval:org.mitre.oval:def:15657",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15657"
}
]
}
} }

138
2012/1xxx/CVE-2012-1880.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1880", "ID": "CVE-2012-1880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"insertRow Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka \"insertRow Remote Code Execution Vulnerability.\""
{ }
"name" : "TA12-164A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-164A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:14975", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "TA12-164A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-164A.html"
},
{
"name": "MS12-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name": "oval:org.mitre.oval:def:14975",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14975"
}
]
}
} }

148
2012/1xxx/CVE-2012-1969.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1969", "ID": "CVE-2012-1969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.6.9/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.6.9/" "lang": "eng",
}, "value": "The get_attachment_link function in Template.pm in Bugzilla 2.x and 3.x before 3.6.10, 3.7.x and 4.0.x before 4.0.7, 4.1.x and 4.2.x before 4.2.2, and 4.3.x before 4.3.2 does not check whether an attachment is private before presenting the attachment description within a public comment, which allows remote attackers to obtain sensitive description information by reading a comment."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=777586", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=777586" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:066", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50040", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/50040" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.bugzilla.org/security/3.6.9/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.6.9/"
},
{
"name": "MDVSA-2013:066",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:066"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=777586",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=777586"
},
{
"name": "50040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50040"
}
]
}
} }

168
2012/3xxx/CVE-2012-3380.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-3380", "ID": "CVE-2012-3380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/07/05/1" "lang": "eng",
}, "value": "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors."
{ }
"name" : "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/07/06/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://code.google.com/p/naxsi/source/detail?r=307", "description": [
"refsource" : "MISC", {
"url" : "http://code.google.com/p/naxsi/source/detail?r=307" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://code.google.com/p/naxsi/", ]
"refsource" : "CONFIRM", }
"url" : "http://code.google.com/p/naxsi/" ]
}, },
{ "references": {
"name" : "83617", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/83617" "name": "[oss-security] 20120705 Three CVE requests: at-spi2-atk, as31, naxsi",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1"
"name" : "49811", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49811" "name": "http://code.google.com/p/naxsi/",
} "refsource": "CONFIRM",
] "url": "http://code.google.com/p/naxsi/"
} },
{
"name": "http://code.google.com/p/naxsi/source/detail?r=307",
"refsource": "MISC",
"url": "http://code.google.com/p/naxsi/source/detail?r=307"
},
{
"name": "49811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49811"
},
{
"name": "[oss-security] 20120706 Re: Three CVE requests: at-spi2-atk, as31, naxsi",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/06/3"
},
{
"name": "83617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83617"
}
]
}
} }

32
2012/3xxx/CVE-2012-3490.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3490", "ID": "CVE-2012-3490",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2012/3xxx/CVE-2012-3718.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2012-3718", "ID": "CVE-2012-3718",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5501", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5501" "lang": "eng",
}, "value": "Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that intercepts keystrokes."
{ }
"name" : "APPLE-SA-2012-09-19-2", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "85647", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85647" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5501",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5501"
},
{
"name": "85647",
"refsource": "OSVDB",
"url": "http://osvdb.org/85647"
}
]
}
} }

148
2012/3xxx/CVE-2012-3938.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2012-3938", "ID": "CVE-2012-3938",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex" "lang": "eng",
}, "value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz73583."
{ }
"name" : "55866", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/55866" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "86143", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86143" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027639", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027639" ]
} },
] "references": {
} "reference_data": [
{
"name": "86143",
"refsource": "OSVDB",
"url": "http://osvdb.org/86143"
},
{
"name": "1027639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027639"
},
{
"name": "55866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55866"
},
{
"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"
}
]
}
} }

298
2012/4xxx/CVE-2012-4210.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4210", "ID": "CVE-2012-4210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-104.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-104.html" "lang": "eng",
}, "value": "The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR 10.x before 10.0.11 does not properly restrict the context of HTML markup and Cascading Style Sheets (CSS) token sequences, which allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted stylesheet."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=796866", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=796866" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.palemoon.org/releasenotes-ng.shtml", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.palemoon.org/releasenotes-ng.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2012:173", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173" ]
}, },
{ "references": {
"name" : "RHSA-2012:1482", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1482.html" "name": "USN-1638-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-3"
"name" : "openSUSE-SU-2012:1583", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" "name": "USN-1638-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-2"
"name" : "openSUSE-SU-2012:1586", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" "name": "firefox-style-inspector-priv-esc(80182)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80182"
"name" : "SUSE-SU-2012:1592", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" "name": "openSUSE-SU-2012:1586",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
"name" : "openSUSE-SU-2013:0175", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" "name": "openSUSE-SU-2013:0175",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
"name" : "USN-1638-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-1" "name": "56646",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56646"
"name" : "USN-1638-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-3" "name": "http://www.palemoon.org/releasenotes-ng.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.palemoon.org/releasenotes-ng.shtml"
"name" : "USN-1638-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-2" "name": "RHSA-2012:1482",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1482.html"
"name" : "56646", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56646" "name": "51434",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51434"
"name" : "oval:org.mitre.oval:def:16833", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833" "name": "openSUSE-SU-2012:1583",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
"name" : "51359", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51359" "name": "51439",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51439"
"name" : "51369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51369" "name": "oval:org.mitre.oval:def:16833",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16833"
"name" : "51434", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51434" "name": "USN-1638-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-1"
"name" : "51439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51439" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-104.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-104.html"
"name" : "firefox-style-inspector-priv-esc(80182)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80182" "name": "SUSE-SU-2012:1592",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
} },
{
"name": "51359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51359"
},
{
"name": "MDVSA-2012:173",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:173"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=796866",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=796866"
}
]
}
} }

32
2012/4xxx/CVE-2012-4239.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4239", "ID": "CVE-2012-4239",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2012/4xxx/CVE-2012-4255.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4255", "ID": "CVE-2012-4255",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html" "lang": "eng",
}, "value": "MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message."
{ }
"name" : "53306", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/53306" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "81616", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81616" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html"
},
{
"name": "53306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53306"
},
{
"name": "81616",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81616"
}
]
}
} }

118
2012/4xxx/CVE-2012-4730.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4730", "ID": "CVE-2012-4730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20121025 Security vulnerabilities in RT", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html" "lang": "eng",
} "value": "Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attacks or obtain sensitive information via unknown vectors."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[rt-announce] 20121025 Security vulnerabilities in RT",
"refsource": "MLIST",
"url": "http://lists.bestpractical.com/pipermail/rt-announce/2012-October/000212.html"
}
]
}
} }

32
2012/4xxx/CVE-2012-4810.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-4810", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-4810",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

32
2012/4xxx/CVE-2012-4827.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-4827", "ID": "CVE-2012-4827",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/2xxx/CVE-2017-2128.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2128", "ID": "CVE-2017-2128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Security guide for website operators", "product_name": "Security guide for website operators",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)" "vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#11448789", "description_data": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN11448789/index.html" "lang": "eng",
}, "value": "Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data."
{ }
"name" : "96923", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96923" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96923"
},
{
"name": "JVN#11448789",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN11448789/index.html"
}
]
}
} }

138
2017/2xxx/CVE-2017-2193.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2193", "ID": "CVE-2017-2193",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "The installer of Tera Term", "product_name": "The installer of Tera Term",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "4.94 and earlier" "version_value": "4.94 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "TeraTerm Project" "vendor_name": "TeraTerm Project"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ttssh2.osdn.jp/SA/JVN06770361.html.en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://ttssh2.osdn.jp/SA/JVN06770361.html.en" "lang": "eng",
}, "value": "Untrusted search path vulnerability in the installer of Tera Term 4.94 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
{ }
"name" : "JVN#06770361", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN06770361/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98807", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/98807" "lang": "eng",
} "value": "Untrusted search path vulnerability"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "98807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98807"
},
{
"name": "JVN#06770361",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN06770361/index.html"
},
{
"name": "https://ttssh2.osdn.jp/SA/JVN06770361.html.en",
"refsource": "CONFIRM",
"url": "https://ttssh2.osdn.jp/SA/JVN06770361.html.en"
}
]
}
} }

118
2017/2xxx/CVE-2017-2287.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2287", "ID": "CVE-2017-2287",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NFC Port Software remover", "product_name": "NFC Port Software remover",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Ver.1.3.0.1 and earlier" "version_value": "Ver.1.3.0.1 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sony Corporation" "vendor_name": "Sony Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#33797604", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN33797604/index.html" "lang": "eng",
} "value": "Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#33797604",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN33797604/index.html"
}
]
}
} }

