admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:31:40 +00:00
parent 5b9b9fa516
commit 0074e34cc8
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3848 additions and 3848 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2004/1xxx/CVE-2004-1527.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1527",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1527",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions."
"lang": "eng",
"value": "Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110053968530613&w=2"
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
},
{
"name" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html",
"refsource" : "MISC",
"url" : "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/79_e.html"
"name": "ie-path-cookie-overwrite(18073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
},
{
"name" : "11680",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11680"
"name": "13208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13208"
},
{
"name" : "13208",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13208"
"name": "20041115 [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110053968530613&w=2"
},
{
"name" : "ie-path-cookie-overwrite(18073)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18073"
"name": "11680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11680"
}
]
}

110
2008/0xxx/CVE-2008-0481.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0481",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0481",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\\\\ in the sub parameter in a save action."
"lang": "eng",
"value": "Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz Rich Text Editor 4.0 allows remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\\\\ in the sub parameter in a save action."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
"name": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
"refsource": "CONFIRM",
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name" : "4971",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4971"
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name" : "http://www.bugreport.ir/?/31",
"refsource" : "MISC",
"url" : "http://www.bugreport.ir/?/31"
"name": "editor-rte-directory-traversal(39868)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39868"
},
{
"name" : "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
"refsource" : "CONFIRM",
"url" : "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
"name": "28639",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28639"
},
{
"name" : "27419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27419"
"name": "4971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name" : "1019267",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019267"
"name": "27419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27419"
},
{
"name" : "28639",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28639"
"name": "3584",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3584"
},
{
"name" : "3584",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3584"
"name": "http://www.bugreport.ir/?/31",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/31"
},
{
"name" : "editor-rte-directory-traversal(39868)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39868"
"name": "1019267",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019267"
}
]
}

74
2008/0xxx/CVE-2008-0571.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0571",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0571",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points."
"lang": "eng",
"value": "The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, 5.x-2 before 5.x-2.16, and 5.x-3 before 5.x-3.3 module for Drupal does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and manipulate points."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://drupal.org/node/216023",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/216023"
"name": "http://drupal.org/node/216023",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/216023"
},
{
"name" : "ADV-2008-0375",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0375/references"
"name": "ADV-2008-0375",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0375/references"
},
{
"name" : "28730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28730"
"name": "28730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28730"
}
]
}

74
2008/0xxx/CVE-2008-0580.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0580",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0580",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering."
"lang": "eng",
"value": "Geert Moernaut LSrunasE and Supercrypt use an encryption key composed of an SHA1 hash of a fixed string embedded in the executable file, which makes it easier for local users to obtain this key without reverse engineering."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487269/100/0/threaded"
"name": "20080129 Insecure Use of RC4 in LSrunasE and Supercrypt (CVE-2007-6340)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487269/100/0/threaded"
},
{
"name" : "27500",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27500"
"name": "27500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27500"
},
{
"name" : "3611",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3611"
"name": "3611",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3611"
}
]
}

80
2008/0xxx/CVE-2008-0777.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0777",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0777",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files."
"lang": "eng",
"value": "The sendfile system call in FreeBSD 5.5 through 7.0 does not check the access flags of the file descriptor used for sending a file, which allows local users to read the contents of write-only files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "FreeBSD-SA-08:03",
"refsource" : "FREEBSD",
"url" : "http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc"
"name": "FreeBSD-SA-08:03",
"refsource": "FREEBSD",
"url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:03.sendfile.asc"
},
{
"name" : "27789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27789"
"name": "1019416",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019416"
},
{
"name" : "1019416",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019416"
"name": "27789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27789"
},
{
"name" : "28928",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28928"
"name": "28928",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28928"
}
]
}

200
2008/1xxx/CVE-2008-1186.json
View File

@ -1,176 +1,176 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1186",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1186",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka \"the second issue.\""
"lang": "eng",
"value": "Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka \"the second issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
"name": "APPLE-SA-2008-09-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name" : "http://support.apple.com/kb/HT3178",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3178"
"name": "30676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30676"
},
{
"name" : "http://support.apple.com/kb/HT3179",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3179"
"name": "1019555",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019555"
},
{
"name" : "APPLE-SA-2008-09-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
"name": "SUSE-SA:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
},
{
"name" : "GLSA-200804-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
"name": "32018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32018"
},
{
"name" : "GLSA-200804-28",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml"
"name": "java-virtualmachine-multiple-priv-escalation(41025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025"
},
{
"name" : "GLSA-200806-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name" : "RHSA-2008:0186",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
"name": "oval:org.mitre.oval:def:9585",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9585"
},
{
"name" : "233321",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233321-1"
"name": "29239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29239"
},
{
"name" : "SUSE-SA:2008:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
"name": "29858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29858"
},
{
"name" : "TA08-066A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
"name": "TA08-066A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
},
{
"name" : "oval:org.mitre.oval:def:9585",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9585"
"name": "http://support.apple.com/kb/HT3178",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3178"
},
{
"name" : "ADV-2008-0770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0770/references"
"name": "29582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29582"
},
{
"name" : "ADV-2008-1856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1856/references"
"name": "ADV-2008-0770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0770/references"
},
{
"name" : "1019555",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019555"
"name": "30780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30780"
},
{
"name" : "29273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29273"
"name": "233321",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233321-1"
},
{
"name" : "29239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29239"
"name": "ADV-2008-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1856/references"
},
{
"name" : "29582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29582"
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
},
{
"name" : "29858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29858"
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name" : "30676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30676"
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name" : "30780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30780"
"name": "sun-jre-unspecified-priv-escalation(41138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41138"
},
{
"name" : "32018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32018"
"name": "RHSA-2008:0186",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
},
{
"name" : "java-virtualmachine-multiple-priv-escalation(41025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41025"
"name": "http://support.apple.com/kb/HT3179",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3179"
},
{
"name" : "sun-jre-unspecified-priv-escalation(41138)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41138"
"name": "29273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29273"
}
]
}

92
2008/3xxx/CVE-2008-3261.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3261",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3261",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
"lang": "eng",
"value": "Open redirect vulnerability in claroline/redirector.php in Claroline before 1.8.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080718 [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
"name": "20080718 [DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494539/100/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=613634",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=613634"
"name": "4020",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4020"
},
{
"name" : "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10",
"refsource" : "CONFIRM",
"url" : "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
"name": "30269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30269"
},
{
"name" : "30269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30269"
"name": "claroline-unknown-unspecified(43854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
},
{
"name" : "4020",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4020"
"name": "http://sourceforge.net/project/shownotes.php?release_id=613634",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=613634"
},
{
"name" : "claroline-unknown-unspecified(43854)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43854"
"name": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10",
"refsource": "CONFIRM",
"url": "http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10"
}
]
}

308
2008/3xxx/CVE-2008-3281.json
View File

@ -1,266 +1,266 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3281",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3281",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document."
"lang": "eng",
"value": "libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
"name": "USN-644-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/644-1/"
},
{
"name" : "[xml] 20080820 Security fix for libxml2",
"refsource" : "MLIST",
"url" : "http://mail.gnome.org/archives/xml/2008-August/msg00034.html"
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name" : "[Security-announce] 20081030 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2008/000039.html"
"name": "31855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31855"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource" : "MISC",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
"name": "1020728",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020728"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=458086",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=458086"
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772",
"refsource" : "CONFIRM",
"url" : "http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772"
"name": "FEDORA-2008-7395",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html"
},
{
"name" : "http://xmlsoft.org/news.html",
"refsource" : "CONFIRM",
"url" : "http://xmlsoft.org/news.html"
"name": "RHSA-2008:0836",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0836.html"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0325",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0325"
"name": "32807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32807"
},
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
"name": "ADV-2008-2971",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2971"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html",
"refsource": "MISC",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0017.html"
},
{
"name" : "DSA-1631",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1631"
"name": "ADV-2008-2843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2843"
},
{
"name" : "FEDORA-2008-7395",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00347.html"
"name": "http://xmlsoft.org/news.html",
"refsource": "CONFIRM",
"url": "http://xmlsoft.org/news.html"
},
{
"name" : "FEDORA-2008-7594",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html"
"name": "31590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31590"
},
{
"name" : "GLSA-200812-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200812-06.xml"
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "MDVSA-2008:180",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:180"
"name": "20081031 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497962/100/0/threaded"
},
{
"name" : "MDVSA-2008:192",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"
"name": "USN-640-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-640-1"
},
{
"name" : "RHSA-2008:0836",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2008-0836.html"
"name": "31728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31728"
},
{
"name" : "SUSE-SR:2008:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
"name": "GLSA-200812-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-06.xml"
},
{
"name" : "USN-640-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-640-1"
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "USN-644-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/644-1/"
"name": "32488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32488"
},
{
"name" : "30783",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30783"
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:6496",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496"
"name": "31566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31566"
},
{
"name" : "oval:org.mitre.oval:def:9812",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812"
"name": "30783",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30783"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0325",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0325"
},
{
"name" : "ADV-2008-2843",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2843"
"name": "oval:org.mitre.oval:def:6496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6496"
},
{
"name" : "ADV-2008-2971",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2971"
"name": "ADV-2008-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2419"
},
{
"name" : "ADV-2008-2419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2419"
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name" : "1020728",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020728"
"name": "MDVSA-2008:192",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:192"
},
{
"name" : "31728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31728"
"name": "32974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32974"
},
{
"name" : "31558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31558"
"name": "http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772",
"refsource": "CONFIRM",
"url": "http://svn.gnome.org/viewvc/libxml2?view=revision&revision=3772"
},
{
"name" : "31748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31748"
"name": "FEDORA-2008-7594",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00261.html"
},
{
"name" : "31590",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31590"
"name": "DSA-1631",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1631"
},
{
"name" : "31855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31855"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=458086",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=458086"
},
{
"name" : "32488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32488"
"name": "[xml] 20080820 Security fix for libxml2",
"refsource": "MLIST",
"url": "http://mail.gnome.org/archives/xml/2008-August/msg00034.html"
},
{
"name" : "31566",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31566"
"name": "oval:org.mitre.oval:def:9812",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9812"
},
{
"name" : "32807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32807"
"name": "MDVSA-2008:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:180"
},
{
"name" : "32974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32974"
"name": "31558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31558"
},
{
"name" : "31982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31982"
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
"name": "[Security-announce] 20081030 VMSA-2008-0017 Updated ESX packages for libxml2, ucd-snmp, libtiff",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000039.html"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
"name": "31748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31748"
}
]
}

86
2008/3xxx/CVE-2008-3747.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3747",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3747",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie."
"lang": "eng",
"value": "The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the network for a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20080819 wordpress 2.6.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/19/1"
"name": "http://trac.wordpress.org/ticket/7359",
"refsource": "CONFIRM",
"url": "http://trac.wordpress.org/ticket/7359"
},
{
"name" : "[oss-security] 20080820 Re: wordpress 2.6.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/08/20/3"
"name": "[oss-security] 20080820 Re: wordpress 2.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/20/3"
},
{
"name" : "http://trac.wordpress.org/ticket/7359",
"refsource" : "CONFIRM",
"url" : "http://trac.wordpress.org/ticket/7359"
"name": "wordpress-geteditpostlink-info-disclosure(44569)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44569"
},
{
"name" : "30750",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30750"
"name": "30750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30750"
},
{
"name" : "wordpress-geteditpostlink-info-disclosure(44569)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44569"
"name": "[oss-security] 20080819 wordpress 2.6.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/08/19/1"
}
]
}

110
2008/3xxx/CVE-2008-3936.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3936",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3936",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
"lang": "eng",
"value": "The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
"name": "dreambox-webinterface-dos(44788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
},
{
"name" : "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495837/100/0/threaded"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
"name": "1020784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020784"
},
{
"name" : "30919",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30919"
"name": "ADV-2008-2472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2472"
},
{
"name" : "ADV-2008-2472",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2472"
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3807"
},
{
"name" : "1020784",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020784"
"name": "31650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31650"
},
{
"name" : "31650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31650"
"name": "30919",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30919"
},
{
"name" : "4221",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4221"
"name": "4221",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4221"
},
{
"name" : "dreambox-webinterface-dos(44788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44788"
"name": "20080829 [scip_Advisory 3807] Dreambox DM500 webserver long URL request denial of service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064115.html"
}
]
}

104
2008/4xxx/CVE-2008-4259.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4259",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-4259",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka \"HTML Objects Memory Corruption Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 7 sometimes attempts to access uninitialized memory locations, which allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, related to a WebDAV request for a file with a long name, aka \"HTML Objects Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081209 ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499065/100/0/threaded"
"name": "ADV-2008-3385",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3385"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-087/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-087/"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-087",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-087"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-087",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-087"
"name": "oval:org.mitre.oval:def:5706",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5706"
},
{
"name" : "MS08-073",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073"
"name": "1021371",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021371"
},
{
"name" : "TA08-344A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name" : "oval:org.mitre.oval:def:5706",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5706"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-087/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-087/"
},
{
"name" : "ADV-2008-3385",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3385"
"name": "20081209 ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499065/100/0/threaded"
},
{
"name" : "1021371",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021371"
"name": "MS08-073",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-073"
}
]
}

22
2008/4xxx/CVE-2008-4286.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4286",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4286",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2008/4xxx/CVE-2008-4482.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4482",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4482",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
"lang": "eng",
"value": "The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during validation of an XML file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://issues.apache.org/jira/browse/XERCESC-1051",
"refsource" : "MISC",
"url" : "http://issues.apache.org/jira/browse/XERCESC-1051"
"name": "xerces-maxoccurs-dos(45596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
},
{
"name" : "http://xerces.apache.org/xerces-c/releases.html",
"refsource" : "CONFIRM",
"url" : "http://xerces.apache.org/xerces-c/releases.html"
"name": "31533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31533"
},
{
"name" : "31533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31533"
"name": "http://xerces.apache.org/xerces-c/releases.html",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/releases.html"
},
{
"name" : "32108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32108"
"name": "32108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32108"
},
{
"name" : "xerces-maxoccurs-dos(45596)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45596"
"name": "http://issues.apache.org/jira/browse/XERCESC-1051",
"refsource": "MISC",
"url": "http://issues.apache.org/jira/browse/XERCESC-1051"
}
]
}

74
2008/4xxx/CVE-2008-4909.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4909",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4909",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and earlier allows remote attackers to perform unauthorized actions as legitimate users via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://holisticinfosec.org/content/view/90/45/",
"refsource" : "MISC",
"url" : "http://holisticinfosec.org/content/view/90/45/"
"name": "32464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32464"
},
{
"name" : "32464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32464"
"name": "compactcms-unspecified-csrf(46198)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46198"
},
{
"name" : "compactcms-unspecified-csrf(46198)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46198"
"name": "http://holisticinfosec.org/content/view/90/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/90/45/"
}
]
}

74
2008/7xxx/CVE-2008-7172.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7172",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7172",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions."
"lang": "eng",
"value": "Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5873",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5873"
"name": "29848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29848"
},
{
"name" : "29848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29848"
"name": "5873",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5873"
},
{
"name" : "lnp-admin-security-bypass(43225)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43225"
"name": "lnp-admin-security-bypass(43225)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43225"
}
]
}

22
2013/2xxx/CVE-2013-2166.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2166",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2166",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/2xxx/CVE-2013-2288.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2288",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2288",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/2xxx/CVE-2013-2606.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2606",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2606",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/2xxx/CVE-2013-2679.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2679",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2679",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2013/3xxx/CVE-2013-3415.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3415",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3415",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737."
"lang": "eng",
"value": "Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) and 8.6.x before 8.6(1.3) does not properly manage memory upon an AnyConnect SSL VPN client disconnection, which allows remote attackers to cause a denial of service (memory consumption, and forwarding outage or system hang) via packets to the disconnected machine's IP address, aka Bug ID CSCtt36737."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131009 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa"
"name": "20131009 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131009-asa"
},
{
"name" : "20131213 AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3415"
"name": "20131213 AnyConnect SSL VPN Memory Exhaustion Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3415"
}
]
}

62
2013/3xxx/CVE-2013-3588.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3588",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3588",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets."
"lang": "eng",
"value": "The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#893726",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/893726"
"name": "VU#893726",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/893726"
}
]
}

68
2013/3xxx/CVE-2013-3595.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3595",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3595",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL."
"lang": "eng",
"value": "The OpenManage web application 2.5 build 1.19 on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote authenticated users to cause a denial of service (device reset) via a direct request to an unspecified OSPF URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#122582",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/122582"
"name": "VU#122582",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/122582"
},
{
"name" : "openmanage-cve20133595-dos(90597)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90597"
"name": "openmanage-cve20133595-dos(90597)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90597"
}
]
}

22
2013/6xxx/CVE-2013-6279.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6279",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6279",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2013/6xxx/CVE-2013-6699.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6699",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6699",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880."
"lang": "eng",
"value": "The Control and Provisioning of Wireless Access Points (CAPWAP) protocol implementation on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service via a crafted CAPWAP packet that triggers a buffer over-read, aka Bug ID CSCuh81880."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131121 Cisco Wireless LAN Controller Buffer Overread Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
"name": "20131121 Cisco Wireless LAN Controller Buffer Overread Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6699"
}
]
}

116
2013/6xxx/CVE-2013-6735.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6735",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6735",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
"lang": "eng",
"value": "IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
"name": "56161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56161"
},
{
"name" : "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
"name": "20131227 SEC Consult SA-20131227-0 :: IBM Web Content Manager (WCM) XPath Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/530552/100/0/threaded"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660289",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
"name": "64496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64496"
},
{
"name" : "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735",
"refsource" : "CONFIRM",
"url" : "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
"name": "ibm-wsportal-cve20136735-jcr(89591)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
},
{
"name" : "PI07777",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
"name": "101255",
"refsource": "OSVDB",
"url": "http://osvdb.org/101255"
},
{
"name" : "64496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64496"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660289"
},
{
"name" : "101255",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101255"
"name": "PI07777",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777"
},
{
"name" : "1029539",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029539"
"name": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735",
"refsource": "CONFIRM",
"url": "https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735"
},
{
"name" : "56161",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56161"
"name": "1029539",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029539"
},
{
"name" : "ibm-wsportal-cve20136735-jcr(89591)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89591"
"name": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html"
}
]
}

74
2013/6xxx/CVE-2013-6819.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6819",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6819",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/"
"name": "https://service.sap.com/sap/support/notes/1784894",
"refsource": "CONFIRM",
"url": "https://service.sap.com/sap/support/notes/1784894"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
"name": "https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/dsecrg-13-006-sap-netweaver-performance-provider-xss/"
},
{
"name" : "https://service.sap.com/sap/support/notes/1784894",
"refsource" : "CONFIRM",
"url" : "https://service.sap.com/sap/support/notes/1784894"
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
}
]
}

22
2013/7xxx/CVE-2013-7185.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7185",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7185",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

76
2017/10xxx/CVE-2017-10055.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "iPlanet Web Server",
"version" : {
"version_data" : [
"product_name": "iPlanet Web Server",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "7.0"
"version_affected": "=",
"version_value": "7.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "101374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101374"
},
{
"name" : "101374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101374"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039605",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039605"
"name": "1039605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039605"
}
]
}

68
2017/10xxx/CVE-2017-10846.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10846",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10846",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Wi-Fi STATION L-02F",
"version" : {
"version_data" : [
"product_name": "Wi-Fi STATION L-02F",
"version": {
"version_data": [
{
"version_value" : "Software version V10g and earlier"
"version_value": "Software version V10g and earlier"
}
]
}
}
]
},
"vendor_name" : "NTT DOCOMO, INC."
"vendor_name": "NTT DOCOMO, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
"lang": "eng",
"value": "Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Fails to restrict access"
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource" : "MISC",
"url" : "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
"name": "JVN#03044183",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN03044183/index.html"
},
{
"name" : "JVN#03044183",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN03044183/index.html"
"name": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html",
"refsource": "MISC",
"url": "https://www.nttdocomo.co.jp/info/notice/page/170710_01_m.html"
}
]
}

68
2017/14xxx/CVE-2017-14348.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14348",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14348",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file."
"lang": "eng",
"value": "LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/LibRaw/LibRaw/issues/100",
"refsource" : "CONFIRM",
"url" : "https://github.com/LibRaw/LibRaw/issues/100"
"name": "https://github.com/LibRaw/LibRaw/issues/100",
"refsource": "CONFIRM",
"url": "https://github.com/LibRaw/LibRaw/issues/100"
},
{
"name" : "100866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100866"
"name": "100866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100866"
}
]
}

74
2017/14xxx/CVE-2017-14349.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"ID" : "CVE-2017-14349",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2017-14349",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data."
"lang": "eng",
"value": "An authentication vulnerability in HPE SiteScope product versions 11.2x and 11.3x, allows read-only accounts to view all SiteScope interfaces and monitors, potentially exposing sensitive data."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://softwaresupport.hpe.com/km/KM02948051",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.hpe.com/km/KM02948051"
"name": "ESB-2017.2414",
"refsource": "AUSCERT",
"url": "https://www.auscert.org.au/bulletins/52758"
},
{
"name" : "ESB-2017.2414",
"refsource" : "AUSCERT",
"url" : "https://www.auscert.org.au/bulletins/52758"
"name": "https://softwaresupport.hpe.com/km/KM02948051",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02948051"
},
{
"name" : "100989",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100989"
"name": "100989",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100989"
}
]
}

62
2017/14xxx/CVE-2017-14858.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14858",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14858",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack."
"lang": "eng",
"value": "There is a heap-based buffer overflow in the Exiv2::l2Data function of types.cpp in Exiv2 0.26. A Crafted input will lead to a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494782",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1494782"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494782"
}
]
}

62
2017/15xxx/CVE-2017-15876.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15876",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15876",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell."
"lang": "eng",
"value": "Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel",
"refsource" : "MISC",
"url" : "https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel"
"name": "https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel",
"refsource": "MISC",
"url": "https://www.augustopereira.com.br/blog/seguranca-gpweb-8-4-61-multiplas-falhas-sqli-manipulacao-de-privilegios-uploads-sem-restricoes-exposicao-de-informacao-sensivel"
}
]
}

62
2017/15xxx/CVE-2017-15990.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15990",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15990",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/."
"lang": "eng",
"value": "Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43069",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43069/"
"name": "43069",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43069/"
}
]
}

22
2017/17xxx/CVE-2017-17208.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17208",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-17208",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

62
2017/17xxx/CVE-2017-17497.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17497",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17497",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the \"children of the head\" processing feature is modified in the loop without validating the new value."
"lang": "eng",
"value": "In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows attackers to cause a denial of service (Segmentation Fault), because the currentNode variable in the \"children of the head\" processing feature is modified in the loop without validating the new value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/htacg/tidy-html5/issues/656",
"refsource" : "CONFIRM",
"url" : "https://github.com/htacg/tidy-html5/issues/656"
"name": "https://github.com/htacg/tidy-html5/issues/656",
"refsource": "CONFIRM",
"url": "https://github.com/htacg/tidy-html5/issues/656"
}
]
}

86
2017/17xxx/CVE-2017-17787.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17787",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17787",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c."
"lang": "eng",
"value": "In GIMP 2.8.22, there is a heap-based buffer over-read in read_creator_block in plug-ins/common/file-psp.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
"name": "DSA-4077",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4077"
},
{
"name" : "http://www.openwall.com/lists/oss-security/2017/12/19/5",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/12/19/5"
"name": "USN-3539-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3539-1/"
},
{
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=790853",
"refsource" : "MISC",
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=790853"
"name": "http://www.openwall.com/lists/oss-security/2017/12/19/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/12/19/5"
},
{
"name" : "DSA-4077",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4077"
"name": "[debian-lts-announce] 20171223 [SECURITY] [DLA 1220-1] gimp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00023.html"
},
{
"name" : "USN-3539-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3539-1/"
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=790853",
"refsource": "MISC",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=790853"
}
]
}

68
2017/9xxx/CVE-2017-9296.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9296",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9296",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites."
"lang": "eng",
"value": "Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/"
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2017-114/"
},
{
"name" : "98774",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98774"
"name": "98774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98774"
}
]
}

62
2017/9xxx/CVE-2017-9475.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9475",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9475",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address."
"lang": "eng",
"value": "Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to spoof the identities of Comcast customers via a forged MAC address."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-17.public-wifi-theft-impersonation.txt",
"refsource" : "MISC",
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-17.public-wifi-theft-impersonation.txt"
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-17.public-wifi-theft-impersonation.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-17.public-wifi-theft-impersonation.txt"
}
]
}

68
2017/9xxx/CVE-2017-9614.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9614",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9614",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file."
"lang": "eng",
"value": "The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42391",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42391/"
"name": "http://seclists.org/fulldisclosure/2017/Jul/66",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/66"
},
{
"name" : "http://seclists.org/fulldisclosure/2017/Jul/66",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jul/66"
"name": "42391",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42391/"
}
]
}

68
2017/9xxx/CVE-2017-9628.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-9628",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9628",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Saia Burgess Controls PCD Controllers",
"version" : {
"version_data" : [
"product_name": "Saia Burgess Controls PCD Controllers",
"version": {
"version_data": [
{
"version_value" : "Saia Burgess Controls PCD Controllers"
"version_value": "Saia Burgess Controls PCD Controllers"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents."
"lang": "eng",
"value": "An Information Exposure issue was discovered in Saia Burgess Controls PCD Controllers with PCD firmware versions prior to 1.28.16 or 1.24.69. In certain circumstances, the device pads Ethernet frames with memory contents."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-200"
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-234-05"
},
{
"name" : "100949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100949"
"name": "100949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100949"
}
]
}

76
2017/9xxx/CVE-2017-9968.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-02-12T00:00:00",
"ID" : "CVE-2017-9968",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-02-12T00:00:00",
"ID": "CVE-2017-9968",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack."
"lang": "eng",
"value": "A security misconfiguration vulnerability exists in Schneider Electric's IGSS Mobile application versions 3.01 and prior in which a lack of certificate pinning during the TLS/SSL connection establishing process can result in a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-039-02/"
"name": "103048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103048"
},
{
"name" : "103048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103048"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-046-03"
}
]
}

68
2018/0xxx/CVE-2018-0260.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0260",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0260",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco MATE Live",
"version" : {
"version_data" : [
"product_name": "Cisco MATE Live",
"version": {
"version_data": [
{
"version_value" : "Cisco MATE Live"
"version_value": "Cisco MATE Live"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272."
"lang": "eng",
"value": "A vulnerability in the web interface of Cisco MATE Live could allow an unauthenticated, remote attacker to view and download the contents of certain web application virtual directories. The vulnerability is due to lack of proper input validation and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the targeted application. An exploit could allow the attacker to view sensitive information that should require authentication. Cisco Bug IDs: CSCvh31272."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE1"
},
{
"name" : "103946",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103946"
"name": "103946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103946"
}
]
}

102
2018/0xxx/CVE-2018-0420.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-17T16:00:00-0500",
"ID" : "CVE-2018-0420",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Wireless LAN Controller Software Directory Traversal Vulnerability"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-17T16:00:00-0500",
"ID": "CVE-2018-0420",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software Directory Traversal Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Wireless LAN Controller (WLC) ",
"version" : {
"version_data" : [
"product_name": "Cisco Wireless LAN Controller (WLC) ",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
"vendor_name": "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."
"lang": "eng",
"value": "A vulnerability in the web-based interface of Cisco Wireless LAN Controller Software could allow an authenticated, remote attacker to view sensitive information. The issue is due to improper sanitization of user-supplied input in HTTP request parameters that describe filenames and pathnames. An attacker could exploit this vulnerability by using directory traversal techniques to submit a path to a desired file location. A successful exploit could allow the attacker to view system files on the targeted device, which may contain sensitive information."
}
]
},
"exploit" : [
"exploit": [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "6.5",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ",
"version" : "3.0"
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N ",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-22"
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20181017 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal"
"name": "105671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105671"
},
{
"name" : "105671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105671"
"name": "20181017 Cisco Wireless LAN Controller Software Directory Traversal Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-traversal"
},
{
"name" : "1041926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041926"
"name": "1041926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041926"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181017-wlc-traversal",
"defect" : [
"source": {
"advisory": "cisco-sa-20181017-wlc-traversal",
"defect": [
[
"CSCvf66723"
]
],
"discovery" : "INTERNAL"
"discovery": "INTERNAL"
}
}

94
2018/0xxx/CVE-2018-0480.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-26T16:00:00-0500",
"ID" : "CVE-2018-0480",
"STATE" : "PUBLIC",
"TITLE" : "Cisco IOS XE Software Errdisable Denial of Service Vulnerability"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-0480",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE Software Errdisable Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco IOS XE Software",
"version" : {
"version_data" : [
"product_name": "Cisco IOS XE Software",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
"vendor_name": "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition."
"lang": "eng",
"value": "A vulnerability in the errdisable per VLAN feature of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause the device to crash, leading to a denial of service (DoS) condition. The vulnerability is due to a race condition that occurs when the VLAN and port enter an errdisabled state, resulting in an incorrect state in the software. An attacker could exploit this vulnerability by sending frames that trigger the errdisable condition. A successful exploit could allow the attacker to cause the affected device to crash, leading to a DoS condition."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "7.4",
"version" : "3.0"
"impact": {
"cvss": {
"baseScore": "7.4",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-362"
"lang": "eng",
"value": "CWE-362"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180926 Cisco IOS XE Software Errdisable Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
"name": "20180926 Cisco IOS XE Software Errdisable Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-errdisable"
},
{
"name" : "105400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105400"
"name": "105400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105400"
},
{
"name" : "1041737",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041737"
"name": "1041737",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041737"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180926-errdisable",
"defect" : [
"source": {
"advisory": "cisco-sa-20180926-errdisable",
"defect": [
[
"CSCvh13611"
]
],
"discovery" : "UNKNOWN"
"discovery": "UNKNOWN"
}
}

144
2018/1000xxx/CVE-2018-1000026.json
View File

@ -1,128 +1,128 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "1/18/2018 7:01:42",
"ID" : "CVE-2018-1000026",
"REQUESTER" : "dja@axtens.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "1/18/2018 7:01:42",
"ID": "CVE-2018-1000026",
"REQUESTER": "dja@axtens.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Linux kernel",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "at least v4.8 onwards, probably well before"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Linux"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
"lang": "eng",
"value": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Insufficient input validation"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
"refsource" : "MLIST",
"url" : "http://lists.openwall.net/netdev/2018/01/16/40"
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
"refsource" : "MLIST",
"url" : "http://lists.openwall.net/netdev/2018/01/18/96"
"name": "USN-3617-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name" : "https://patchwork.ozlabs.org/patch/859410/",
"refsource" : "MISC",
"url" : "https://patchwork.ozlabs.org/patch/859410/"
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
"name": "USN-3617-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
"name": "USN-3632-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
"name": "USN-3620-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3620-2/"
},
{
"name" : "USN-3617-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-1/"
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "USN-3617-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-2/"
"name": "https://patchwork.ozlabs.org/patch/859410/",
"refsource": "MISC",
"url": "https://patchwork.ozlabs.org/patch/859410/"
},
{
"name" : "USN-3617-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3617-3/"
"name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
"refsource": "MLIST",
"url": "http://lists.openwall.net/netdev/2018/01/16/40"
},
{
"name" : "USN-3619-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-1/"
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name" : "USN-3620-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3620-1/"
"name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
"refsource": "MLIST",
"url": "http://lists.openwall.net/netdev/2018/01/18/96"
},
{
"name" : "USN-3620-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3620-2/"
"name": "USN-3620-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3620-1/"
},
{
"name" : "USN-3619-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3619-2/"
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "USN-3632-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3632-1/"
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
}
]
}

68
2018/1000xxx/CVE-2018-1000184.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-05T12:46:01.940841",
"DATE_REQUESTED" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-1000184",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-05T12:46:01.940841",
"DATE_REQUESTED": "2018-06-05T00:00:00",
"ID": "CVE-2018-1000184",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Jenkins GitHub Plugin",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "1.29.0 and older"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
"lang": "eng",
"value": "A server-side request forgery vulnerability exists in Jenkins GitHub Plugin 1.29.0 and older in GitHubPluginConfig.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-441, CWE-918"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"
"name": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-06-04/#SECURITY-799"
}
]
}

74
2018/1000xxx/CVE-2018-1000558.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-06-23T11:22:33.086803",
"DATE_REQUESTED" : "2018-04-09T15:53:11",
"ID" : "CVE-2018-1000558",
"REQUESTER" : "sbieber@secuvera.de",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-06-23T11:22:33.086803",
"DATE_REQUESTED": "2018-04-09T15:53:11",
"ID": "CVE-2018-1000558",
"REQUESTER": "sbieber@secuvera.de",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ocsreports 2.4 and ocsreports 2.3.1",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "2.4 and 2.3.1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "OCS Inventory NG"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1."
"lang": "eng",
"value": "OCS Inventory NG ocsreports 2.4 and ocsreports 2.3.1 version 2.4 and 2.3.1 contains a SQL Injection vulnerability in web search that can result in An authenticated attacker is able to gain full access to data stored within database. This attack appear to be exploitable via By sending crafted requests it is possible to gain database access. This vulnerability appears to have been fixed in 2.4.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "SQL Injection"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/",
"refsource" : "MISC",
"url" : "https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/"
"name": "https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/",
"refsource": "MISC",
"url": "https://www.ocsinventory-ng.org/en/ocs-inventory-server-2-4-1-has-been-released/"
},
{
"name" : "https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt",
"refsource" : "MISC",
"url" : "https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt"
"name": "https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt",
"refsource": "MISC",
"url": "https://www.secuvera.de/advisories/secuvera-SA-2017-04.txt"
}
]
}

22
2018/16xxx/CVE-2018-16103.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16103",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-16103",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}

22
2018/16xxx/CVE-2018-16211.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16211",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16211",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/19xxx/CVE-2018-19030.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19030",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19030",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/19xxx/CVE-2018-19427.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19427",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19427",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/19xxx/CVE-2018-19501.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19501",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19501",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/19xxx/CVE-2018-19792.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19792",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19792",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function."
"lang": "eng",
"value": "The server in LiteSpeed OpenLiteSpeed before 1.5.0 RC6 allows local users to cause a denial of service (buffer overflow) or possibly have unspecified other impact by creating a symlink through which the openlitespeed program can be invoked with a long command name (involving ../ characters), which is mishandled in the LshttpdMain::getServerRootFromExecutablePath function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/litespeedtech/openlitespeed/issues/117",
"refsource" : "MISC",
"url" : "https://github.com/litespeedtech/openlitespeed/issues/117"
"name": "https://github.com/litespeedtech/openlitespeed/issues/117",
"refsource": "MISC",
"url": "https://github.com/litespeedtech/openlitespeed/issues/117"
}
]
}

68
2018/19xxx/CVE-2018-19914.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19914",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19914",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field."
"lang": "eng",
"value": "DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "46375",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46375/"
"name": "https://github.com/domainmod/domainmod/issues/87",
"refsource": "MISC",
"url": "https://github.com/domainmod/domainmod/issues/87"
},
{
"name" : "https://github.com/domainmod/domainmod/issues/87",
"refsource" : "MISC",
"url" : "https://github.com/domainmod/domainmod/issues/87"
"name": "46375",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46375/"
}
]
}

22
2018/19xxx/CVE-2018-19951.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19951",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19951",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

116
2018/1xxx/CVE-2018-1654.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-06T00:00:00",
"ID" : "CVE-2018-1654",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-06T00:00:00",
"ID": "CVE-2018-1654",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Curam Social Program Management",
"version" : {
"version_data" : [
"product_name": "Curam Social Program Management",
"version": {
"version_data": [
{
"version_value" : "6.0.5"
"version_value": "6.0.5"
},
{
"version_value" : "6.1.1"
"version_value": "6.1.1"
},
{
"version_value" : "6.2.0"
"version_value": "6.2.0"
},
{
"version_value" : "7.0.1"
"version_value": "7.0.1"
},
{
"version_value" : "7.0.3"
"version_value": "7.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747."
"lang": "eng",
"value": "IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 144747."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "H",
"PR" : "L",
"S" : "C",
"SCORE" : "6.800",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "L",
"S": "C",
"SCORE": "6.800",
"UI": "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Gain Access"
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10739027",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
"name": "ibm-curam-cve20181654-open-redirect(144747)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
},
{
"name" : "106187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106187"
"name": "106187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106187"
},
{
"name" : "ibm-curam-cve20181654-open-redirect(144747)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144747"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10739027",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10739027"
}
]
}

22
2018/1xxx/CVE-2018-1726.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1726",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1726",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4311.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4311",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4311",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4735.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4735",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4735",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/4xxx/CVE-2018-4895.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4895",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4895",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code."
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. The vulnerability is caused by the computation that writes data past the end of the intended buffer; the computation is part of the image conversion engine when processing Enhanced Metafile Format Plus (EMF+) data. An attacker can potentially leverage the vulnerability to corrupt sensitive data or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Out-of-bounds write"
"lang": "eng",
"value": "Out-of-bounds write"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name" : "102994",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102994"
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
},
{
"name" : "1040364",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040364"
"name": "102994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102994"
}
]
}