admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:38:04 +00:00
parent beb1cf38d1
commit 0623a0a9d2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
65 changed files with 4106 additions and 4106 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

760
2008/0xxx/CVE-2008-0412.json
View File

@ -1,382 +1,382 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080209 rPSA-2008-0051-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
},
{
"name" : "20080212 FLEA-2008-0001-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
},
{
"name" : "20080229 rPSA-2008-0093-1 thunderbird",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-01.html"
},
{
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
},
{
"name" : "http://browser.netscape.com/releasenotes/",
"refsource" : "CONFIRM",
"url" : "http://browser.netscape.com/releasenotes/"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1995",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1995"
},
{
"name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
},
{
"name" : "DSA-1484",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1484"
},
{
"name" : "DSA-1485",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1485"
},
{
"name" : "DSA-1489",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1489"
},
{
"name" : "DSA-1506",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1506"
},
{
"name" : "FEDORA-2008-1435",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
},
{
"name" : "FEDORA-2008-1459",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
},
{
"name" : "FEDORA-2008-1535",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
},
{
"name" : "FEDORA-2008-2060",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
},
{
"name" : "FEDORA-2008-2118",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
},
{
"name" : "GLSA-200805-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name" : "MDVSA-2008:048",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
},
{
"name" : "MDVSA-2008:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
},
{
"name" : "RHSA-2008:0103",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
},
{
"name" : "RHSA-2008:0104",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
},
{
"name" : "RHSA-2008:0105",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
},
{
"name" : "SSA:2008-061-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
},
{
"name" : "239546",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
},
{
"name" : "238492",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name" : "SUSE-SA:2008:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
},
{
"name" : "USN-576-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-576-1"
},
{
"name" : "USN-582-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-582-1"
},
{
"name" : "USN-582-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-582-2"
},
{
"name" : "27683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27683"
},
{
"name" : "oval:org.mitre.oval:def:10573",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10573"
},
{
"name" : "ADV-2008-0453",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0453/references"
},
{
"name" : "ADV-2008-0454",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0454/references"
},
{
"name" : "ADV-2008-0627",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0627/references"
},
{
"name" : "ADV-2008-2091",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2091/references"
},
{
"name" : "ADV-2008-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name" : "1019320",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019320"
},
{
"name" : "28818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28818"
},
{
"name" : "28754",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28754"
},
{
"name" : "28758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28758"
},
{
"name" : "28766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28766"
},
{
"name" : "28808",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28808"
},
{
"name" : "28815",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28815"
},
{
"name" : "28839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28839"
},
{
"name" : "28864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28864"
},
{
"name" : "28865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28865"
},
{
"name" : "28877",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28877"
},
{
"name" : "28879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28879"
},
{
"name" : "28924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28924"
},
{
"name" : "28939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28939"
},
{
"name" : "28958",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28958"
},
{
"name" : "29049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29049"
},
{
"name" : "29086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29086"
},
{
"name" : "29167",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29167"
},
{
"name" : "29098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29098"
},
{
"name" : "29164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29164"
},
{
"name" : "29211",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29211"
},
{
"name" : "29567",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29567"
},
{
"name" : "30327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30327"
},
{
"name" : "31043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31043"
},
{
"name" : "30620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to cause a denial of service (crash) and possibly trigger memory corruption via vectors related to the (1) nsTableFrame::GetFrameAtOrBefore, (2) nsAccessibilityService::GetAccessible, (3) nsBindingManager::GetNestedInsertionPoint, (4) nsXBLPrototypeBinding::AttributeChanged, (5) nsColumnSetFrame::GetContentInsertionFrame, and (6) nsLineLayout::TrimTrailingWhiteSpaceIn methods, and other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2008:0104",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
},
{
"name": "USN-582-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-582-2"
},
{
"name": "USN-576-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-576-1"
},
{
"name": "http://browser.netscape.com/releasenotes/",
"refsource": "CONFIRM",
"url": "http://browser.netscape.com/releasenotes/"
},
{
"name": "28939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28939"
},
{
"name": "DSA-1506",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1506"
},
{
"name": "SSA:2008-061-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
},
{
"name": "https://issues.rpath.com/browse/RPL-1995",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1995"
},
{
"name": "FEDORA-2008-2118",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
},
{
"name": "FEDORA-2008-2060",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
},
{
"name": "28766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28766"
},
{
"name": "28818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28818"
},
{
"name": "30620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30620"
},
{
"name": "28865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28865"
},
{
"name": "29049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29049"
},
{
"name": "ADV-2008-0453",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0453/references"
},
{
"name": "RHSA-2008:0103",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
},
{
"name": "28877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28877"
},
{
"name": "28879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28879"
},
{
"name": "USN-582-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-582-1"
},
{
"name": "29167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29167"
},
{
"name": "29567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29567"
},
{
"name": "RHSA-2008:0105",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
},
{
"name": "28958",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28958"
},
{
"name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
},
{
"name": "30327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30327"
},
{
"name": "238492",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name": "20080229 rPSA-2008-0093-1 thunderbird",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
},
{
"name": "DSA-1489",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1489"
},
{
"name": "20080212 FLEA-2008-0001-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
},
{
"name": "20080209 rPSA-2008-0051-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
},
{
"name": "29086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29086"
},
{
"name": "28815",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28815"
},
{
"name": "ADV-2008-0454",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0454/references"
},
{
"name": "239546",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
},
{
"name": "28864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28864"
},
{
"name": "DSA-1485",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1485"
},
{
"name": "28924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28924"
},
{
"name": "27683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27683"
},
{
"name": "ADV-2008-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name": "1019320",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019320"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-01.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-01.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
},
{
"name": "ADV-2008-2091",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2091/references"
},
{
"name": "SUSE-SA:2008:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290"
},
{
"name": "FEDORA-2008-1459",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
},
{
"name": "29164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29164"
},
{
"name": "29211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29211"
},
{
"name": "FEDORA-2008-1535",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
},
{
"name": "MDVSA-2008:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
},
{
"name": "DSA-1484",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1484"
},
{
"name": "28808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28808"
},
{
"name": "ADV-2008-0627",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0627/references"
},
{
"name": "GLSA-200805-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name": "oval:org.mitre.oval:def:10573",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10573"
},
{
"name": "28754",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28754"
},
{
"name": "28758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28758"
},
{
"name": "FEDORA-2008-1435",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
},
{
"name": "MDVSA-2008:048",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
},
{
"name": "31043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31043"
},
{
"name": "29098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29098"
},
{
"name": "28839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28839"
}
]
}
}

140
2008/0xxx/CVE-2008-0521.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5001",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5001"
},
{
"name" : "27482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27482"
},
{
"name" : "bubbling-dispatcher-directory-traversal(40008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Bubbling Library 1.32 allow remote attackers to read arbitrary files via a .. (dot dot) in the uri parameter to dispatcher.php in (1) examples/dispatcher/framework/, (2) examples/dispatcher/, (3) examples/wizard/, and (4) PHP/, different vectors than CVE-2008-0545."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bubbling-dispatcher-directory-traversal(40008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40008"
},
{
"name": "5001",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5001"
},
{
"name": "27482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27482"
}
]
}
}

150
2008/0xxx/CVE-2008-0565.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5021",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5021"
},
{
"name" : "27530",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27530"
},
{
"name" : "40840",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40840"
},
{
"name" : "28727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27530",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27530"
},
{
"name": "5021",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5021"
},
{
"name": "40840",
"refsource": "OSVDB",
"url": "http://osvdb.org/40840"
},
{
"name": "28727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28727"
}
]
}
}

150
2008/0xxx/CVE-2008-0682.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5039",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5039"
},
{
"name" : "http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/",
"refsource" : "CONFIRM",
"url" : "http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/"
},
{
"name" : "27583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27583"
},
{
"name" : "28767",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28767"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin before 3.72 for Wordpress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5039"
},
{
"name": "http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/",
"refsource": "CONFIRM",
"url": "http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/"
},
{
"name": "27583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27583"
},
{
"name": "28767",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28767"
}
]
}
}

170
2008/0xxx/CVE-2008-0706.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0706",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0706",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBGN02319",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120672270224094&w=2"
},
{
"name" : "SSRT080027",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=120672270224094&w=2"
},
{
"name" : "28495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28495"
},
{
"name" : "ADV-2008-1043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1043/references"
},
{
"name" : "1019730",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019730"
},
{
"name" : "compaq-pcbios-security-bypass(41521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BIOS F.26 and earlier for the HP Compaq Notebook PC allows physically proximate attackers to obtain privileged access via unspecified vectors, possibly involving an authentication bypass of the power-on password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28495"
},
{
"name": "HPSBGN02319",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120672270224094&w=2"
},
{
"name": "1019730",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019730"
},
{
"name": "SSRT080027",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=120672270224094&w=2"
},
{
"name": "ADV-2008-1043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1043/references"
},
{
"name": "compaq-pcbios-security-bypass(41521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41521"
}
]
}
}

190
2008/1xxx/CVE-2008-1028.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2008-05-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name" : "TA08-150A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name" : "29412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29412"
},
{
"name" : "29487",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29487"
},
{
"name" : "ADV-2008-1697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name" : "1020131",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020131"
},
{
"name" : "30430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30430"
},
{
"name" : "macosx-appkit-code-execution(42705)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42705"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020131",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020131"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "macosx-appkit-code-execution(42705)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42705"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "29487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29487"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29412"
}
]
}
}

190
2008/1xxx/CVE-2008-1708.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080326 Multiple vulnerabilities in solidDB 06.00.1018",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490129/100/0/threaded"
},
{
"name" : "http://aluigi.altervista.org/adv/soliduro-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/soliduro-adv.txt"
},
{
"name" : "http://aluigi.org/poc/soliduro.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/soliduro.zip"
},
{
"name" : "28468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28468"
},
{
"name" : "29512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29512"
},
{
"name" : "ADV-2008-1038",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1038"
},
{
"name" : "1019721",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019721"
},
{
"name" : "ibm-soliddb-memory-dos(41488)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41488"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM solidDB 06.00.1018 and earlier does not validate a certain field that specifies an amount of memory to allocate, which allows remote attackers to cause a denial of service (daemon exit) via a packet with a large value in this field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/poc/soliduro.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/soliduro.zip"
},
{
"name": "29512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29512"
},
{
"name": "1019721",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019721"
},
{
"name": "ibm-soliddb-memory-dos(41488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41488"
},
{
"name": "28468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28468"
},
{
"name": "20080326 Multiple vulnerabilities in solidDB 06.00.1018",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490129/100/0/threaded"
},
{
"name": "http://aluigi.altervista.org/adv/soliduro-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/soliduro-adv.txt"
},
{
"name": "ADV-2008-1038",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1038"
}
]
}
}

210
2008/1xxx/CVE-2008-1812.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name" : "HPSBMA02133",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name" : "SSRT061201",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name" : "ADV-2008-1233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"name" : "ADV-2008-1267",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"name" : "1019855",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019855"
},
{
"name" : "29874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29874"
},
{
"name" : "29829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29829"
},
{
"name" : "oracle-enterprise-manager-unspecified(41989)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41989"
},
{
"name" : "oracle-cpu-april-2008(41858)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-enterprise-manager-unspecified(41989)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41989"
},
{
"name": "oracle-cpu-april-2008(41858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
},
{
"name": "ADV-2008-1267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1267/references"
},
{
"name": "ADV-2008-1233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1233/references"
},
{
"name": "1019855",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019855"
},
{
"name": "29829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29829"
},
{
"name": "HPSBMA02133",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
},
{
"name": "29874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29874"
},
{
"name": "SSRT061201",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}
]
}
}

160
2008/1xxx/CVE-2008-1976.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/250344",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/250344"
},
{
"name" : "28916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28916"
},
{
"name" : "ADV-2008-1352",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1352/references"
},
{
"name" : "29961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29961"
},
{
"name" : "internationalization-localizer-xss(41977)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1352",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1352/references"
},
{
"name": "internationalization-localizer-xss(41977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41977"
},
{
"name": "http://drupal.org/node/250344",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/250344"
},
{
"name": "28916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28916"
},
{
"name": "29961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29961"
}
]
}
}

170
2008/4xxx/CVE-2008-4358.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/",
"refsource" : "CONFIRM",
"url" : "http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954"
},
{
"name" : "http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359",
"refsource" : "CONFIRM",
"url" : "http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359"
},
{
"name" : "31185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31185"
},
{
"name" : "31796",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31796"
},
{
"name" : "spaweditor-themeclass-unspecified(45104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "spaweditor-themeclass-unspecified(45104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45104"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=625333&group_id=77954"
},
{
"name": "http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359",
"refsource": "CONFIRM",
"url": "http://spaw.svn.sourceforge.net/viewvc/spaw/spaw2/trunk/class/theme.class.php?r1=151&r2=359"
},
{
"name": "31185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31185"
},
{
"name": "31796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31796"
},
{
"name": "http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/",
"refsource": "CONFIRM",
"url": "http://blog.solmetra.com/2008/09/10/spaw-editor-php-edition-hotfix-release/"
}
]
}
}

150
2008/4xxx/CVE-2008-4617.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5337",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5337"
},
{
"name" : "28565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28565"
},
{
"name" : "4437",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4437"
},
{
"name" : "actualite-index-sql-injection(41579)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41579"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "actualite-index-sql-injection(41579)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41579"
},
{
"name": "28565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28565"
},
{
"name": "4437",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4437"
},
{
"name": "5337",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5337"
}
]
}
}

140
2008/4xxx/CVE-2008-4871.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080212 my little forum XSS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487987/100/200/threaded"
},
{
"name" : "27746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27746"
},
{
"name" : "4533",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080212 my little forum XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487987/100/200/threaded"
},
{
"name": "27746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27746"
},
{
"name": "4533",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4533"
}
]
}
}

430
2008/5xxx/CVE-2008-5339.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5339",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid="
},
{
"name" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf",
"refsource" : "CONFIRM",
"url" : "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "HPSBUX02411",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
},
{
"name" : "SSRT080111",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
},
{
"name" : "HPSBMA02486",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
},
{
"name" : "SSRT090049",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
},
{
"name" : "RHSA-2008:1018",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
},
{
"name" : "RHSA-2008:1025",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
},
{
"name" : "RHSA-2009:0015",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0015.html"
},
{
"name" : "RHSA-2009:0016",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
},
{
"name" : "RHSA-2009:0445",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0445.html"
},
{
"name" : "244988",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1"
},
{
"name" : "SUSE-SA:2009:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html"
},
{
"name" : "SUSE-SA:2009:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "TA08-340A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
},
{
"name" : "oval:org.mitre.oval:def:6409",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6409"
},
{
"name" : "34233",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34233"
},
{
"name" : "34605",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34605"
},
{
"name" : "34889",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34889"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "38539",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38539"
},
{
"name" : "ADV-2008-3339",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3339"
},
{
"name" : "32991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32991"
},
{
"name" : "33015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33015"
},
{
"name" : "33710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33710"
},
{
"name" : "33528",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33528"
},
{
"name" : "ADV-2009-0672",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0672"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to perform network connections to unauthorized hosts via unknown vectors, aka CR 6727079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT090049",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
},
{
"name": "SUSE-SA:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00004.html"
},
{
"name": "oval:org.mitre.oval:def:6409",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6409"
},
{
"name": "ADV-2009-0672",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0672"
},
{
"name": "RHSA-2008:1018",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-1018.html"
},
{
"name": "33015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33015"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-012.htm"
},
{
"name": "34889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34889"
},
{
"name": "34233",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34233"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf",
"refsource": "CONFIRM",
"url": "http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2009/03/024431-01.pdf"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-486.htm"
},
{
"name": "SUSE-SA:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00009.html"
},
{
"name": "SSRT080111",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
},
{
"name": "38539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38539"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "33528",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33528"
},
{
"name": "RHSA-2008:1025",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-1025.html"
},
{
"name": "HPSBMA02486",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126583436323697&w=2"
},
{
"name": "ADV-2008-3339",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3339"
},
{
"name": "HPSBUX02411",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123678756409861&w=2"
},
{
"name": "RHSA-2009:0445",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0445.html"
},
{
"name": "RHSA-2009:0016",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0016.html"
},
{
"name": "TA08-340A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-340A.html"
},
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=829914&poid="
},
{
"name": "34605",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34605"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "RHSA-2009:0015",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0015.html"
},
{
"name": "32991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32991"
},
{
"name": "244988",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-244988-1"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "33710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33710"
}
]
}
}

170
2008/5xxx/CVE-2008-5490.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7131",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7131"
},
{
"name" : "32316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32316"
},
{
"name" : "ADV-2008-3169",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3169"
},
{
"name" : "32717",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32717"
},
{
"name" : "4718",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4718"
},
{
"name" : "yahooanswers-index-sql-injection(46624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in PHPStore Yahoo Answers allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4718",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4718"
},
{
"name": "yahooanswers-index-sql-injection(46624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46624"
},
{
"name": "ADV-2008-3169",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3169"
},
{
"name": "32316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32316"
},
{
"name": "32717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32717"
},
{
"name": "7131",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7131"
}
]
}
}

34
2013/3xxx/CVE-2013-3109.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3109",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3109",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/3xxx/CVE-2013-3449.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3449",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3449",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2013/3xxx/CVE-2013-3573.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#324668",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/324668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#324668",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/324668"
}
]
}
}

130
2013/3xxx/CVE-2013-3704.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3704",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3704",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "openSUSE-SU-2013:1432",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00022.html"
},
{
"name" : "openSUSE-SU-2013:1433",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00023.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might allow remote attackers to trick users into believing that the repository was signed by a more-trustworthy key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1432",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00022.html"
},
{
"name": "openSUSE-SU-2013:1433",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00023.html"
}
]
}
}

150
2013/4xxx/CVE-2013-4119.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/07/11/12"
},
{
"name" : "[oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/07/12/2"
},
{
"name" : "https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53",
"refsource" : "CONFIRM",
"url" : "https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53"
},
{
"name" : "61072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61072"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by disconnecting before authentication has finished."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130711 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/11/12"
},
{
"name": "[oss-security] 20130712 Re: CVE Request -- FreeRDP: Multiple security fixes in 1.1.0-beta1 version",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/12/2"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53"
},
{
"name": "61072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61072"
}
]
}
}

170
2013/4xxx/CVE-2013-4307.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the \"In other languages\" section or (2) remote administrators to inject arbitrary web script or HTML via a description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
"refsource" : "MLIST",
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
},
{
"name" : "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q3/553"
},
{
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
},
{
"name" : "62201",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62201"
},
{
"name" : "96907",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/96907"
},
{
"name" : "mediawiki-cve20134307-xss(86892)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the \"In other languages\" section or (2) remote administrators to inject arbitrary web script or HTML via a description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130904 Re: CVE request: MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/553"
},
{
"name": "62201",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62201"
},
{
"name": "[MediaWiki-announce] 20130903 MediaWiki Security Release: 1.21.2, 1.20.7 and 1.19.8",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-September/000133.html"
},
{
"name": "96907",
"refsource": "OSVDB",
"url": "http://osvdb.org/96907"
},
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=53472"
},
{
"name": "mediawiki-cve20134307-xss(86892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86892"
}
]
}
}

210
2013/4xxx/CVE-2013-4710.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2014/02/18/11"
},
{
"name" : "http://50.56.33.56/blog/?p=314",
"refsource" : "MISC",
"url" : "http://50.56.33.56/blog/?p=314"
},
{
"name" : "http://emobile.jp/products/sh/a01sh/systemsoftware.html",
"refsource" : "CONFIRM",
"url" : "http://emobile.jp/products/sh/a01sh/systemsoftware.html"
},
{
"name" : "http://jvn.jp/en/jp/JVN53768697/113349/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN53768697/113349/index.html"
},
{
"name" : "http://jvn.jp/en/jp/JVN53768697/397327/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN53768697/397327/index.html"
},
{
"name" : "http://jvn.jp/en/jp/JVN53768697/995293/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN53768697/995293/index.html"
},
{
"name" : "http://jvn.jp/en/jp/JVN53768697/995312/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN53768697/995312/index.html"
},
{
"name" : "http://jvn.jp/en/jp/JVN53768697/995417/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN53768697/995417/index.html"
},
{
"name" : "JVN#53768697",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN53768697/index.html"
},
{
"name" : "JVNDB-2013-000111",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN53768697/113349/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN53768697/113349/index.html"
},
{
"name": "http://emobile.jp/products/sh/a01sh/systemsoftware.html",
"refsource": "CONFIRM",
"url": "http://emobile.jp/products/sh/a01sh/systemsoftware.html"
},
{
"name": "JVN#53768697",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN53768697/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN53768697/397327/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN53768697/397327/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN53768697/995312/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN53768697/995312/index.html"
},
{
"name": "[oss-security] 20140218 Re: CVE-2014-1939 searchBoxJavaBridge_ in Android Jelly Bean",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2014/02/18/11"
},
{
"name": "http://jvn.jp/en/jp/JVN53768697/995293/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN53768697/995293/index.html"
},
{
"name": "http://jvn.jp/en/jp/JVN53768697/995417/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN53768697/995417/index.html"
},
{
"name": "http://50.56.33.56/blog/?p=314",
"refsource": "MISC",
"url": "http://50.56.33.56/blog/?p=314"
},
{
"name": "JVNDB-2013-000111",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000111"
}
]
}
}

130
2013/4xxx/CVE-2013-4727.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource" : "MISC",
"url" : "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name" : "96666",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/96666"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt"
},
{
"name": "96666",
"refsource": "OSVDB",
"url": "http://osvdb.org/96666"
}
]
}
}

130
2013/4xxx/CVE-2013-4826.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBGN02930",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547"
},
{
"name" : "SSRT101024",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown vectors, aka ZDI-CAN-1647."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT101024",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547"
},
{
"name": "HPSBGN02930",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03943547"
}
]
}
}

160
2013/4xxx/CVE-2013-4873.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/"
},
{
"name" : "https://itunes.apple.com/us/app/tumblr/id305343404",
"refsource" : "MISC",
"url" : "https://itunes.apple.com/us/app/tumblr/id305343404"
},
{
"name" : "http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users",
"refsource" : "CONFIRM",
"url" : "http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users"
},
{
"name" : "95374",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95374"
},
{
"name" : "tumblr-unspecified-information-disclosure(85823)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95374",
"refsource": "OSVDB",
"url": "http://osvdb.org/95374"
},
{
"name": "http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users",
"refsource": "CONFIRM",
"url": "http://staff.tumblr.com/post/55648373578/important-security-update-for-iphone-ipad-users"
},
{
"name": "https://itunes.apple.com/us/app/tumblr/id305343404",
"refsource": "MISC",
"url": "https://itunes.apple.com/us/app/tumblr/id305343404"
},
{
"name": "http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2013/07/17/tumblr_ios_snafu_fixed/"
},
{
"name": "tumblr-unspecified-information-disclosure(85823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85823"
}
]
}
}

34
2013/6xxx/CVE-2013-6217.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6217",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6217",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6258.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6258",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6258",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/6xxx/CVE-2013-6360.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6360",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6360",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2013/6xxx/CVE-2013-6516.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6516",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6516",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

170
2013/6xxx/CVE-2013-6965.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name" : "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name" : "64281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64281"
},
{
"name" : "100911",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100911"
},
{
"name" : "1029492",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029492"
},
{
"name" : "cisco-webex-cve20136965-info-disc(89691)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The registration component in Cisco WebEx Training Center provides the training-session URL before e-mail confirmation is completed, which allows remote attackers to bypass intended access restrictions and join an audio conference by entering credential fields from this URL, aka Bug ID CSCul36183."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32157"
},
{
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name": "100911",
"refsource": "OSVDB",
"url": "http://osvdb.org/100911"
},
{
"name": "64281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64281"
},
{
"name": "20131212 Cisco WebEx Training Center Bypass Email Verification to Join Audio Conference Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6965"
},
{
"name": "cisco-webex-cve20136965-info-disc(89691)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89691"
}
]
}
}

34
2013/7xxx/CVE-2013-7337.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7337",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7337",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2013/7xxx/CVE-2013-7417.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7417",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name" : "http://sourceforge.net/p/ipcop/bugs/807/",
"refsource" : "MISC",
"url" : "http://sourceforge.net/p/ipcop/bugs/807/"
},
{
"name" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
"refsource" : "MISC",
"url" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
},
{
"name" : "ipcop-ipinfo-xss(99396)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be used to bypass the cross-site request forgery (CSRF) protection mechanism by setting the Referer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
"refsource": "MISC",
"url": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
},
{
"name": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
},
{
"name": "http://sourceforge.net/p/ipcop/bugs/807/",
"refsource": "MISC",
"url": "http://sourceforge.net/p/ipcop/bugs/807/"
},
{
"name": "ipcop-ipinfo-xss(99396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99396"
}
]
}
}