32
2017/2xxx/CVE-2017-2588.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-2588", "ID": "CVE-2017-2588",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/2xxx/CVE-2017-2867.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-04T00:00:00", "DATE_PUBLIC": "2018-04-04T00:00:00",
"ID" : "CVE-2017-2867", "ID": "CVE-2017-2867",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Natus", "product_name": "Natus",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Natus Xltek NeuroWorks 8" "version_value": "Natus Xltek NeuroWorks 8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Natus Medical Incorporated" "vendor_name": "Natus Medical Incorporated"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373" "lang": "eng",
}, "value": "An exploitable code execution vulnerability exists in the SavePatientMontage functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause a stack buffer overflow resulting in code execution. An attacker can a malicious packet to trigger this vulnerability."
{ }
"name" : "104490", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104490" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0373"
},
{
"name": "104490",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104490"
}
]
}
} }

144
2017/3xxx/CVE-2017-3267.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3267", "ID": "CVE-2017-3267",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.5.2" "version_value": "8.5.2"
}, },
{ {
"version_value" : "8.5.3" "version_value": "8.5.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 7.5 (Availability impacts)."
{ }
"name" : "95513", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95513" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037631", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037631" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "95513",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95513"
},
{
"name": "1037631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037631"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

128
2017/6xxx/CVE-2017-6367.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6367", "ID": "CVE-2017-6367",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41596", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41596/" "lang": "eng",
}, "value": "In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the Windows service to crash. The attack methodology involves a long Host header and an invalid Content-Length header."
{ }
"name" : "96887", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96887" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96887"
},
{
"name": "41596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41596/"
}
]
}
} }

128
2017/6xxx/CVE-2017-6696.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2017-6696", "ID": "CVE-2017-6696",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Elastic Services Controller", "product_name": "Cisco Elastic Services Controller",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Elastic Services Controller" "version_value": "Cisco Elastic Services Controller"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8" "lang": "eng",
}, "value": "A vulnerability in the file system of Cisco Elastic Services Controllers could allow an authenticated, local attacker to gain access to sensitive user credentials that are stored in an affected system. More Information: CSCvd73677. Known Affected Releases: 2.3(2)."
{ }
"name" : "98952", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98952" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Information Disclosure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-esc8"
},
{
"name": "98952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98952"
}
]
}
} }

138
2017/6xxx/CVE-2017-6877.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-6877", "ID": "CVE-2017-6877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://framagit.org/luc/lutim/commit/4c0df8f8b10122339b908dcd9b1117348b49dcab", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://framagit.org/luc/lutim/commit/4c0df8f8b10122339b908dcd9b1117348b49dcab" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim 0.7.1 and earlier allows remote attackers to inject arbitrary web script."
{ }
"name" : "https://framagit.org/luc/lutim/issues/38", ]
"refsource" : "CONFIRM", },
"url" : "https://framagit.org/luc/lutim/issues/38" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96855", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96855" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://framagit.org/luc/lutim/issues/38",
"refsource": "CONFIRM",
"url": "https://framagit.org/luc/lutim/issues/38"
},
{
"name": "https://framagit.org/luc/lutim/commit/4c0df8f8b10122339b908dcd9b1117348b49dcab",
"refsource": "CONFIRM",
"url": "https://framagit.org/luc/lutim/commit/4c0df8f8b10122339b908dcd9b1117348b49dcab"
},
{
"name": "96855",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96855"
}
]
}
} }

138
2017/7xxx/CVE-2017-7014.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7014", "ID": "CVE-2017-7014",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT207922", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT207922" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the \"Intel Graphics Driver\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
{ }
"name" : "99882", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99882" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038951", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038951" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1038951",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038951"
},
{
"name": "99882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99882"
},
{
"name": "https://support.apple.com/HT207922",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207922"
}
]
}
} }

