admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:52:29 +00:00
parent 8b2b8ee27f
commit 0b35ee0ba3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3426 additions and 3426 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2008/0xxx/CVE-2008-0012.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0012", "ID": "CVE-2008-0012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014." "value": "Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)", "name": "32618",
"refsource" : "ISS", "refsource": "SECUNIA",
"url" : "http://www.iss.net/threats/310.html" "url": "http://secunia.com/advisories/32618"
}, },
{ {
"name" : "http://blogs.iss.net/archive/trend.html", "name": "32261",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://blogs.iss.net/archive/trend.html" "url": "http://www.securityfocus.com/bid/32261"
}, },
{ {
"name" : "VU#768681", "name": "application-rpc-config1-bo(39918)",
"refsource" : "CERT-VN", "refsource": "XF",
"url" : "http://www.kb.cert.org/vuls/id/768681" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918"
}, },
{ {
"name" : "32261", "name": "20081111 Trend Micro ServerProtect [PROCEDURE NAME REDACTED] Heap Overflows (3)",
"refsource" : "BID", "refsource": "ISS",
"url" : "http://www.securityfocus.com/bid/32261" "url": "http://www.iss.net/threats/310.html"
}, },
{ {
"name" : "ADV-2008-3127", "name": "VU#768681",
"refsource" : "VUPEN", "refsource": "CERT-VN",
"url" : "http://www.vupen.com/english/advisories/2008/3127" "url": "http://www.kb.cert.org/vuls/id/768681"
}, },
{ {
"name" : "32618", "name": "http://blogs.iss.net/archive/trend.html",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/32618" "url": "http://blogs.iss.net/archive/trend.html"
}, },
{ {
"name" : "application-rpc-config1-bo(39918)", "name": "ADV-2008-3127",
"refsource" : "XF", "refsource": "VUPEN",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39918" "url": "http://www.vupen.com/english/advisories/2008/3127"
} }
] ]
} }

110
2008/0xxx/CVE-2008-0102.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-0102", "ID": "CVE-2008-0102",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid \"memory values,\" aka \"Publisher Invalid Memory Reference Vulnerability.\"" "value": "Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid \"memory values,\" aka \"Publisher Invalid Memory Reference Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "HPSBST02314", "name": "27739",
"refsource" : "HP", "refsource": "BID",
"url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" "url": "http://www.securityfocus.com/bid/27739"
}, },
{ {
"name" : "SSRT080016", "name": "oval:org.mitre.oval:def:5305",
"refsource" : "HP", "refsource": "OVAL",
"url" : "http://marc.info/?l=bugtraq&m=120361015026386&w=2" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305"
}, },
{ {
"name" : "MS08-012", "name": "HPSBST02314",
"refsource" : "MS", "refsource": "HP",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012" "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
}, },
{ {
"name" : "TA08-043C", "name": "ADV-2008-0514",
"refsource" : "CERT", "refsource": "VUPEN",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-043C.html" "url": "http://www.vupen.com/english/advisories/2008/0514/references"
}, },
{ {
"name" : "27739", "name": "SSRT080016",
"refsource" : "BID", "refsource": "HP",
"url" : "http://www.securityfocus.com/bid/27739" "url": "http://marc.info/?l=bugtraq&m=120361015026386&w=2"
}, },
{ {
"name" : "ADV-2008-0514", "name": "MS08-012",
"refsource" : "VUPEN", "refsource": "MS",
"url" : "http://www.vupen.com/english/advisories/2008/0514/references" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-012"
}, },
{ {
"name" : "oval:org.mitre.oval:def:5305", "name": "28906",
"refsource" : "OVAL", "refsource": "SECUNIA",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5305" "url": "http://secunia.com/advisories/28906"
}, },
{ {
"name" : "1019376", "name": "TA08-043C",
"refsource" : "SECTRACK", "refsource": "CERT",
"url" : "http://www.securitytracker.com/id?1019376" "url": "http://www.us-cert.gov/cas/techalerts/TA08-043C.html"
}, },
{ {
"name" : "28906", "name": "1019376",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/28906" "url": "http://www.securitytracker.com/id?1019376"
} }
] ]
} }

80
2008/0xxx/CVE-2008-0158.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0158", "ID": "CVE-2008-0158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter." "value": "Directory traversal vulnerability in index.php in Shop-Script 2.0 and possibly other versions allows remote attackers to read arbitrary files via a .. (dot dot) in the aux_page parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "4855", "name": "shopscript-index-directory-traversal(39449)",
"refsource" : "EXPLOIT-DB", "refsource": "XF",
"url" : "https://www.exploit-db.com/exploits/4855" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39449"
}, },
{ {
"name" : "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt", "name": "27165",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt" "url": "http://www.securityfocus.com/bid/27165"
}, },
{ {
"name" : "27165", "name": "4855",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/27165" "url": "https://www.exploit-db.com/exploits/4855"
}, },
{ {
"name" : "shopscript-index-directory-traversal(39449)", "name": "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39449" "url": "http://packetstormsecurity.org/0801-exploits/shopscript-disclose.txt"
} }
] ]
} }

92
2008/0xxx/CVE-2008-0306.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0306", "ID": "CVE-2008-0306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings." "value": "sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability", "name": "1019570",
"refsource" : "IDEFENSE", "refsource": "SECTRACK",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670" "url": "http://www.securitytracker.com/id?1019570"
}, },
{ {
"name" : "28185", "name": "ADV-2008-0844",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/28185" "url": "http://www.vupen.com/english/advisories/2008/0844/references"
}, },
{ {
"name" : "ADV-2008-0844", "name": "maxdb-sdbstarter-privilege-escalation(41104)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/0844/references" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41104"
}, },
{ {
"name" : "1019570", "name": "20080310 SAP MaxDB sdbstarter Privilege Escalation Vulnerability",
"refsource" : "SECTRACK", "refsource": "IDEFENSE",
"url" : "http://www.securitytracker.com/id?1019570" "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=670"
}, },
{ {
"name" : "29312", "name": "29312",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/29312" "url": "http://secunia.com/advisories/29312"
}, },
{ {
"name" : "maxdb-sdbstarter-privilege-escalation(41104)", "name": "28185",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41104" "url": "http://www.securityfocus.com/bid/28185"
} }
] ]
} }

110
2008/0xxx/CVE-2008-0312.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0312", "ID": "CVE-2008-0312",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information." "value": "Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability", "name": "1019753",
"refsource" : "IDEFENSE", "refsource": "SECTRACK",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677" "url": "http://www.securitytracker.com/id?1019753"
}, },
{ {
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html", "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html" "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html"
}, },
{ {
"name" : "28507", "name": "1019751",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/28507" "url": "http://www.securitytracker.com/id?1019751"
}, },
{ {
"name" : "ADV-2008-1077", "name": "1019752",
"refsource" : "VUPEN", "refsource": "SECTRACK",
"url" : "http://www.vupen.com/english/advisories/2008/1077/references" "url": "http://www.securitytracker.com/id?1019752"
}, },
{ {
"name" : "1019751", "name": "29660",
"refsource" : "SECTRACK", "refsource": "SECUNIA",
"url" : "http://www.securitytracker.com/id?1019751" "url": "http://secunia.com/advisories/29660"
}, },
{ {
"name" : "1019752", "name": "ADV-2008-1077",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://www.securitytracker.com/id?1019752" "url": "http://www.vupen.com/english/advisories/2008/1077/references"
}, },
{ {
"name" : "1019753", "name": "28507",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id?1019753" "url": "http://www.securityfocus.com/bid/28507"
}, },
{ {
"name" : "29660", "name": "symantec-autofixtool-bo(41629)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/29660" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629"
}, },
{ {
"name" : "symantec-autofixtool-bo(41629)", "name": "20080402 Symantec Norton Internet Security 2008 ActiveX Control Buffer Overflow Vulnerability",
"refsource" : "XF", "refsource": "IDEFENSE",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41629" "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677"
} }
] ]
} }

80
2008/1xxx/CVE-2008-1486.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1486", "ID": "CVE-2008-1486",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search." "value": "SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.phorum.org/phorum5/read.php?64,126815,126815", "name": "http://www.phorum.org/phorum5/read.php?64,126815,126815",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.phorum.org/phorum5/read.php?64,126815,126815" "url": "http://www.phorum.org/phorum5/read.php?64,126815,126815"
}, },
{ {
"name" : "28540", "name": "29519",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/28540" "url": "http://secunia.com/advisories/29519"
}, },
{ {
"name" : "29519", "name": "28540",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/29519" "url": "http://www.securityfocus.com/bid/28540"
}, },
{ {
"name" : "phorum-nonfulltext-sql-injection(41418)", "name": "phorum-nonfulltext-sql-injection(41418)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41418"
} }
] ]
} }

98
2008/1xxx/CVE-2008-1754.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1754", "ID": "CVE-2008-1754",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory." "value": "Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html", "name": "altiris-agent-aclient-info-disclosure(41771)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771"
}, },
{ {
"name" : "28707", "name": "28707",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/28707" "url": "http://www.securityfocus.com/bid/28707"
}, },
{ {
"name" : "ADV-2008-1197", "name": "ADV-2008-1197",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1197/references" "url": "http://www.vupen.com/english/advisories/2008/1197/references"
}, },
{ {
"name" : "44388", "name": "29771",
"refsource" : "OSVDB", "refsource": "SECUNIA",
"url" : "http://www.osvdb.org/44388" "url": "http://secunia.com/advisories/29771"
}, },
{ {
"name" : "1019825", "name": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id?1019825" "url": "http://securityresponse.symantec.com/avcenter/security/Content/2008.04.10.html"
}, },
{ {
"name" : "29771", "name": "1019825",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/29771" "url": "http://www.securitytracker.com/id?1019825"
}, },
{ {
"name" : "altiris-agent-aclient-info-disclosure(41771)", "name": "44388",
"refsource" : "XF", "refsource": "OSVDB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41771" "url": "http://www.osvdb.org/44388"
} }
] ]
} }

74
2008/1xxx/CVE-2008-1958.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1958", "ID": "CVE-2008-1958",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension." "value": "Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5483", "name": "29814",
"refsource" : "EXPLOIT-DB", "refsource": "SECUNIA",
"url" : "https://www.exploit-db.com/exploits/5483" "url": "http://secunia.com/advisories/29814"
}, },
{ {
"name" : "29814", "name": "trscriptnews-main-file-upload(41953)",
"refsource" : "SECUNIA", "refsource": "XF",
"url" : "http://secunia.com/advisories/29814" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41953"
}, },
{ {
"name" : "trscriptnews-main-file-upload(41953)", "name": "5483",
"refsource" : "XF", "refsource": "EXPLOIT-DB",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41953" "url": "https://www.exploit-db.com/exploits/5483"
} }
] ]
} }

80
2008/4xxx/CVE-2008-4040.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4040", "ID": "CVE-2008-4040",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI." "value": "Directory traversal vulnerability in the Kyocera Command Center in Kyocera FS-118MFP allows remote attackers to read arbitrary files via a .. (dot dot) in the URI."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt", "name": "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt" "url": "http://packetstorm.linuxsecurity.com/0808-exploits/kyocera-traversal.txt"
}, },
{ {
"name" : "30971", "name": "kyocera-commandcenter-directory-traversal(44793)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/30971" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44793"
}, },
{ {
"name" : "31680", "name": "31680",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/31680" "url": "http://secunia.com/advisories/31680"
}, },
{ {
"name" : "kyocera-commandcenter-directory-traversal(44793)", "name": "30971",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44793" "url": "http://www.securityfocus.com/bid/30971"
} }
] ]
} }

74
2008/4xxx/CVE-2008-4158.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4158", "ID": "CVE-2008-4158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters." "value": "Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6413", "name": "6413",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6413" "url": "https://www.exploit-db.com/exploits/6413"
}, },
{ {
"name" : "4290", "name": "zanficmslite-index-file-include(45027)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/4290" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45027"
}, },
{ {
"name" : "zanficmslite-index-file-include(45027)", "name": "4290",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45027" "url": "http://securityreason.com/securityalert/4290"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4910.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4910", "ID": "CVE-2008-4910",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method." "value": "The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20081025 Java Web start vulnerability", "name": "sun-jws-showdocument-command-execution(46119)",
"refsource" : "BUGTRAQ", "refsource": "XF",
"url" : "http://www.securityfocus.com/archive/1/497799/100/0/threaded" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46119"
}, },
{ {
"name" : "20081031 Re: Java Web start vulnerability", "name": "31916",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/497972/100/0/threaded" "url": "http://www.securityfocus.com/bid/31916"
}, },
{ {
"name" : "31916", "name": "20081025 Java Web start vulnerability",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/31916" "url": "http://www.securityfocus.com/archive/1/497799/100/0/threaded"
}, },
{ {
"name" : "4542", "name": "20081031 Re: Java Web start vulnerability",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/4542" "url": "http://www.securityfocus.com/archive/1/497972/100/0/threaded"
}, },
{ {
"name" : "sun-jws-showdocument-command-execution(46119)", "name": "4542",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46119" "url": "http://securityreason.com/securityalert/4542"
} }
] ]
} }

80
2008/5xxx/CVE-2008-5608.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5608", "ID": "CVE-2008-5608",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb." "value": "ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "7356", "name": "7360",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7356" "url": "https://www.exploit-db.com/exploits/7360"
}, },
{ {
"name" : "7360", "name": "7356",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7360" "url": "https://www.exploit-db.com/exploits/7356"
}, },
{ {
"name" : "4754", "name": "4754",
"refsource" : "SREASON", "refsource": "SREASON",
"url" : "http://securityreason.com/securityalert/4754" "url": "http://securityreason.com/securityalert/4754"
}, },
{ {
"name" : "aspautodealer-auto-info-disclosure(47124)", "name": "aspautodealer-auto-info-disclosure(47124)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47124" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47124"
} }
] ]
} }

80
2013/2xxx/CVE-2013-2898.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2898", "ID": "CVE-2013-2898",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device." "value": "drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_SENSOR_HUB is enabled, allows physically proximate attackers to obtain sensitive information from kernel memory via a crafted device."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[linux-input] 20130828 [PATCH 12/14] HID: sensor-hub: validate feature report details", "name": "[linux-input] 20130828 [PATCH 12/14] HID: sensor-hub: validate feature report details",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://marc.info/?l=linux-input&m=137772191114645&w=1" "url": "http://marc.info/?l=linux-input&m=137772191114645&w=1"
}, },
{ {
"name" : "[oss-security] 20130828 Linux HID security flaws", "name": "[oss-security] 20130828 Linux HID security flaws",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/08/28/13" "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
}, },
{ {
"name" : "USN-1995-1", "name": "USN-1995-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1995-1" "url": "http://www.ubuntu.com/usn/USN-1995-1"
}, },
{ {
"name" : "USN-1998-1", "name": "USN-1998-1",
"refsource" : "UBUNTU", "refsource": "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1998-1" "url": "http://www.ubuntu.com/usn/USN-1998-1"
} }
] ]
} }

62
2013/3xxx/CVE-2013-3426.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3426", "ID": "CVE-2013-3426",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810." "value": "The Serviceability servlet on Cisco 9900 IP phones does not properly restrict paths, which allows remote attackers to read arbitrary files by specifying a pathname in a file request, aka Bug ID CSCuh52810."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130717 Cisco 9900 Series Phone Arbitrary File Download Vulnerability", "name": "20130717 Cisco 9900 Series Phone Arbitrary File Download Vulnerability",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3426" "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3426"
} }
] ]
} }

22
2013/4xxx/CVE-2013-4106.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4106", "ID": "CVE-2013-4106",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

98
2013/4xxx/CVE-2013-4668.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4668", "ID": "CVE-2013-4668",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a \"Keep directory structure\" action, related to fr-archive-libarchive.c and fr-window.c." "value": "Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a \"Keep directory structure\" action, related to fr-archive-libarchive.c and fr-window.c."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20130708 [oCERT-2013-001] File Roller path sanitization errors", "name": "USN-1906-1",
"refsource" : "BUGTRAQ", "refsource": "UBUNTU",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html" "url": "http://www.ubuntu.com/usn/USN-1906-1"
}, },
{ {
"name" : "http://www.ocert.org/advisories/ocert-2013-001.html", "name": "openSUSE-SU-2013:1281",
"refsource" : "MISC", "refsource": "SUSE",
"url" : "http://www.ocert.org/advisories/ocert-2013-001.html" "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html"
}, },
{ {
"name" : "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631", "name": "http://www.ocert.org/advisories/ocert-2013-001.html",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631" "url": "http://www.ocert.org/advisories/ocert-2013-001.html"
}, },
{ {
"name" : "openSUSE-SU-2013:1281", "name": "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631",
"refsource" : "SUSE", "refsource": "CONFIRM",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html" "url": "https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631"
}, },
{ {
"name" : "USN-1906-1", "name": "54351",
"refsource" : "UBUNTU", "refsource": "SECUNIA",
"url" : "http://www.ubuntu.com/usn/USN-1906-1" "url": "http://secunia.com/advisories/54351"
}, },
{ {
"name" : "61008", "name": "61008",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/61008" "url": "http://www.securityfocus.com/bid/61008"
}, },
{ {
"name" : "54351", "name": "20130708 [oCERT-2013-001] File Roller path sanitization errors",
"refsource" : "SECUNIA", "refsource": "BUGTRAQ",
"url" : "http://secunia.com/advisories/54351" "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html"
} }
] ]
} }

98
2013/4xxx/CVE-2013-4954.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4954", "ID": "CVE-2013-4954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when \"Allow New Registrations to set their own Password\" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information." "value": "Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when \"Allow New Registrations to set their own Password\" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register", "name": "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register" "url": "http://plugins.trac.wordpress.org/changeset?reponame=&old=740249%40pie-register&new=740249%40pie-register"
}, },
{ {
"name" : "http://wordpress.org/plugins/pie-register/changelog/", "name": "54123",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://wordpress.org/plugins/pie-register/changelog/" "url": "http://secunia.com/advisories/54123"
}, },
{ {
"name" : "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting", "name": "95160",
"refsource" : "CONFIRM", "refsource": "OSVDB",
"url" : "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting" "url": "http://osvdb.org/95160"
}, },
{ {
"name" : "61140", "name": "61140",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/61140" "url": "http://www.securityfocus.com/bid/61140"
}, },
{ {
"name" : "95160", "name": "pieregister-wplogin-xss(85604)",
"refsource" : "OSVDB", "refsource": "XF",
"url" : "http://osvdb.org/95160" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85604"
}, },
{ {
"name" : "54123", "name": "http://wordpress.org/plugins/pie-register/changelog/",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/54123" "url": "http://wordpress.org/plugins/pie-register/changelog/"
}, },
{ {
"name" : "pieregister-wplogin-xss(85604)", "name": "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85604" "url": "http://wordpress.org/support/topic/security-issue-web-application-cross-site-scripting"
} }
] ]
} }

86
2013/6xxx/CVE-2013-6168.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6168", "ID": "CVE-2013-6168",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php." "value": "Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework", "name": "63186",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html" "url": "http://www.securityfocus.com/bid/63186"
}, },
{ {
"name" : "https://www.htbridge.com/advisory/HTB23178", "name": "zikulaapplicationframework-unspecified-xss(88654)",
"refsource" : "MISC", "refsource": "XF",
"url" : "https://www.htbridge.com/advisory/HTB23178" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654"
}, },
{ {
"name" : "http://community.zikula.org/index.php?module=News&func=display&sid=3132", "name": "http://community.zikula.org/index.php?module=News&func=display&sid=3132",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://community.zikula.org/index.php?module=News&func=display&sid=3132" "url": "http://community.zikula.org/index.php?module=News&func=display&sid=3132"
}, },
{ {
"name" : "63186", "name": "20131113 Cross-Site Scripting (XSS) in Zikula Application Framework",
"refsource" : "BID", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/bid/63186" "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0057.html"
}, },
{ {
"name" : "zikulaapplicationframework-unspecified-xss(88654)", "name": "https://www.htbridge.com/advisory/HTB23178",
"refsource" : "XF", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88654" "url": "https://www.htbridge.com/advisory/HTB23178"
} }
] ]
} }

74
2013/6xxx/CVE-2013-6652.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6652", "ID": "CVE-2013-6652",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\\\?\\ protection mechanism." "value": "Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in the sandbox via vectors related to (1) lack of checks for .. (dot dot) sequences or (2) lack of use of the \\\\?\\ protection mechanism."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html", "name": "https://code.google.com/p/chromium/issues/detail?id=334897",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html" "url": "https://code.google.com/p/chromium/issues/detail?id=334897"
}, },
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=334897", "name": "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=334897" "url": "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision"
}, },
{ {
"name" : "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision", "name": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=247511&view=revision" "url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html"
} }
] ]
} }

68
2013/6xxx/CVE-2013-6724.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-6724", "ID": "CVE-2013-6724",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value." "value": "Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS SamplePower 3.0.1 before FP1 IF1 allows remote attackers to execute arbitrary code via a crafted ComboList property value."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663250", "name": "ibm-spss-vsflex8l-cve20136724-rce(89279)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21663250" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89279"
}, },
{ {
"name" : "ibm-spss-vsflex8l-cve20136724-rce(89279)", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21663250",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89279" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21663250"
} }
] ]
} }

22
2013/6xxx/CVE-2013-6879.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6879", "ID": "CVE-2013-6879",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2013/6xxx/CVE-2013-6993.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6993", "ID": "CVE-2013-6993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php." "value": "Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete action to wp-admin/tools.php."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20131226 Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin", "name": "20131226 Cross-Site Scripting (XSS) in Ad-minister Wordpress plugin",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/530540/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/530540/100/0/threaded"
}, },
{ {
"name" : "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss", "name": "https://www.htbridge.com/advisory/HTB23187",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss" "url": "https://www.htbridge.com/advisory/HTB23187"
}, },
{ {
"name" : "https://www.htbridge.com/advisory/HTB23187", "name": "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23187" "url": "http://wordpress.org/support/topic/ad-minister-06-security-vulnerability-notification-xss"
} }
] ]
} }

68
2013/7xxx/CVE-2013-7127.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7127", "ID": "CVE-2013-7127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file." "value": "Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext credentials in LastSession.plist, which allows local users to obtain sensitive information by reading this file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.securelist.com/en/blog/8168/Loophole_in_Safari", "name": "http://www.securelist.com/en/blog/8168/Loophole_in_Safari",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.securelist.com/en/blog/8168/Loophole_in_Safari" "url": "http://www.securelist.com/en/blog/8168/Loophole_in_Safari"
}, },
{ {
"name" : "apple-safari-cve20137127-info-disc(89941)", "name": "apple-safari-cve20137127-info-disc(89941)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89941" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89941"
} }
] ]
} }

22
2013/7xxx/CVE-2013-7160.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7160", "ID": "CVE-2013-7160",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

98
2013/7xxx/CVE-2013-7319.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7319", "ID": "CVE-2013-7319",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field." "value": "Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "30105", "name": "64159",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "http://www.exploit-db.com/exploits/30105" "url": "http://www.securityfocus.com/bid/64159"
}, },
{ {
"name" : "http://www.nerdbox.it/wordpress-download-manager-xss", "name": "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://www.nerdbox.it/wordpress-download-manager-xss" "url": "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact"
}, },
{ {
"name" : "http://wordpress.org/plugins/download-manager/changelog", "name": "55969",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://wordpress.org/plugins/download-manager/changelog" "url": "http://secunia.com/advisories/55969"
}, },
{ {
"name" : "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact", "name": "30105",
"refsource" : "CONFIRM", "refsource": "EXPLOIT-DB",
"url" : "http://www.wpdownloadmanager.com/support/topic/security-issue-found-who-to-contact" "url": "http://www.exploit-db.com/exploits/30105"
}, },
{ {
"name" : "64159", "name": "downloadmanager-file-xss(89524)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/64159" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89524"
}, },
{ {
"name" : "55969", "name": "http://www.nerdbox.it/wordpress-download-manager-xss",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/55969" "url": "http://www.nerdbox.it/wordpress-download-manager-xss"
}, },
{ {
"name" : "downloadmanager-file-xss(89524)", "name": "http://wordpress.org/plugins/download-manager/changelog",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89524" "url": "http://wordpress.org/plugins/download-manager/changelog"
} }
] ]
} }

70
2017/10xxx/CVE-2017-10054.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10054", "ID": "CVE-2017-10054",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Cruise Materials Management", "product_name": "Hospitality Cruise Materials Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "7.30.564.0" "version_value": "7.30.564.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)." "value": "Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data. CVSS 3.0 Base Score 5.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data." "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Cruise Materials Management executes to compromise Oracle Hospitality Cruise Materials Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Materials Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Materials Management accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "101456",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "url": "http://www.securityfocus.com/bid/101456"
}, },
{ {
"name" : "101456", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/101456" "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
} }
] ]
} }

74
2017/10xxx/CVE-2017-10064.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10064", "ID": "CVE-2017-10064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality WebSuite8 Cloud Service", "product_name": "Hospitality WebSuite8 Cloud Service",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.9.6" "version_value": "8.9.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.10.x" "version_value": "8.10.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." "value": "Vulnerability in the Hospitality WebSuite8 Cloud Service component of Oracle Hospitality Applications (subcomponent: General). Supported versions that are affected are 8.9.6 and 8.10.x. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hospitality WebSuite8 Cloud Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hospitality WebSuite8 Cloud Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hospitality WebSuite8 Cloud Service accessible data as well as unauthorized read access to a subset of Hospitality WebSuite8 Cloud Service accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "100229",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "url": "http://www.securityfocus.com/bid/100229"
}, },
{ {
"name" : "100229", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/100229" "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
} }
] ]
} }

106
2017/10xxx/CVE-2017-10271.json
View File

@ -1,99 +1,99 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10271", "ID": "CVE-2017-10271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebLogic Server", "product_name": "WebLogic Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "10.3.6.0.0" "version_value": "10.3.6.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3.0.0" "version_value": "12.1.3.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.1.0" "version_value": "12.2.1.1.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.2.0" "version_value": "12.2.1.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "43458", "name": "43458",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43458/" "url": "https://www.exploit-db.com/exploits/43458/"
}, },
{ {
"name" : "43924", "name": "1039608",
"refsource" : "EXPLOIT-DB", "refsource": "SECTRACK",
"url" : "https://www.exploit-db.com/exploits/43924/" "url": "http://www.securitytracker.com/id/1039608"
}, },
{ {
"name" : "https://github.com/c0mmand3rOpSec/CVE-2017-10271", "name": "101304",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://github.com/c0mmand3rOpSec/CVE-2017-10271" "url": "http://www.securityfocus.com/bid/101304"
}, },
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "https://github.com/c0mmand3rOpSec/CVE-2017-10271",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "url": "https://github.com/c0mmand3rOpSec/CVE-2017-10271"
}, },
{ {
"name" : "101304", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/101304" "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}, },
{ {
"name" : "1039608", "name": "43924",
"refsource" : "SECTRACK", "refsource": "EXPLOIT-DB",
"url" : "http://www.securitytracker.com/id/1039608" "url": "https://www.exploit-db.com/exploits/43924/"
} }
] ]
} }

104
2017/10xxx/CVE-2017-10411.json
View File

@ -1,100 +1,100 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10411", "ID": "CVE-2017-10411",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Knowledge Management", "product_name": "Knowledge Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.1" "version_value": "12.1.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.2" "version_value": "12.1.2"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.1.3" "version_value": "12.1.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.3" "version_value": "12.2.3"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.4" "version_value": "12.2.4"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.5" "version_value": "12.2.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.6" "version_value": "12.2.6"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.7" "version_value": "12.2.7"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)." "value": "Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Knowledge Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}, },
{ {
"name" : "101345", "name": "101345",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/101345" "url": "http://www.securityfocus.com/bid/101345"
}, },
{ {
"name" : "1039592", "name": "1039592",
"refsource" : "SECTRACK", "refsource": "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039592" "url": "http://www.securitytracker.com/id/1039592"
} }
] ]
} }

62
2017/10xxx/CVE-2017-10976.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10976", "ID": "CVE-2017-10976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c." "value": "When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to a heap-based buffer over-read in the readBlock() function in lib/ttf.c."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/matthiaskramm/swftools/issues/28", "name": "https://github.com/matthiaskramm/swftools/issues/28",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/matthiaskramm/swftools/issues/28" "url": "https://github.com/matthiaskramm/swftools/issues/28"
} }
] ]
} }

84
2017/13xxx/CVE-2017-13201.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-13201", "ID": "CVE-2017-13201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768." "value": "An information disclosure vulnerability in the Android media framework (mediadrm). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63982768."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Information disclosure" "value": "Information disclosure"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-01-01", "name": "https://source.android.com/security/bulletin/pixel/2018-01-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-01-01" "url": "https://source.android.com/security/bulletin/pixel/2018-01-01"
}, },
{ {
"name" : "102529", "name": "102529",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/102529" "url": "http://www.securityfocus.com/bid/102529"
} }
] ]
} }

22
2017/13xxx/CVE-2017-13327.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13327", "ID": "CVE-2017-13327",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2017/13xxx/CVE-2017-13951.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13951", "ID": "CVE-2017-13951",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2017/17xxx/CVE-2017-17258.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17258", "ID": "CVE-2017-17258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030", "product_name": "AR120-S, AR1200, AR1200-S, AR150, AR150-S, AR160, AR200, AR200-S, AR2200, AR2200-S, AR3200, AR3600, AR510, DP300, IPS Module, NGFW Module, NIP6300, NIP6600, NIP6800, NetEngine16EX, RSE6500, SRG1300, SRG2300, SRG3300, SVN5600, SVN5800, SVN5800-C, SeMG9811, Secospace USG6300, Secospace USG6500, Secospace USG6600, TE30, TE40, TE50, TE60, TP3106, TP3206, USG6000V, USG9500, USG9520, USG9560, USG9580, VP9660, ViewPoint 8660, ViewPoint 9030",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02" "version_value": "AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash." "value": "Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR150 V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR150-S V200R006C10SPC300, V200R007C00, V200R008C20, V200R008C30, AR160 V200R006C10, V200R006C12, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR200 V200R006C10, V200R007C00, V200R007C01, V200R008C20, V200R008C30, AR200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR2200 V200R006C10, V200R006C13, V200R006C16PWE, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30, AR2200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, AR3200 V200R006C10, V200R006C11, V200R007C00, V200R007C01, V200R007C02, V200R008C00, V200R008C10, V200R008C20, V200R008C30, AR3600 V200R006C10, V200R007C00, V200R007C01, V200R008C20, AR510 V200R006C10, V200R006C12, V200R006C13, V200R006C15, V200R006C16, V200R006C17, V200R007C00SPC180T, V200R008C20, V200R008C30, DP300 V500R002C00, IPS Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, NGFW Module V100R001C10SPC200, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R002C00, V500R002C10, NIP6300 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6600 V500R001C00, V500R001C20, V500R001C30, V500R001C50, NIP6800 V500R001C50, NetEngine16EX V200R006C10, V200R007C00, V200R008C20, V200R008C30, RSE6500 V500R002C00, SRG1300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG2300 V200R006C10, V200R007C00, V200R007C02, V200R008C20, V200R008C30, SRG3300 V200R006C10, V200R007C00, V200R008C20, V200R008C30, SVN5600 V200R003C00, V200R003C10, SVN5800 V200R003C00, V200R003C10, SVN5800-C V200R003C00, V200R003C10, SeMG9811 V300R001C01, Secospace USG6300 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6500 V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, Secospace USG6600 V100R001C00SPC200, V100R001C10, V100R001C20, V100R001C30, V500R001C00, V500R001C20, V500R001C30, V500R001C50, V500R001C60, TE30 V100R001C02, V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C01, V100R001C10, V500R002C00, V600R006C00, TP3106 V100R002C00, TP3206 V100R002C00, V100R002C10, USG6000V V500R001C20, USG9500 V500R001C00, V500R001C20, V500R001C30, V500R001C50, USG9520 V300R001C01, V300R001C20, USG9560 V300R001C01, V300R001C20, USG9580 V300R001C01, V300R001C20, VP9660 V500R002C00, V500R002C10, ViewPoint 8660 V100R008C03, ViewPoint 9030 V100R011C02 has a resource management vulnerability in H323 protocol. An unauthenticated, remote attacker could craft malformed packets and send the packets to the affected products in the case of failure to apply for memory. Due to insufficient validation of packets, which could be exploited to cause process crash."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "resource management" "value": "resource management"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en", "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en" "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171227-01-h323-en"
} }
] ]
} }

86
2017/17xxx/CVE-2017-17428.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17428", "ID": "CVE-2017-17428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack." "value": "Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT attack."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.cavium.com/security-advisory-cve-2017-17428.html", "name": "102170",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://www.cavium.com/security-advisory-cve-2017-17428.html" "url": "http://www.securityfocus.com/bid/102170"
}, },
{ {
"name" : "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017", "name": "https://www.cavium.com/security-advisory-cve-2017-17428.html",
"refsource" : "CISCO", "refsource": "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher" "url": "https://www.cavium.com/security-advisory-cve-2017-17428.html"
}, },
{ {
"name" : "VU#144389", "name": "20171212 Bleichenbacher Attack on TLS Affecting Cisco Products: December 2017",
"refsource" : "CERT-VN", "refsource": "CISCO",
"url" : "https://www.kb.cert.org/vuls/id/144389" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher"
}, },
{ {
"name" : "102170", "name": "1039984",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/102170" "url": "http://www.securitytracker.com/id/1039984"
}, },
{ {
"name" : "1039984", "name": "VU#144389",
"refsource" : "SECTRACK", "refsource": "CERT-VN",
"url" : "http://www.securitytracker.com/id/1039984" "url": "https://www.kb.cert.org/vuls/id/144389"
} }
] ]
} }

74
2017/17xxx/CVE-2017-17819.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17819", "ID": "CVE-2017-17819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated." "value": "In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access in the function find_cc() in asm/preproc.c that will cause a remote denial of service attack, because pointers associated with skip_white_ calls are not validated."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af", "name": "https://bugzilla.nasm.us/show_bug.cgi?id=3392435",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af" "url": "https://bugzilla.nasm.us/show_bug.cgi?id=3392435"
}, },
{ {
"name" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392435", "name": "USN-3694-1",
"refsource" : "MISC", "refsource": "UBUNTU",
"url" : "https://bugzilla.nasm.us/show_bug.cgi?id=3392435" "url": "https://usn.ubuntu.com/3694-1/"
}, },
{ {
"name" : "USN-3694-1", "name": "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af",
"refsource" : "UBUNTU", "refsource": "MISC",
"url" : "https://usn.ubuntu.com/3694-1/" "url": "http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af"
} }
] ]
} }

68
2017/17xxx/CVE-2017-17882.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17882", "ID": "CVE-2017-17882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file." "value": "In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in the function ReadXPMImage in coders/xpm.c, which allows attackers to cause a denial of service via a crafted XPM image file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/ImageMagick/ImageMagick/issues/880", "name": "USN-3681-1",
"refsource" : "CONFIRM", "refsource": "UBUNTU",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/880" "url": "https://usn.ubuntu.com/3681-1/"
}, },
{ {
"name" : "USN-3681-1", "name": "https://github.com/ImageMagick/ImageMagick/issues/880",
"refsource" : "UBUNTU", "refsource": "CONFIRM",
"url" : "https://usn.ubuntu.com/3681-1/" "url": "https://github.com/ImageMagick/ImageMagick/issues/880"
} }
] ]
} }

86
2017/9xxx/CVE-2017-9035.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9035", "ID": "CVE-2017-9035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers." "value": "Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities", "name": "1038548",
"refsource" : "FULLDISC", "refsource": "SECTRACK",
"url" : "http://seclists.org/fulldisclosure/2017/May/91" "url": "http://www.securitytracker.com/id/1038548"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html", "name": "https://success.trendmicro.com/solution/1117411",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html" "url": "https://success.trendmicro.com/solution/1117411"
}, },
{ {
"name" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities", "name": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities" "url": "https://www.coresecurity.com/advisories/trend-micro-serverprotect-multiple-vulnerabilities"
}, },
{ {
"name" : "https://success.trendmicro.com/solution/1117411", "name": "20170523 [CORE-2017-0002] - Trend Micro ServerProtect Multiple Vulnerabilities",
"refsource" : "CONFIRM", "refsource": "FULLDISC",
"url" : "https://success.trendmicro.com/solution/1117411" "url": "http://seclists.org/fulldisclosure/2017/May/91"
}, },
{ {
"name" : "1038548", "name": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html",
"refsource" : "SECTRACK", "refsource": "MISC",
"url" : "http://www.securitytracker.com/id/1038548" "url": "http://packetstormsecurity.com/files/142645/Trend-Micro-ServerProtect-Disclosure-CSRF-XSS.html"
} }
] ]
} }

98
2017/9xxx/CVE-2017-9230.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9230", "ID": "CVE-2017-9230",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability." "value": "** DISPUTED ** The Bitcoin Proof-of-Work algorithm does not consider a certain attack methodology related to 80-byte block headers with a variety of initial 64-byte chunks followed by the same 16-byte chunk, multiple candidate root values ending with the same 4 bytes, and calculations involving sqrt numbers. This violates the security assumptions of (1) the choice of input, outside of the dedicated nonce area, fed into the Proof-of-Work function should not change its difficulty to evaluate and (2) every Proof-of-Work function execution should be independent. NOTE: a number of persons feel that this methodology is a benign mining optimization, not a vulnerability."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf", "name": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf" "url": "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf"
}, },
{ {
"name" : "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf", "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://arxiv.org/ftp/arxiv/papers/1604/1604.00575.pdf" "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html"
}, },
{ {
"name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html", "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-April/013996.html" "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html"
}, },
{ {
"name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html", "name": "98657",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html" "url": "http://www.securityfocus.com/bid/98657"
}, },
{ {
"name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html", "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014351.html" "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html"
}, },
{ {
"name" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html", "name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014352.html" "url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2017-May/014349.html"
}, },
{ {
"name" : "98657", "name": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/98657" "url": "http://www.mit.edu/~jlrubin//public/pdfs/Asicboost.pdf"
} }
] ]
} }

62
2017/9xxx/CVE-2017-9336.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9336", "ID": "CVE-2017-9336",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post." "value": "The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://lncken.cn/?p=258", "name": "http://lncken.cn/?p=258",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://lncken.cn/?p=258" "url": "http://lncken.cn/?p=258"
} }
] ]
} }

70
2017/9xxx/CVE-2017-9686.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00", "DATE_PUBLIC": "2017-10-02T00:00:00",
"ID" : "CVE-2017-9686", "ID": "CVE-2017-9686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used." "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possible double free/use after free in the SPS driver when debugfs logging is used."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", "name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" "url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
}, },
{ {
"name" : "101160", "name": "101160",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/101160" "url": "http://www.securityfocus.com/bid/101160"
} }
] ]
} }

62
2017/9xxx/CVE-2017-9897.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9897", "ID": "CVE-2017-9897",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\"" "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x000000000000dcab.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897", "name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897" "url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9897"
} }
] ]
} }

96
2018/0xxx/CVE-2018-0483.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800", "DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-0483", "ID": "CVE-2018-0483",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability" "TITLE": "Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Jabber IM for Android ", "product_name": "Cisco Jabber IM for Android ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information." "value": "A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected system. The vulnerability is due to insufficient validation of user-supplied input of an affected client. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. A successful exploit could allow the attacker to execute arbitrary script code in the context of the targeted client or allow the attacker to access sensitive client-based information."
} }
] ]
}, },
"exploit" : [ "exploit": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
} }
], ],
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "4.6", "baseScore": "4.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N ",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability", "name": "106506",
"refsource" : "CISCO", "refsource": "BID",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss" "url": "http://www.securityfocus.com/bid/106506"
}, },
{ {
"name" : "106506", "name": "20190109 Cisco Jabber Client Framework Instant Message Cross-Site Scripting Vulnerability",
"refsource" : "BID", "refsource": "CISCO",
"url" : "http://www.securityfocus.com/bid/106506" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-jcf-im-xss"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20190109-jcf-im-xss", "advisory": "cisco-sa-20190109-jcf-im-xss",
"defect" : [ "defect": [
[ [
"CSCvm82721" "CSCvm82721"
] ]
], ],
"discovery" : "INTERNAL" "discovery": "INTERNAL"
} }
} }

62
2018/18xxx/CVE-2018-18704.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18704", "ID": "CVE-2018-18704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter." "value": "PhpTpoint Pharmacy Management System suffers from a SQL injection vulnerability in the index.php username parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "45682", "name": "45682",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45682/" "url": "https://www.exploit-db.com/exploits/45682/"
} }
] ]
} }

22
2018/18xxx/CVE-2018-18819.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18819", "ID": "CVE-2018-18819",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/18xxx/CVE-2018-18945.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18945", "ID": "CVE-2018-18945",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/19xxx/CVE-2018-19299.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19299", "ID": "CVE-2018-19299",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/19xxx/CVE-2018-19669.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19669", "ID": "CVE-2018-19669",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

68
2018/19xxx/CVE-2018-19773.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19773", "ID": "CVE-2018-19773",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentUser.jsp\" has reflected XSS via the GroupId and ConnPoolName parameters." "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"EditCurrentUser.jsp\" has reflected XSS via the GroupId and ConnPoolName parameters."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", "name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource" : "FULLDISC", "refsource": "MISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20" "url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", "name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource" : "MISC", "refsource": "FULLDISC",
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" "url": "http://seclists.org/fulldisclosure/2018/Dec/20"
} }
] ]
} }

22
2018/19xxx/CVE-2018-19988.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19988", "ID": "CVE-2018-19988",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

82
2018/1xxx/CVE-2018-1416.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-02-22T00:00:00", "DATE_PUBLIC": "2018-02-22T00:00:00",
"ID" : "CVE-2018-1416", "ID": "CVE-2018-1416",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebSphere Portal", "product_name": "WebSphere Portal",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.5" "version_value": "8.5"
}, },
{ {
"version_value" : "9.0" "version_value": "9.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822." "value": "IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138822."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-Site Scripting" "value": "Cross-Site Scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822", "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/138822"
}, },
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22013706", "name": "http://www.ibm.com/support/docview.wss?uid=swg22013706",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22013706" "url": "http://www.ibm.com/support/docview.wss?uid=swg22013706"
}, },
{ {
"name" : "103168", "name": "103168",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103168" "url": "http://www.securityfocus.com/bid/103168"
} }
] ]
} }

22
2018/1xxx/CVE-2018-1486.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1486", "ID": "CVE-2018-1486",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

110
2018/1xxx/CVE-2018-1859.json
View File

@ -1,95 +1,95 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-01-02T00:00:00", "DATE_PUBLIC": "2019-01-02T00:00:00",
"ID" : "CVE-2018-1859", "ID": "CVE-2018-1859",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "API Connect", "product_name": "API Connect",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0.0.0" "version_value": "5.0.0.0"
}, },
{ {
"version_value" : "5.0.8.4" "version_value": "5.0.8.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258." "value": "IBM API Connect 5.0.0.0 through 5.0.8.4 could allow a user authenticated as an administrator with limited rights to escalate their privileges. IBM X-Force ID: 151258."
} }
] ]
}, },
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"A" : "L", "A": "L",
"AC" : "L", "AC": "L",
"AV" : "N", "AV": "N",
"C" : "L", "C": "L",
"I" : "L", "I": "L",
"PR" : "H", "PR": "H",
"S" : "U", "S": "U",
"SCORE" : "4.300", "SCORE": "4.300",
"UI" : "R" "UI": "R"
}, },
"TM" : { "TM": {
"E" : "U", "E": "U",
"RC" : "C", "RC": "C",
"RL" : "O" "RL": "O"
} }
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Gain Privileges" "value": "Gain Privileges"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10792055", "name": "ibm-api-cve20181859-priv-escalation(151258)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10792055" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151258"
}, },
{ {
"name" : "106456", "name": "https://www.ibm.com/support/docview.wss?uid=ibm10792055",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/106456" "url": "https://www.ibm.com/support/docview.wss?uid=ibm10792055"
}, },
{ {
"name" : "ibm-api-cve20181859-priv-escalation(151258)", "name": "106456",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151258" "url": "http://www.securityfocus.com/bid/106456"
} }
] ]
} }