120
2013/7xxx/CVE-2013-7445.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-7445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=60533",
"refsource" : "MISC",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=60533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=60533",
"refsource": "MISC",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=60533"
}
]
}
}

34
2017/10xxx/CVE-2017-10483.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10483",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10483",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/10xxx/CVE-2017-10520.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10520",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10520",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/10xxx/CVE-2017-10803.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10803",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/odoo/odoo/issues/17898",
"refsource" : "CONFIRM",
"url" : "https://github.com/odoo/odoo/issues/17898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/odoo/odoo/issues/17898",
"refsource": "CONFIRM",
"url": "https://github.com/odoo/odoo/issues/17898"
}
]
}
}

34
2017/12xxx/CVE-2017-12051.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12051",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12051",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/12xxx/CVE-2017-12345.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Data Center Network Manager Software",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Data Center Network Manager Software"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Data Center Network Manager Software",
"version": {
"version_data": [
{
"version_value": "Cisco Data Center Network Manager Software"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
},
{
"name" : "101996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject arbitrary values into DCNM configuration parameters, redirect a user to a malicious website, inject malicious content into a DCNM client interface, or conduct a cross-site scripting (XSS) attack against a user of the affected software. Cisco Bug IDs: CSCvf40477, CSCvf63150, CSCvf68218, CSCvf68235, CSCvf68247."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101996"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171129-dcnm"
}
]
}
}

130
2017/12xxx/CVE-2017-12565.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/602",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/602"
},
{
"name" : "100156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100156"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the function ReadOneJNGImage in coders/png.c, which allows attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100156"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/602",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/602"
}
]
}
}

150
2017/12xxx/CVE-2017-12978.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG"
},
{
"name" : "https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24",
"refsource" : "CONFIRM",
"url" : "https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24"
},
{
"name" : "https://github.com/Cacti/cacti/issues/918",
"refsource" : "CONFIRM",
"url" : "https://github.com/Cacti/cacti/issues/918"
},
{
"name" : "1039226",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24",
"refsource": "CONFIRM",
"url": "https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24"
},
{
"name": "1039226",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039226"
},
{
"name": "https://github.com/Cacti/cacti/issues/918",
"refsource": "CONFIRM",
"url": "https://github.com/Cacti/cacti/issues/918"
},
{
"name": "https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://github.com/Cacti/cacti/blob/develop/docs/CHANGELOG"
}
]
}
}

34
2017/13xxx/CVE-2017-13416.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13416",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13416",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13434.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13434",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13434",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13521.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13521",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13521",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13611.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13611",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13611",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13835.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13835",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13835",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2017/17xxx/CVE-2017-17033.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@qnapsecurity.com.tw",
"DATE_PUBLIC" : "2017-12-15T00:00:00",
"ID" : "CVE-2017-17033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "QTS Notification function",
"version" : {
"version_data" : [
{
"version_value" : "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier"
}
]
}
}
]
},
"vendor_name" : "QNAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@qnap.com",
"DATE_PUBLIC": "2017-12-15T00:00:00",
"ID": "CVE-2017-17033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "QTS Notification function",
"version": {
"version_data": [
{
"version_value": "4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier"
}
]
}
}
]
},
"vendor_name": "QNAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15",
"refsource" : "CONFIRM",
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
},
{
"name" : "1040018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040018"
},
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201712-15"
}
]
}
}

34
2017/17xxx/CVE-2017-17729.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17729",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17729",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/17xxx/CVE-2017-17849.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43391",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43391/"
},
{
"name" : "45087",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45087/"
},
{
"name" : "https://packetstormsecurity.com/files/145530/GetGo-Download-Manager-5.3.0.2712-Buffer-Overflow.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145530/GetGo-Download-Manager-5.3.0.2712-Buffer-Overflow.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45087",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45087/"
},
{
"name": "https://packetstormsecurity.com/files/145530/GetGo-Download-Manager-5.3.0.2712-Buffer-Overflow.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145530/GetGo-Download-Manager-5.3.0.2712-Buffer-Overflow.html"
},
{
"name": "43391",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43391/"
}
]
}
}

120
2017/9xxx/CVE-2017-9111.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2017/05/12/5",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2017/05/12/5"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/05/12/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/05/12/5"
}
]
}
}

130
2017/9xxx/CVE-2017-9940.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2017-9940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SiPass integrated All versions before V2.70",
"version" : {
"version_data" : [
{
"version_value" : "SiPass integrated All versions before V2.70"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-269: Improper Privilege Management"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2017-9940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SiPass integrated All versions before V2.70",
"version": {
"version_data": [
{
"version_value": "SiPass integrated All versions before V2.70"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
"refsource" : "CONFIRM",
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"name" : "99578",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-339433.pdf"
},
{
"name": "99578",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99578"
}
]
}
}

326
2018/0xxx/CVE-2018-0051.json
View File

@ -1,165 +1,165 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0051",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow daemon (flowd) related to SIP ALG"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D77"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D70"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R4-S9, 15.1R7-S1"
},
{
"affected" : "=",
"version_name" : "15.1F6",
"version_value" : "15.1F6"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D140"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R4-S9, 16.1R6-S1, 16.1R7"
},
{
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S7, 16.2R3"
},
{
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S7, 17.1R3"
},
{
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S5, 17.3R2-S2, 17.3R3"
},
{
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R2"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0051",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Denial of Service vulnerability in MS-PIC, MS-MIC, MS-MPC, MS-DPC and SRX flow daemon (flowd) related to SIP ALG"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D77"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D70"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R4-S9, 15.1R7-S1"
},
{
"affected": "=",
"version_name": "15.1F6",
"version_value": "15.1F6"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D140"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R4-S9, 16.1R6-S1, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S5, 17.3R2-S2, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R2"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10885",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10885"
},
{
"name" : "1041852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041852"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve these specific issues: 12.1X46-D77, 12.3X48-D70, 12.3X48-D75, 14.1X53-D47, 15.1R4-S9, 15.1R7-S1, 15.1X49-D140, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R4-S9, 16.1R6-S1, 16.1R7, 16.2R2-S7, 16.2R3, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.3R1-S5, 17.3R2-S2, 17.3R3, 17.4R2, 18.1R1, 18.1X75-D10, 18.2R1, 18.2X75-D5, and all subsequent releases.\nThis fix has also been proactively committed into other releases that might not support SIP ALG configuration."
}
],
"source" : {
"advisory" : "JSA10885",
"defect" : [
"1326394"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : " Disable the use of the SIP ALG feature if it is not needed. "
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability in the SIP application layer gateway (ALG) component of Junos OS based platforms allows an attacker to crash MS-PIC, MS-MIC, MS-MPC, MS-DPC or SRX flow daemon (flowd) process. This issue affects Junos OS devices with NAT or stateful firewall configuration in combination with the SIP ALG enabled. SIP ALG is enabled by default on SRX Series devices except for SRX-HE devices. SRX-HE devices have SIP ALG disabled by default. The status of ALGs in SRX device can be obtained by executing the command: show security alg status Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D77; 12.3X48 versions prior to 12.3X48-D70; 15.1X49 versions prior to 15.1X49-D140; 15.1 versions prior to 15.1R4-S9, 15.1R7-S1; 15.1F6; 16.1 versions prior to 16.1R4-S9, 16.1R6-S1, 16.1R7; 16.2 versions prior to 16.2R2-S7, 16.2R3; 17.1 versions prior to 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.3 versions prior to 17.3R1-S5, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R2. No other Juniper Networks products or platforms are affected by this issue."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10885",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10885"
},
{
"name": "1041852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041852"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve these specific issues: 12.1X46-D77, 12.3X48-D70, 12.3X48-D75, 14.1X53-D47, 15.1R4-S9, 15.1R7-S1, 15.1X49-D140, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R4-S9, 16.1R6-S1, 16.1R7, 16.2R2-S7, 16.2R3, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.3R1-S5, 17.3R2-S2, 17.3R3, 17.4R2, 18.1R1, 18.1X75-D10, 18.2R1, 18.2X75-D5, and all subsequent releases.\nThis fix has also been proactively committed into other releases that might not support SIP ALG configuration."
}
],
"source": {
"advisory": "JSA10885",
"defect": [
"1326394"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": " Disable the use of the SIP ALG feature if it is not needed. "
}
]
}

142
2018/0xxx/CVE-2018-0861.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-02-13T00:00:00",
"ID" : "CVE-2018-0861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Windows 10 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Critical"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-02-13T00:00:00",
"ID": "CVE-2018-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Microsoft Windows 10 1607, 1703, and Windows Server 2016."
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0861",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0861"
},
{
"name" : "102884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102884"
},
{
"name" : "1040372",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040372"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, and CVE-2018-0866."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Critical"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0861",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0861"
},
{
"name": "102884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102884"
},
{
"name": "1040372",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040372"
}
]
}
}

120
2018/18xxx/CVE-2018-18069.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/",
"refsource" : "MISC",
"url" : "https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/",
"refsource": "MISC",
"url": "https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/"
}
]
}
}

120
2018/18xxx/CVE-2018-18908.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.sean-wright.com/sky/",
"refsource" : "MISC",
"url" : "https://blog.sean-wright.com/sky/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sky Go Desktop application 1.0.19-1 through 1.0.23-1 for Windows performs several requests over cleartext HTTP. This makes the data submitted in these requests prone to Man in The Middle (MiTM) attacks, whereby an attacker would be able to obtain the data sent in these requests. Some of the requests contain potentially sensitive information that could be useful to an attacker, such as the victim's Sky username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.sean-wright.com/sky/",
"refsource": "MISC",
"url": "https://blog.sean-wright.com/sky/"
}
]
}
}

120
2018/19xxx/CVE-2018-19436.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/0xUhaw/CVE-Bins/tree/master/webERP%20SQLI-2",
"refsource" : "MISC",
"url" : "https://github.com/0xUhaw/CVE-Bins/tree/master/webERP%20SQLI-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/0xUhaw/CVE-Bins/tree/master/webERP%20SQLI-2",
"refsource": "MISC",
"url": "https://github.com/0xUhaw/CVE-Bins/tree/master/webERP%20SQLI-2"
}
]
}
}

34
2018/19xxx/CVE-2018-19466.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19466",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19679.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19679",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19679",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/19xxx/CVE-2018-19793.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/iwannay/jiacrontab/issues/28",
"refsource" : "MISC",
"url" : "https://github.com/iwannay/jiacrontab/issues/28"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jiacrontab 1.4.5 allows remote attackers to execute arbitrary commands via the crontab/task/edit?addr=localhost%3a20001 command and args parameters, as demonstrated by command=cat&args=/etc/passwd in the POST data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/iwannay/jiacrontab/issues/28",
"refsource": "MISC",
"url": "https://github.com/iwannay/jiacrontab/issues/28"
}
]
}
}

34
2018/19xxx/CVE-2018-19804.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19804",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19804",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

172
2018/1xxx/CVE-2018-1054.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2018-1054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "389-ds-base",
"version" : {
"version_data" : [
{
"version_value" : "all versions including upstream 1.4.x"
}
]
}
}
]
},
"vendor_name" : "Red Hat, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-120"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2018-1054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base",
"version": {
"version_data": [
{
"version_value": "all versions including upstream 1.4.x"
}
]
}
}
]
},
"vendor_name": "Red Hat, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1537314",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"name" : "https://pagure.io/389-ds-base/issue/49545",
"refsource" : "CONFIRM",
"url" : "https://pagure.io/389-ds-base/issue/49545"
},
{
"name" : "RHSA-2018:0414",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name" : "RHSA-2018:0515",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name" : "103228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pagure.io/389-ds-base/issue/49545",
"refsource": "CONFIRM",
"url": "https://pagure.io/389-ds-base/issue/49545"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537314"
},
{
"name": "RHSA-2018:0414",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0414"
},
{
"name": "RHSA-2018:0515",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0515"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "103228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103228"
}
]
}
}

152
2018/1xxx/CVE-2018-1247.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-05-04T00:00:00",
"ID" : "CVE-2018-1247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RSA Authentication Manager Security Console",
"version" : {
"version_data" : [
{
"version_value" : "version 8.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity Injection Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-05-04T00:00:00",
"ID": "CVE-2018-1247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RSA Authentication Manager Security Console",
"version": {
"version_data": [
{
"version_value": "version 8.3 and earlier"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44634",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44634/"
},
{
"name" : "20180504 DSA-2018-086: RSA Authentication Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/18"
},
{
"name" : "104107",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104107"
},
{
"name" : "1040835",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA Authentication Manager Security Console, version 8.3 and earlier, contains a XML External Entity (XXE) vulnerability. This could potentially allow admin users to cause a denial of service or extract server data via injecting a maliciously crafted DTD in an XML file submitted to the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML External Entity Injection Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180504 DSA-2018-086: RSA Authentication Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/18"
},
{
"name": "1040835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040835"
},
{
"name": "104107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104107"
},
{
"name": "44634",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44634/"
}
]
}
}

138
2018/1xxx/CVE-2018-1297.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-02-11T00:00:00",
"ID" : "CVE-2018-1297",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache JMeter",
"version" : {
"version_data" : [
{
"version_value" : "2.x"
},
{
"version_value" : "3.x"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized code access"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-11T00:00:00",
"ID": "CVE-2018-1297",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache JMeter",
"version": {
"version_data": [
{
"version_value": "2.x"
},
{
"version_value": "3.x"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[www-announce] 20180211 CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E"
},
{
"name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039",
"refsource" : "CONFIRM",
"url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized code access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[www-announce] 20180211 CVE-2018-1297: Apache JMeter uses an unsecure RMI connection in Distributed mode",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/www-announce/201802.mbox/%3CCAH9fUpaNzk5am8oFe07RQ-kynCsQv54yB-uYs9bEnz7tbX-O7g%40mail.gmail.com%3E"
},
{
"name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039",
"refsource": "CONFIRM",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=62039"
}
]
}
}

182
2018/1xxx/CVE-2018-1509.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-28T00:00:00",
"ID" : "CVE-2018-1509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "L",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "3.700",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-28T00:00:00",
"ID": "CVE-2018-1509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10730321",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10730321"
},
{
"name" : "1041759",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041759"
},
{
"name" : "ibm-guardium-cve20181509-cert-validation(141417)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host. IBM X-Force ID: 141417."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "H",
"AV": "N",
"C": "L",
"I": "N",
"PR": "N",
"S": "U",
"SCORE": "3.700",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10730321",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10730321"
},
{
"name": "ibm-guardium-cve20181509-cert-validation(141417)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141417"
},
{
"name": "1041759",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041759"
}
]
}
}

34
2018/1xxx/CVE-2018-1589.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1589",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1589",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/5xxx/CVE-2018-5636.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5636",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5636",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/5xxx/CVE-2018-5637.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5637",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5637",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}