208
2017/7xxx/CVE-2017-7269.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7269", "ID": "CVE-2017-7269",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with \"If: <http://\" in a PROPFIND request, as exploited in the wild in July or August 2016."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "41738", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/41738/" "lang": "eng",
}, "value": "Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with \"If: <http://\" in a PROPFIND request, as exploited in the wild in July or August 2016."
{ }
"name" : "41992", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/41992/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html", "description": [
"refsource" : "MISC", {
"url" : "https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/danigargu/explodingcan", ]
"refsource" : "MISC", }
"url" : "https://github.com/danigargu/explodingcan" ]
}, },
{ "references": {
"name" : "https://github.com/edwardz246003/IIS_exploit", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/edwardz246003/IIS_exploit" "name": "41992",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/41992/"
"name" : "https://github.com/rapid7/metasploit-framework/pull/8162", },
"refsource" : "MISC", {
"url" : "https://github.com/rapid7/metasploit-framework/pull/8162" "name": "97127",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/97127"
"name" : "https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812", },
"refsource" : "MISC", {
"url" : "https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812" "name": "https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812",
}, "refsource": "MISC",
{ "url": "https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812"
"name" : "https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server", },
"refsource" : "CONFIRM", {
"url" : "https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server" "name": "https://github.com/rapid7/metasploit-framework/pull/8162",
}, "refsource": "MISC",
{ "url": "https://github.com/rapid7/metasploit-framework/pull/8162"
"name" : "97127", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/97127" "name": "https://github.com/danigargu/explodingcan",
}, "refsource": "MISC",
{ "url": "https://github.com/danigargu/explodingcan"
"name" : "1038168", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038168" "name": "1038168",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1038168"
} },
{
"name": "41738",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41738/"
},
{
"name": "https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server",
"refsource": "CONFIRM",
"url": "https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server"
},
{
"name": "https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html"
},
{
"name": "https://github.com/edwardz246003/IIS_exploit",
"refsource": "MISC",
"url": "https://github.com/edwardz246003/IIS_exploit"
}
]
}
} }

120
2017/7xxx/CVE-2017-7423.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2017-08-19T00:00:00", "DATE_PUBLIC": "2017-08-19T00:00:00",
"ID" : "CVE-2017-7423", "ID": "CVE-2017-7423",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Micro Focus Enterprise Developer, Micro Focus Enterprise Server", "product_name": "Micro Focus Enterprise Developer, Micro Focus Enterprise Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9" "version_value": "2.3 before 2.3 Update 1, 2.3 Update 1 before Hotfix 8, 2.3 Update 2 before Hotfix 9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Micro Focus" "vendor_name": "Micro Focus"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Request Forgery (CWE-352)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017", "description_data": [
"refsource" : "MISC", {
"url" : "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017" "lang": "eng",
} "value": "A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allows remote unauthenticated attackers to forge requests, if this component is configured. This includes creating new privileged credentials, resulting in privilege elevation (CWE-275). Note esfadmingui is not enabled by default."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Request Forgery (CWE-352)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017",
"refsource": "MISC",
"url": "https://community.microfocus.com/microfocus/mainframe_solutions/enterprise_server/w/knowledge_base/29131/enterprise-server-security-fixes-july-2017"
}
]
}
} }

170
2017/7xxx/CVE-2017-7762.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2017-7762", "ID": "CVE-2017-7762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "54" "version_value": "54"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Addressbar spoofing in Reader mode"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1358248", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1358248" "lang": "eng",
}, "value": "When entered directly, Reader Mode did not strip the username and password section of URLs displayed in the addressbar. This can be used for spoofing the domain of the current page. This vulnerability affects Firefox < 54."
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2017-15/", ]
"refsource" : "CONFIRM", },
"url" : "https://www.mozilla.org/security/advisories/mfsa2017-15/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:2112", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2112" "lang": "eng",
}, "value": "Addressbar spoofing in Reader mode"
{ }
"name" : "RHSA-2018:2113", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:2113" ]
}, },
{ "references": {
"name" : "99047", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99047" "name": "RHSA-2018:2112",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2112"
"name" : "1038689", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038689" "name": "https://www.mozilla.org/security/advisories/mfsa2017-15/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2017-15/"
} },
{
"name": "1038689",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038689"
},
{
"name": "RHSA-2018:2113",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2113"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358248",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1358248"
},
{
"name": "99047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99047"
}
]
}
} }

32
2018/10xxx/CVE-2018-10200.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10200", "ID": "CVE-2018-10200",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/10xxx/CVE-2018-10439.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10439", "ID": "CVE-2018-10439",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/10xxx/CVE-2018-10588.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10588", "ID": "CVE-2018-10588",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/10xxx/CVE-2018-10713.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10713", "ID": "CVE-2018-10713",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/kgsdy/D-Link-DSL-3782-EU", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/kgsdy/D-Link-DSL-3782-EU" "lang": "eng",
} "value": "An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'read' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'read <node_name>' function and cause memory corruption. Furthermore, it is possible to redirect the flow of the program and execute arbitrary code."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kgsdy/D-Link-DSL-3782-EU",
"refsource": "MISC",
"url": "https://github.com/kgsdy/D-Link-DSL-3782-EU"
}
]
}
} }

32
2018/10xxx/CVE-2018-10865.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10865", "ID": "CVE-2018-10865",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/14xxx/CVE-2018-14078.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14078", "ID": "CVE-2018-14078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the \"admin\" username with password \"admin\" after a successful attack)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://vulncode.com/advisory/CVE-2018-14078", "description_data": [
"refsource" : "MISC", {
"url" : "https://vulncode.com/advisory/CVE-2018-14078" "lang": "eng",
} "value": "Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the \"admin\" username with password \"admin\" after a successful attack)."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vulncode.com/advisory/CVE-2018-14078",
"refsource": "MISC",
"url": "https://vulncode.com/advisory/CVE-2018-14078"
}
]
}
} }

32
2018/14xxx/CVE-2018-14195.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14195", "ID": "CVE-2018-14195",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14488.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14488", "ID": "CVE-2018-14488",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14495.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14495", "ID": "CVE-2018-14495",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/14xxx/CVE-2018-14714.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-14714", "ID": "CVE-2018-14714",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/14xxx/CVE-2018-14748.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@qnapsecurity.com.tw", "ASSIGNER": "security@qnap.com",
"ID" : "CVE-2018-14748", "ID": "CVE-2018-14748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QNAP QTS", "product_name": "QNAP QTS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions" "version_value": "QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QNAP" "vendor_name": "QNAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22" "lang": "eng",
} "value": "Improper Authorization vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to power off the NAS."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201811-22"
}
]
}
} }

118
2018/20xxx/CVE-2018-20325.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20325", "ID": "CVE-2018-20325",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/danijar/definitions/issues/14", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/danijar/definitions/issues/14" "lang": "eng",
} "value": "There is a vulnerability in load() method in definitions/parser.py in the Danijar Hafner definitions package for Python. It can execute arbitrary python commands resulting in command execution."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/danijar/definitions/issues/14",
"refsource": "MISC",
"url": "https://github.com/danijar/definitions/issues/14"
}
]
}
} }

118
2018/20xxx/CVE-2018-20588.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20588", "ID": "CVE-2018-20588",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/caryll/otfcc/issues/59", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/caryll/otfcc/issues/59" "lang": "eng",
} "value": "lib/support/unicodeconv/unicodeconv.c in libotfcc.a in otfcc v0.10.3-alpha has a buffer over-read."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/caryll/otfcc/issues/59",
"refsource": "MISC",
"url": "https://github.com/caryll/otfcc/issues/59"
}
]
}
} }

118
2018/20xxx/CVE-2018-20616.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-20616", "ID": "CVE-2018-20616",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/brackeen/ok-file-formats/issues/4", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/brackeen/ok-file-formats/issues/4" "lang": "eng",
} "value": "ok-file-formats through 2018-10-16 has a heap-based buffer overflow in the ok_wav_decode_ms_adpcm_data function in ok_wav.c."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/brackeen/ok-file-formats/issues/4",
"refsource": "MISC",
"url": "https://github.com/brackeen/ok-file-formats/issues/4"
}
]
}
} }

32
2018/9xxx/CVE-2018-9376.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9376", "ID": "CVE-2018-9376",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/9xxx/CVE-2018-9547.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9547", "ID": "CVE-2018-9547",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-8.1 Android-9" "version_value": "Android-8.1 Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-12-01" "lang": "eng",
}, "value": "In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. Android ID: A-114223584."
{ }
"name" : "106067", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106067" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106067"
},
{
"name": "https://source.android.com/security/bulletin/2018-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-12-01"
}
]
}
} }

32
2018/9xxx/CVE-2018-9735.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9735", "ID": "CVE-2018-9735",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9909.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9909", "ID": "CVE-2018-9909",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }