admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:31:43 +00:00
parent 0a533c2e98
commit ff666f9028
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4306 additions and 4306 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
2002/1xxx/CVE-2002-1045.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1045", "ID": "CVE-2002-1045",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020711 Popcorn vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html" "lang": "eng",
}, "value": "Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Date field that is converted into a year greater than 2037."
{ }
"name" : "popcorn-mail-dos(9547)", ]
"refsource" : "XF", },
"url" : "http://www.iss.net/security_center/static/9547.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "5212", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/5212" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "popcorn-mail-dos(9547)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9547.php"
},
{
"name": "20020711 Popcorn vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-07/0117.html"
},
{
"name": "5212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5212"
}
]
}
} }

138
2002/1xxx/CVE-2002-1766.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1766", "ID": "CVE-2002-1766",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020613 Microsoft FrontPage vs Composer Netscape...", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/276876" "lang": "eng",
}, "value": "Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute."
{ }
"name" : "5010", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5010" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "netscape-composer-font-bo(9355)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/9355" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20020613 Microsoft FrontPage vs Composer Netscape...",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276876"
},
{
"name": "5010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5010"
},
{
"name": "netscape-composer-font-bo(9355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/9355"
}
]
}
} }

138
2002/1xxx/CVE-2002-1890.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-1890", "ID": "CVE-2002-1890",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020611 RHmask", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/276317" "lang": "eng",
}, "value": "rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file."
{ }
"name" : "4984", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/4984" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "rhmask-mask-file-symlink(9335)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/9335.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "rhmask-mask-file-symlink(9335)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9335.php"
},
{
"name": "20020611 RHmask",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276317"
},
{
"name": "4984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4984"
}
]
}
} }

228
2003/0xxx/CVE-2003-0179.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0179", "ID": "CVE-2003-0179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104550124032513&w=2" "lang": "eng",
}, "value": "Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control."
{ }
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", ]
"refsource" : "NTBUGTRAQ", },
"url" : "http://marc.info/?l=ntbugtraq&m=104558778131373&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)", "description": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt", ]
"refsource" : "MISC", }
"url" : "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt" ]
}, },
{ "references": {
"name" : "20030217 Domino Advisories UPDATE", "reference_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=104550335103136&w=2" "name": "20030217 Domino Advisories UPDATE",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=104550335103136&w=2"
"name" : "20030217 Domino Advisories UPDATE", },
"refsource" : "NTBUGTRAQ", {
"url" : "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2" "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21104543",
}, "refsource": "CONFIRM",
{ "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21104543"
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543", },
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21104543" "name": "CA-2003-11",
}, "refsource": "CERT",
{ "url": "http://www.cert.org/advisories/CA-2003-11.html"
"name" : "CA-2003-11", },
"refsource" : "CERT", {
"url" : "http://www.cert.org/advisories/CA-2003-11.html" "name": "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
}, "refsource": "NTBUGTRAQ",
{ "url": "http://marc.info/?l=ntbugtraq&m=104558778131373&w=2"
"name" : "VU#571297", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/571297" "name": "6872",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/6872"
"name" : "N-065", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/n-065.shtml" "name": "VU#571297",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/571297"
"name" : "6872", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6872" "name": "20030217 Domino Advisories UPDATE",
}, "refsource": "NTBUGTRAQ",
{ "url": "http://marc.info/?l=ntbugtraq&m=104558778331387&w=2"
"name" : "lotus-notes-activex-bo(11339)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/11339" "name": "N-065",
} "refsource": "CIAC",
] "url": "http://www.ciac.org/ciac/bulletins/n-065.shtml"
} },
{
"name": "lotus-notes-activex-bo(11339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11339"
},
{
"name": "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0082.html"
},
{
"name": "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/lotus-inotesclientaxbo.txt"
},
{
"name": "20030217 Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=104550124032513&w=2"
}
]
}
} }

118
2003/0xxx/CVE-2003-0482.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0482", "ID": "CVE-2003-0482",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20030623 [KSA-001] Multiple vulnerabilities in Tutos", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=105638743109781&w=2" "lang": "eng",
} "value": "TUTOS 1.1 allows remote attackers to execute arbitrary code by uploading the code using file_new.php, then directly accessing the uploaded code via a request to the repository containing the code."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030623 [KSA-001] Multiple vulnerabilities in Tutos",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105638743109781&w=2"
}
]
}
} }

158
2003/0xxx/CVE-2003-0541.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0541", "ID": "CVE-2003-0541",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-710", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-710" "lang": "eng",
}, "value": "gtkhtml before 1.1.10, as used in Evolution, allows remote attackers to cause a denial of service (crash) via a malformed message that causes a null pointer dereference."
{ }
"name" : "RHSA-2003:264", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2003-264.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLA-2003:737", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDKSA-2003:093", ]
"refsource" : "MANDRAKE", }
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2003:093" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:148", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148" "name": "MDKSA-2003:093",
} "refsource": "MANDRAKE",
] "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:093"
} },
{
"name": "CLA-2003:737",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000737"
},
{
"name": "oval:org.mitre.oval:def:148",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A148"
},
{
"name": "DSA-710",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-710"
},
{
"name": "RHSA-2003:264",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-264.html"
}
]
}
} }

138
2003/0xxx/CVE-2003-0937.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-0937", "ID": "CVE-2003-0937",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the \"as\" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=106865297403687&w=2" "lang": "eng",
}, "value": "SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to bypass protections for the \"as\" address space file for a process ID (PID) by obtaining a procfs file descriptor for the file and calling execve() on a setuid or setgid program, which leaves the descriptor open to the user."
{ }
"name" : "http://www.texonet.com/advisories/TEXONET-20031024.txt", ]
"refsource" : "MISC", },
"url" : "http://www.texonet.com/advisories/TEXONET-20031024.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CSSA-2003-SCO.32", "description": [
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "CSSA-2003-SCO.32",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.32/CSSA-2003-SCO.32.txt"
},
{
"name": "20031112 Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=106865297403687&w=2"
},
{
"name": "http://www.texonet.com/advisories/TEXONET-20031024.txt",
"refsource": "MISC",
"url": "http://www.texonet.com/advisories/TEXONET-20031024.txt"
}
]
}
} }

138
2003/1xxx/CVE-2003-1517.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1517", "ID": "CVE-2003-1517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.securiteam.com/securitynews/6T00T008KG.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.securiteam.com/securitynews/6T00T008KG.html" "lang": "eng",
}, "value": "cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message."
{ }
"name" : "8860", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/8860" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dansie-cartpl-path-disclosure(13461)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13461" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/securitynews/6T00T008KG.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securitynews/6T00T008KG.html"
},
{
"name": "dansie-cartpl-path-disclosure(13461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13461"
},
{
"name": "8860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8860"
}
]
}
} }

138
2003/1xxx/CVE-2003-1527.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2003-1527", "ID": "CVE-2003-1527",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://online.securityfocus.com/archive/1/294411" "lang": "eng",
}, "value": "BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets."
{ }
"name" : "5917", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/5917" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "firewall-autoblock-spoofing-dos(10314)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10314.php" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20021008 Multiple Vendor PC firewall remote denial of services Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/294411"
},
{
"name": "5917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5917"
},
{
"name": "firewall-autoblock-spoofing-dos(10314)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10314.php"
}
]
}
} }

528
2004/0xxx/CVE-2004-0109.json
View File

@ -1,267 +1,267 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0109", "ID": "CVE-2004-0109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities" "lang": "eng",
}, "value": "Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry."
{ }
"name" : "CLA-2004:846", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-479", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-479" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-480", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2004/dsa-480" ]
}, },
{ "references": {
"name" : "DSA-481", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-481" "name": "linux-iso9660-bo(15866)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15866"
"name" : "DSA-482", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-482" "name": "11626",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11626"
"name" : "DSA-489", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-489" "name": "11464",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11464"
"name" : "DSA-491", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-491" "name": "RHSA-2004:105",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-105.html"
"name" : "DSA-495", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2004/dsa-495" "name": "O-127",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-127.shtml"
"name" : "ESA-20040428-004", },
"refsource" : "ENGARDE", {
"url" : "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html" "name": "11518",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11518"
"name" : "GLSA-200407-02", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200407-02.xml" "name": "20040405-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc"
"name" : "MDKSA-2004:029", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029" "name": "2004-0020",
}, "refsource": "TRUSTIX",
{ "url": "http://marc.info/?l=bugtraq&m=108213675028441&w=2"
"name" : "RHSA-2004:105", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-105.html" "name": "DSA-482",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-482"
"name" : "RHSA-2004:106", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-106.html" "name": "11861",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11861"
"name" : "RHSA-2004:166", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2004-166.html" "name": "11362",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11362"
"name" : "RHSA-2004:183", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-183.html" "name": "oval:org.mitre.oval:def:940",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940"
"name" : "20040405-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040405-01-U.asc" "name": "DSA-495",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-495"
"name" : "20040504-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc" "name": "RHSA-2004:183",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-183.html"
"name" : "SuSE-SA:2004:009", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_09_kernel.html" "name": "DSA-479",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-479"
"name" : "2004-0020", },
"refsource" : "TRUSTIX", {
"url" : "http://marc.info/?l=bugtraq&m=108213675028441&w=2" "name": "12003",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12003"
"name" : "TLSA-2004-14", },
"refsource" : "TURBO", {
"url" : "http://www.turbolinux.com/security/2004/TLSA-2004-14.txt" "name": "11891",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11891"
"name" : "O-121", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-121.shtml" "name": "SuSE-SA:2004:009",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_09_kernel.html"
"name" : "O-127", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/o-127.shtml" "name": "11469",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11469"
"name" : "10141", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10141" "name": "11486",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11486"
"name" : "oval:org.mitre.oval:def:940", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A940" "name": "oval:org.mitre.oval:def:10733",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733"
"name" : "oval:org.mitre.oval:def:10733", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10733" "name": "DSA-480",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-480"
"name" : "11361", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11361" "name": "TLSA-2004-14",
}, "refsource": "TURBO",
{ "url": "http://www.turbolinux.com/security/2004/TLSA-2004-14.txt"
"name" : "11362", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11362" "name": "10141",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10141"
"name" : "11373", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11373" "name": "11986",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11986"
"name" : "11429", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11429" "name": "11470",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11470"
"name" : "11464", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11464" "name": "CLA-2004:846",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846"
"name" : "11469", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11469" "name": "11361",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11361"
"name" : "11470", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11470" "name": "DSA-489",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-489"
"name" : "11486", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11486" "name": "DSA-481",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2004/dsa-481"
"name" : "11494", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11494" "name": "11373",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11373"
"name" : "11518", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11518" "name": "20040504-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc"
"name" : "11626", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11626" "name": "ESA-20040428-004",
}, "refsource": "ENGARDE",
{ "url": "http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html"
"name" : "11861", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11861" "name": "RHSA-2004:106",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-106.html"
"name" : "11891", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11891" "name": "O-121",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/o-121.shtml"
"name" : "11986", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11986" "name": "http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities",
}, "refsource": "MISC",
{ "url": "http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities"
"name" : "12003", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12003" "name": "11429",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/11429"
"name" : "linux-iso9660-bo(15866)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15866" "name": "11494",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/11494"
} },
{
"name": "MDKSA-2004:029",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:029"
},
{
"name": "GLSA-200407-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200407-02.xml"
},
{
"name": "RHSA-2004:166",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2004-166.html"
},
{
"name": "DSA-491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-491"
}
]
}
} }

138
2004/0xxx/CVE-2004-0355.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0355", "ID": "CVE-2004-0355",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for \"Personal Photo\" that is not an image file, which displays the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107850510428567&w=2" "lang": "eng",
}, "value": "Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for \"Personal Photo\" that is not an image file, which displays the installation path in an error message."
{ }
"name" : "invision-invalid-path-disclosure(15400)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9810", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9810" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-invalid-path-disclosure(15400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15400"
},
{
"name": "20040305 Invision Power Board 1.3 Final Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107850510428567&w=2"
},
{
"name": "9810",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9810"
}
]
}
} }

168
2004/0xxx/CVE-2004-0978.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0978", "ID": "CVE-2004-0978",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050119 MSN Heartbeat Control Buffer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110616221411579&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter."
{ }
"name" : "http://www.ngssoftware.com/advisories/heartbeatfull.txt", ]
"refsource" : "MISC", },
"url" : "http://www.ngssoftware.com/advisories/heartbeatfull.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MS04-038", "description": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#673134", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/673134" ]
}, },
{ "references": {
"name" : "11367", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11367" "name": "20050119 MSN Heartbeat Control Buffer Overflow",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=110616221411579&w=2"
"name" : "heartbeat-activex(17714)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17714" "name": "VU#673134",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/673134"
} },
{
"name": "MS04-038",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-038"
},
{
"name": "heartbeat-activex(17714)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17714"
},
{
"name": "11367",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11367"
},
{
"name": "http://www.ngssoftware.com/advisories/heartbeatfull.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/heartbeatfull.txt"
}
]
}
} }

148
2004/2xxx/CVE-2004-2090.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2090", "ID": "CVE-2004-2090",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040207 (no subject)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html" "lang": "eng",
}, "value": "Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist."
{ }
"name" : "9611", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9611" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10820", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10820" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ie-error-obtain-information(15078)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078" ]
} },
] "references": {
} "reference_data": [
{
"name": "9611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9611"
},
{
"name": "20040207 (no subject)",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016881.html"
},
{
"name": "ie-error-obtain-information(15078)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15078"
},
{
"name": "10820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10820"
}
]
}
} }

158
2004/2xxx/CVE-2004-2508.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2508", "ID": "CVE-2004-2508",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040613 Linksys Web Camera Cross-site Scripting Vuln", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0215.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter."
{ }
"name" : "10533", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/10533" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1010424", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11881", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11881" ]
}, },
{ "references": {
"name" : "linksys-webcamera-main-xss(16415)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16415" "name": "20040613 Linksys Web Camera Cross-site Scripting Vuln",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0215.html"
} },
{
"name": "10533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10533"
},
{
"name": "linksys-webcamera-main-xss(16415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16415"
},
{
"name": "11881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11881"
},
{
"name": "1010424",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010424"
}
]
}
} }

178
2004/2xxx/CVE-2004-2670.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-2670", "ID": "CVE-2004-2670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040804 Multiple vulnerabilities in eNdonesia CMS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/370855" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module."
{ }
"name" : "http://echo.or.id/adv/adv02-y3dips-2004.txt", ]
"refsource" : "MISC", },
"url" : "http://echo.or.id/adv/adv02-y3dips-2004.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10856", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10856" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8506", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/8506" ]
}, },
{ "references": {
"name" : "1010864", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1010864" "name": "20040804 Multiple vulnerabilities in eNdonesia CMS",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/370855"
"name" : "12231", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/12231" "name": "12231",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/12231"
"name" : "endonesia-mod-xss(13041)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041" "name": "http://echo.or.id/adv/adv02-y3dips-2004.txt",
} "refsource": "MISC",
] "url": "http://echo.or.id/adv/adv02-y3dips-2004.txt"
} },
{
"name": "1010864",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010864"
},
{
"name": "8506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8506"
},
{
"name": "endonesia-mod-xss(13041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13041"
},
{
"name": "10856",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10856"
}
]
}
} }

228
2008/2xxx/CVE-2008-2430.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-2430", "ID": "CVE-2008-2430",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080702 Secunia Research: VLC Media Player WAV Processing Integer Overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493849/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the Open function in modules/demux/wav.c in VLC Media Player 0.8.6h on Windows allows remote attackers to execute arbitrary code via a large fmt chunk in a WAV file."
{ }
"name" : "http://secunia.com/secunia_research/2008-29/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-29/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.videolan.org/developers/vlc/NEWS", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.videolan.org/developers/vlc/NEWS" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200807-13", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200807-13.xml" ]
}, },
{ "references": {
"name" : "30058", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30058" "name": "31317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31317"
"name" : "oval:org.mitre.oval:def:14344", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344" "name": "3976",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3976"
"name" : "oval:org.mitre.oval:def:14769", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769" "name": "1020429",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020429"
"name" : "ADV-2008-1995", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1995/references" "name": "GLSA-200807-13",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200807-13.xml"
"name" : "1020429", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020429" "name": "http://www.videolan.org/developers/vlc/NEWS",
}, "refsource": "CONFIRM",
{ "url": "http://www.videolan.org/developers/vlc/NEWS"
"name" : "30601", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30601" "name": "oval:org.mitre.oval:def:14344",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14344"
"name" : "31317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31317" "name": "ADV-2008-1995",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1995/references"
"name" : "3976", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3976" "name": "oval:org.mitre.oval:def:14769",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14769"
} },
{
"name": "20080702 Secunia Research: VLC Media Player WAV Processing Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493849/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2008-29/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-29/advisory/"
},
{
"name": "30601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30601"
},
{
"name": "30058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30058"
}
]
}
} }

128
2008/2xxx/CVE-2008-2452.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2452", "ID": "CVE-2008-2452",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080513-2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080513-2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Questionaire (aka pbsurvey) extension 1.2.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "pbsurvey-unspecified-xss(42365)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42365" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pbsurvey-unspecified-xss(42365)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42365"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-2",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080513-2"
}
]
}
} }

158
2008/2xxx/CVE-2008-2684.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2684", "ID": "CVE-2008-2684",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5750", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5750" "lang": "eng",
}, "value": "The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information."
{ }
"name" : "29579", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29579" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1768", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1768/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30548", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30548" ]
}, },
{ "references": {
"name" : "barcode-bidib-code-execution(42896)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42896" "name": "barcode-bidib-code-execution(42896)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42896"
} },
{
"name": "30548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30548"
},
{
"name": "29579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29579"
},
{
"name": "5750",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5750"
},
{
"name": "ADV-2008-1768",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1768/references"
}
]
}
} }

178
2008/2xxx/CVE-2008-2721.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2721", "ID": "CVE-2008-2721",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://gallery.menalto.com/gallery_2.2.5_released", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://gallery.menalto.com/gallery_2.2.5_released" "lang": "eng",
}, "value": "Unspecified vulnerability in the album-select module in Menalto Gallery before 2.2.5 allows remote attackers to obtain titles of hidden albums by attempting to add a new album to a hidden album."
{ }
"name" : "FEDORA-2008-5479", ]
"refsource" : "FEDORA", },
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2008-5576", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29681", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/29681" ]
}, },
{ "references": {
"name" : "30650", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30650" "name": "30650",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30650"
"name" : "30826", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30826" "name": "30826",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30826"
"name" : "gallery-albumselectmodule-info-disclosure(43025)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43025" "name": "gallery-albumselectmodule-info-disclosure(43025)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43025"
} },
{
"name": "http://gallery.menalto.com/gallery_2.2.5_released",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/gallery_2.2.5_released"
},
{
"name": "FEDORA-2008-5479",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00766.html"
},
{
"name": "FEDORA-2008-5576",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00836.html"
},
{
"name": "29681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29681"
}
]
}
} }

148
2012/0xxx/CVE-2012-0539.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2012-0539", "ID": "CVE-2012-0539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv."
{ }
"name" : "MDVSA-2013:150", ]
"refsource" : "MANDRIVA", },
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1026940", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026940" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "48809", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/48809" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html"
},
{
"name": "1026940",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026940"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name": "48809",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48809"
}
]
}
} }

198
2012/1xxx/CVE-2012-1620.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-1620", "ID": "CVE-2012-1620",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120405 CVE Request: slock-0.9 displays modal box after locking", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/04/06/1" "lang": "eng",
}, "value": "slock 0.9 does not properly handle the XRaiseWindow event when the screen is locked, which might allow physically proximate attackers to obtain sensitive information by pressing a button, which reveals the desktop and active windows."
{ }
"name" : "[oss-security] 20120405 Re: CVE Request: slock-0.9 displays modal box after locking", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2012/04/06/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=401645", "description": [
"refsource" : "MISC", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=401645" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=786310", ]
"refsource" : "MISC", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=786310" ]
}, },
{ "references": {
"name" : "http://hg.suckless.org/slock/rev/891a4984aba6", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://hg.suckless.org/slock/rev/891a4984aba6" "name": "https://bugs.gentoo.org/show_bug.cgi?id=401645",
}, "refsource": "MISC",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=401645"
"name" : "52922", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/52922" "name": "[oss-security] 20120405 Re: CVE Request: slock-0.9 displays modal box after locking",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/04/06/2"
"name" : "81035", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/81035" "name": "[oss-security] 20120405 CVE Request: slock-0.9 displays modal box after locking",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2012/04/06/1"
"name" : "48700", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/48700" "name": "48700",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/48700"
"name" : "slock-xraisewindow-sec-bypass(74666)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74666" "name": "slock-xraisewindow-sec-bypass(74666)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74666"
} },
{
"name": "81035",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81035"
},
{
"name": "52922",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52922"
},
{
"name": "http://hg.suckless.org/slock/rev/891a4984aba6",
"refsource": "CONFIRM",
"url": "http://hg.suckless.org/slock/rev/891a4984aba6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=786310",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=786310"
}
]
}
} }

128
2012/1xxx/CVE-2012-1882.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-1882", "ID": "CVE-2012-1882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Scrolling Events Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-037", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037" "lang": "eng",
}, "value": "Microsoft Internet Explorer 6 through 9 does not block cross-domain scrolling events, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Scrolling Events Information Disclosure Vulnerability.\""
{ }
"name" : "oval:org.mitre.oval:def:15367", ]
"refsource" : "OVAL", },
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15367" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS12-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-037"
},
{
"name": "oval:org.mitre.oval:def:15367",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15367"
}
]
}
} }

148
2012/1xxx/CVE-2012-1984.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-1984", "ID": "CVE-2012-1984",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "52929", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/52929" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1026898", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1026898" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "helix-server-unspec-xss(74677)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74677" ]
} },
] "references": {
} "reference_data": [
{
"name": "52929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52929"
},
{
"name": "1026898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026898"
},
{
"name": "helix-server-unspec-xss(74677)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74677"
},
{
"name": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf",
"refsource": "CONFIRM",
"url": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf"
}
]
}
} }

32
2012/5xxx/CVE-2012-5283.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-5283", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-5283",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

168
2012/5xxx/CVE-2012-5370.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5370", "ID": "CVE-2012-5370",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://2012.appsec-forum.ch/conferences/#c17", "description_data": [
"refsource" : "MISC", {
"url" : "http://2012.appsec-forum.ch/conferences/#c17" "lang": "eng",
}, "value": "JRuby computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table, as demonstrated by a universal multicollision attack against the MurmurHash2 algorithm, a different vulnerability than CVE-2011-4838."
{ }
"name" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf", ]
"refsource" : "MISC", },
"url" : "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.ocert.org/advisories/ocert-2012-001.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.ocert.org/advisories/ocert-2012-001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://www.131002.net/data/talks/appsec12_slides.pdf", ]
"refsource" : "MISC", }
"url" : "https://www.131002.net/data/talks/appsec12_slides.pdf" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=880671", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=880671" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=880671",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=880671"
"name" : "RHSA-2013:0533", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0533.html" "name": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf",
} "refsource": "MISC",
] "url": "http://asfws12.files.wordpress.com/2012/11/asfws2012-jean_philippe_aumasson-martin_bosslet-hash_flooding_dos_reloaded.pdf"
} },
{
"name": "https://www.131002.net/data/talks/appsec12_slides.pdf",
"refsource": "MISC",
"url": "https://www.131002.net/data/talks/appsec12_slides.pdf"
},
{
"name": "http://2012.appsec-forum.ch/conferences/#c17",
"refsource": "MISC",
"url": "http://2012.appsec-forum.ch/conferences/#c17"
},
{
"name": "http://www.ocert.org/advisories/ocert-2012-001.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2012-001.html"
},
{
"name": "RHSA-2013:0533",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0533.html"
}
]
}
} }

168
2012/5xxx/CVE-2012-5572.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-5572", "ID": "CVE-2012-5572",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20121126 Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/11/26/10" "lang": "eng",
}, "value": "CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name, a different vulnerability than CVE-2012-5526."
{ }
"name" : "http://advisories.mageia.org/MGASA-2013-0183.html", ]
"refsource" : "CONFIRM", },
"url" : "http://advisories.mageia.org/MGASA-2013-0183.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/PerlDancer/Dancer/blob/devel/CHANGES", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/PerlDancer/Dancer/blob/devel/CHANGES" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/PerlDancer/Dancer/issues/859", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/PerlDancer/Dancer/issues/859" ]
}, },
{ "references": {
"name" : "FEDORA-2013-9950", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108749.html" "name": "FEDORA-2013-9950",
}, "refsource": "FEDORA",
{ "url": "https://lists.fedoraproject.org/pipermail/package-announce/2013-June/108749.html"
"name" : "MDVSA-2013:184", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:184" "name": "MDVSA-2013:184",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:184"
} },
{
"name": "[oss-security] 20121126 Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/11/26/10"
},
{
"name": "https://github.com/PerlDancer/Dancer/issues/859",
"refsource": "CONFIRM",
"url": "https://github.com/PerlDancer/Dancer/issues/859"
},
{
"name": "https://github.com/PerlDancer/Dancer/blob/devel/CHANGES",
"refsource": "CONFIRM",
"url": "https://github.com/PerlDancer/Dancer/blob/devel/CHANGES"
},
{
"name": "http://advisories.mageia.org/MGASA-2013-0183.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2013-0183.html"
}
]
}
} }

118
2012/5xxx/CVE-2012-5691.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5691", "ID": "CVE-2012-5691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://service.real.com/realplayer/security/12142012_player/en/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/12142012_player/en/" "lang": "eng",
} "value": "Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted RealMedia file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://service.real.com/realplayer/security/12142012_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/12142012_player/en/"
}
]
}
} }

308
2012/5xxx/CVE-2012-5838.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-5838", "ID": "CVE-2012-5838",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html" "lang": "eng",
}, "value": "The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via large image dimensions."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=802778", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=802778" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2012:1583", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2012:1585", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:1586", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html" "name": "USN-1638-3",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-3"
"name" : "SUSE-SU-2012:1592", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html" "name": "56644",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56644"
"name" : "openSUSE-SU-2013:0175", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=802778",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802778"
"name" : "USN-1638-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-1" "name": "51370",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51370"
"name" : "USN-1638-3", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-3" "name": "USN-1638-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-2"
"name" : "USN-1638-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1638-2" "name": "openSUSE-SU-2012:1586",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
"name" : "USN-1636-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1636-1" "name": "USN-1636-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1636-1"
"name" : "56644", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56644" "name": "openSUSE-SU-2013:0175",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
"name" : "87599", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/87599" "name": "oval:org.mitre.oval:def:16896",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16896"
"name" : "oval:org.mitre.oval:def:16896", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16896" "name": "51434",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51434"
"name" : "51369", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51369" "name": "openSUSE-SU-2012:1583",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
"name" : "51381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51381" "name": "51439",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51439"
"name" : "51434", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51434" "name": "51440",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/51440"
"name" : "51439", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51439" "name": "USN-1638-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1638-1"
"name" : "51440", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51440" "name": "SUSE-SU-2012:1592",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
"name" : "51370", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51370" "name": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html",
} "refsource": "CONFIRM",
] "url": "http://www.mozilla.org/security/announce/2012/mfsa2012-106.html"
} },
{
"name": "87599",
"refsource": "OSVDB",
"url": "http://osvdb.org/87599"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
}
]
}
} }

150
2017/11xxx/CVE-2017-11837.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00", "DATE_PUBLIC": "2017-11-14T00:00:00",
"ID" : "CVE-2017-11837", "ID": "CVE-2017-11837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ChakraCore, Microsoft Edge, Internet Explorer", "product_name": "ChakraCore, Microsoft Edge, Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709." "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837" "lang": "eng",
}, "value": "ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2017-11836, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873."
{ }
"name" : "101722", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101722" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039780", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039780" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1039781", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1039781" ]
} },
] "references": {
} "reference_data": [
{
"name": "1039781",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039781"
},
{
"name": "1039780",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039780"
},
{
"name": "101722",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101722"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11837"
}
]
}
} }

144
2017/3xxx/CVE-2017-3271.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3271", "ID": "CVE-2017-3271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "8.5.2" "version_value": "8.5.2"
}, },
{ {
"version_value" : "8.5.3" "version_value": "8.5.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ). Supported versions that are affected are 8.5.2 and 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data as well as unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS v3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts)."
{ }
"name" : "95532", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95532" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037631", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037631" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "95532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95532"
},
{
"name": "1037631",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037631"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

174
2017/3xxx/CVE-2017-3303.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3303", "ID": "CVE-2017-3303",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "XML Gateway", "product_name": "XML Gateway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle XML Gateway. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle XML Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle XML Gateway accessible data as well as unauthorized update, insert or delete access to some of Oracle XML Gateway accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95602", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95602" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1037639", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1037639" "lang": "eng",
} "value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "95602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95602"
},
{
"name": "1037639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037639"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

164
2017/3xxx/CVE-2017-3429.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3429", "ID": "CVE-2017-3429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "One-to-One Fulfillment", "product_name": "One-to-One Fulfillment",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_value" : "12.2.6" "version_value": "12.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle" "vendor_name": "Oracle"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts)."
{ }
"name" : "95569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/95569" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95569"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html"
}
]
}
} }

130
2017/3xxx/CVE-2017-3611.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-3611", "ID": "CVE-2017-3611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Oracle Berkeley DB", "product_name": "Oracle Berkeley DB",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "6.2.32" "version_value": "6.2.32"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html" "lang": "eng",
}, "value": "Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.0 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)."
{ }
"name" : "97859", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/97859" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html"
},
{
"name": "97859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97859"
}
]
}
} }

32
2017/3xxx/CVE-2017-3714.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-3714", "ID": "CVE-2017-3714",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/6xxx/CVE-2017-6285.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00", "DATE_PUBLIC": "2018-03-05T00:00:00",
"ID" : "CVE-2017-6285", "ID": "CVE-2017-6285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "NA" "version_value": "NA"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01" "lang": "eng",
} "value": "NVIDIA libnvrm contains a possible out of bounds read due to a missing bounds check which could lead to local information disclosure. This issue is rated as moderate. Product: Android. Version: N/A. Android: A-64893156. Reference: N-CVE-2017-6285."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}
} }

168
2017/7xxx/CVE-2017-7116.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7116", "ID": "CVE-2017-7116",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1318", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1318" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the \"Wi-Fi\" component. It might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic."
{ }
"name" : "https://support.apple.com/HT208112", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208112" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208113", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208113" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208115", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208115" ]
}, },
{ "references": {
"name" : "100927", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100927" "name": "1039385",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1039385"
"name" : "1039385", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039385" "name": "https://support.apple.com/HT208113",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT208113"
} },
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
},
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1318",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1318"
},
{
"name": "100927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100927"
}
]
}
} }

168
2017/7xxx/CVE-2017-7128.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2017-7128", "ID": "CVE-2017-7128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party \"SQLite\" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208112", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208112" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party \"SQLite\" product. Versions before 3.19.3 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact."
{ }
"name" : "https://support.apple.com/HT208113", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT208113" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208115", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208115" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208144", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/HT208144" ]
}, },
{ "references": {
"name" : "100987", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100987" "name": "https://support.apple.com/HT208144",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT208144"
"name" : "1039427", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039427" "name": "100987",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/100987"
} },
{
"name": "1039427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039427"
},
{
"name": "https://support.apple.com/HT208113",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208113"
},
{
"name": "https://support.apple.com/HT208112",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208112"
},
{
"name": "https://support.apple.com/HT208115",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208115"
}
]
}
} }

148
2017/7xxx/CVE-2017-7863.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7863", "ID": "CVE-2017-7863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html" "lang": "eng",
}, "value": "FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c."
{ }
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546", ]
"refsource" : "MISC", },
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "97675", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/97675" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=546"
},
{
"name": "97675",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97675"
},
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e"
},
{
"name": "[debian-lts-announce] 20190206 [SECURITY] [DLA 1654-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00005.html"
}
]
}
} }

128
2017/7xxx/CVE-2017-7953.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-7953", "ID": "CVE-2017-7953",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "INFOR EAM V11.0 Build 201410 has XSS via comment fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42029", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42029/" "lang": "eng",
}, "value": "INFOR EAM V11.0 Build 201410 has XSS via comment fields."
{ }
"name" : "http://seclists.org/fulldisclosure/2017/May/54", ]
"refsource" : "MISC", },
"url" : "http://seclists.org/fulldisclosure/2017/May/54" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42029",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42029/"
},
{
"name": "http://seclists.org/fulldisclosure/2017/May/54",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/May/54"
}
]
}
} }

120
2017/8xxx/CVE-2017-8128.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8128", "ID": "CVE-2017-8128",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "UMA", "product_name": "UMA",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "V200R001 and V300R001" "version_value": "V200R001 and V300R001"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "privilege elevation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en" "lang": "eng",
} "value": "The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege elevation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170612-01-uma-en"
}
]
}
} }

120
2017/8xxx/CVE-2017-8210.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-15T00:00:00", "DATE_PUBLIC": "2017-11-15T00:00:00",
"ID" : "CVE-2017-8210", "ID": "CVE-2017-8210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "honor 5C,honor 6x", "product_name": "honor 5C,honor 6x",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360" "version_value": "Versions earlier than NEM-AL10C00B356,Versions earlier than Berlin-L21HNC432B360"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en" "lang": "eng",
} "value": "The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege of the Android system, the APP can send a specific parameter to the driver of the smart phone, causing a system reboot or arbitrary code execution."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170801-01-smartphone-en"
}
]
}
} }

128
2017/8xxx/CVE-2017-8421.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8421", "ID": "CVE-2017-8421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21440", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21440" "lang": "eng",
}, "value": "The function coff_set_alignment_hook in coffcode.h in Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, has a memory leak vulnerability which can cause memory exhaustion in objdump via a crafted PE file. Additional validation in dump_relocs_in_section in objdump.c can resolve this."
{ }
"name" : "GLSA-201709-02", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201709-02" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21440",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21440"
},
{
"name": "GLSA-201709-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-02"
}
]
}
} }

32
2017/8xxx/CVE-2017-8434.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-8434", "ID": "CVE-2017-8434",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2017/8xxx/CVE-2017-8507.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2017-8507", "ID": "CVE-2017-8507",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016." "version_value": "Microsoft Outlook 2007 Service Pack 3, Microsoft Outlook 2010 Service Pack 2, Microsoft Outlook 2013 RT Service Pack 1, Microsoft Outlook 2013 Service Pack 1, and Microsoft Outlook 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka \"Microsoft Office Memory Corruption Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way Microsoft Office software parses specially crafted email messages, aka \"Microsoft Office Memory Corruption Vulnerability\"."
{ }
"name" : "98827", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/98827" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038666", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038666" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8507"
},
{
"name": "98827",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98827"
},
{
"name": "1038666",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038666"
}
]
}
} }

140
2017/8xxx/CVE-2017-8665.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2017-08-14T00:00:00", "DATE_PUBLIC": "2017-08-14T00:00:00",
"ID" : "CVE-2017-8665", "ID": "CVE-2017-8665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Xamarin.iOS", "product_name": "Xamarin.iOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Xamarin.iOS" "version_value": "Xamarin.iOS"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka \"Xamarin.iOS Elevation Of Privilege Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42454", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42454/" "lang": "eng",
}, "value": "The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka \"Xamarin.iOS Elevation Of Privilege Vulnerability.\""
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8665", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8665" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100308", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100308" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "42454",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42454/"
},
{
"name": "100308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100308"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8665",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8665"
}
]
}
} }

118
2018/10xxx/CVE-2018-10192.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10192", "ID": "CVE-2018-10192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the \"connect\" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md" "lang": "eng",
} "value": "IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a third-party library for converting `xpc_object_t` types in to `NSObject` types for sending XPC messages. When IPVanish establishes a new connection, the following XPC message is sent to the `com.ipvanish.osx.vpnhelper` LaunchDaemon. Because the XPC service itself does not validate an incoming connection, any application installed on the operating system can send it XPC messages. In the case of the \"connect\" message, an attacker could manipulate the `OpenVPNPath` to point at a malicious binary on the system. The `com.ipvanish.osx.vpnhelper` would receive the VPNHelperConnect command, and then execute the malicious binary as the root user."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md",
"refsource": "MISC",
"url": "https://github.com/VerSprite/research/blob/master/advisories/VS-2018-020.md"
}
]
}
} }

118
2018/10xxx/CVE-2018-10289.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10289", "ID": "CVE-2018-10289",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=699271", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=699271" "lang": "eng",
} "value": "In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space function of the pdf/pdf-xref.c file. A remote adversary could leverage this vulnerability to cause a denial of service via a crafted pdf file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=699271",
"refsource": "MISC",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=699271"
}
]
}
} }

32
2018/10xxx/CVE-2018-10453.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10453", "ID": "CVE-2018-10453",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/10xxx/CVE-2018-10553.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10553", "ID": "CVE-2018-10553",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html" "lang": "eng",
} "value": "An issue was discovered in Nagios XI 5.4.13. A registered user is able to use directory traversal to read local files, as demonstrated by URIs beginning with index.php?xiwindow=./ and config/?xiwindow=../ substrings."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html",
"refsource": "MISC",
"url": "http://code610.blogspot.com/2018/04/few-bugs-in-latest-nagios-xi-5413.html"
}
]
}
} }

32
2018/10xxx/CVE-2018-10693.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-10693", "ID": "CVE-2018-10693",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/13xxx/CVE-2018-13420.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13420", "ID": "CVE-2018-13420",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/gperftools/gperftools/issues/1013", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/gperftools/gperftools/issues/1013" "lang": "eng",
} "value": "** DISPUTED ** Google gperftools 2.7 has a memory leak in malloc_extension.cc, related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gperftools/gperftools/issues/1013",
"refsource": "MISC",
"url": "https://github.com/gperftools/gperftools/issues/1013"
}
]
}
} }

128
2018/13xxx/CVE-2018-13481.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13481", "ID": "CVE-2018-13481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for TRIUM, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TRIUM", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TRIUM" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TRIUM",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/TRIUM"
}
]
}
} }

128
2018/13xxx/CVE-2018-13662.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13662", "ID": "CVE-2018-13662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for WorldOpctionChain, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WorldOpctionChain", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WorldOpctionChain" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WorldOpctionChain",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/WorldOpctionChain"
}
]
}
} }

128
2018/13xxx/CVE-2018-13761.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-13761", "ID": "CVE-2018-13761",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md" "lang": "eng",
}, "value": "The mintToken function of a smart contract implementation for NetkillerAdvancedTokenAirDrop, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value."
{ }
"name" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerAdvancedTokenAirDrop", ]
"refsource" : "MISC", },
"url" : "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerAdvancedTokenAirDrop" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"name": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerAdvancedTokenAirDrop",
"refsource": "MISC",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/NetkillerAdvancedTokenAirDrop"
}
]
}
} }

118
2018/17xxx/CVE-2018-17136.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17136", "ID": "CVE-2018-17136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/TEag1e/zzcms", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/TEag1e/zzcms" "lang": "eng",
} "value": "zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TEag1e/zzcms",
"refsource": "MISC",
"url": "https://github.com/TEag1e/zzcms"
}
]
}
} }

32
2018/17xxx/CVE-2018-17536.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-17536", "ID": "CVE-2018-17536",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/17xxx/CVE-2018-17694.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-17694", "ID": "CVE-2018-17694",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PhantomPDF", "product_name": "PhantomPDF",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.2.0.9297" "version_value": "9.2.0.9297"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit" "vendor_name": "Foxit"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1224/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-1224/" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the display property of a button. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7138."
{ }
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php", ]
"refsource" : "CONFIRM", },
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "CWE-416: Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-1224/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-1224/"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
} }

138
2018/9xxx/CVE-2018-9334.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9334", "ID": "CVE-2018-9334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/124", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://securityadvisories.paloaltonetworks.com/Home/Detail/124" "lang": "eng",
}, "value": "The PAN-OS management web interface page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.8 and earlier, and PAN-OS 8.1.0 may allow an attacker to access the GlobalProtect password hashes of local users via manipulation of the HTML markup."
{ }
"name" : "104677", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104677" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041243", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041243" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041243"
},
{
"name": "104677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104677"
},
{
"name": "https://securityadvisories.paloaltonetworks.com/Home/Detail/124",
"refsource": "CONFIRM",
"url": "https://securityadvisories.paloaltonetworks.com/Home/Detail/124"
}
]
}
} }

128
2018/9xxx/CVE-2018-9539.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"ID" : "CVE-2018-9539", "ID": "CVE-2018-9539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android-8.0 Android-8.1 Android-9" "version_value": "Android-8.0 Android-8.1 Android-9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-11-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-11-01" "lang": "eng",
}, "value": "In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383"
{ }
"name" : "105865", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105865" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105865"
},
{
"name": "https://source.android.com/security/bulletin/2018-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-11-01"
}
]
}
} }

32
2018/9xxx/CVE-2018-9691.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9691", "ID": "CVE-2018-9691",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/9xxx/CVE-2018-9830.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-9830", "ID": "CVE-2018-9830",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }