admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:42:33 +00:00
parent 2179d277c9
commit 0d550373db
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3684 additions and 3684 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2008/0xxx/CVE-2008-0336.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837"
},
{
"name" : "28481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28481"
},
{
"name" : "bugtrackernet-http-csrf(39651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and massedit.aspx, subscribe.aspx, flag.aspx, and relationships.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=66812&release_id=568160"
},
{
"name": "bugtrackernet-http-csrf(39651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39651"
},
{
"name": "28481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28481"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1867089&group_id=66812&atid=515837"
}
]
}
}

500
2008/0xxx/CVE-2008-0599.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-0599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name" : "[oss-security] 20080502 CVE Request (PHP)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name" : "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u",
"refsource" : "CONFIRM",
"url" : "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2503",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2503"
},
{
"name" : "APPLE-SA-2008-07-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name" : "FEDORA-2008-3606",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name" : "FEDORA-2008-3864",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name" : "GLSA-200811-05",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name" : "HPSBUX02342",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name" : "SSRT080063",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name" : "HPSBUX02431",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2"
},
{
"name" : "SSRT090085",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124654546101607&w=2"
},
{
"name" : "HPSBUX02465",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name" : "SSRT090192",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name" : "MDVSA-2008:127",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name" : "MDVSA-2008:128",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name" : "RHSA-2008:0505",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name" : "SSA:2008-128-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951"
},
{
"name" : "USN-628-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name" : "VU#147027",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/147027"
},
{
"name" : "29009",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29009"
},
{
"name" : "oval:org.mitre.oval:def:5510",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510"
},
{
"name" : "35650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35650"
},
{
"name" : "32746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32746"
},
{
"name" : "ADV-2008-1412",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name" : "ADV-2008-1810",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1810/references"
},
{
"name" : "ADV-2008-2268",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name" : "1019958",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019958"
},
{
"name" : "30048",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30048"
},
{
"name" : "30345",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30345"
},
{
"name" : "30757",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30757"
},
{
"name" : "30828",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30828"
},
{
"name" : "31200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31200"
},
{
"name" : "31326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31326"
},
{
"name" : "30083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30083"
},
{
"name" : "30616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30616"
},
{
"name" : "php-vector-unspecified(42137)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-1412",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1412"
},
{
"name": "20080523 rPSA-2008-0176-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492535/100/0/threaded"
},
{
"name": "FEDORA-2008-3606",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html"
},
{
"name": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u",
"refsource": "CONFIRM",
"url": "http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.50.2.12&r2=1.267.2.15.2.50.2.13&diff_format=u"
},
{
"name": "32746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32746"
},
{
"name": "30616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30616"
},
{
"name": "HPSBUX02342",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "HPSBUX02465",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name": "30083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30083"
},
{
"name": "APPLE-SA-2008-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html"
},
{
"name": "GLSA-200811-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml"
},
{
"name": "SSRT090085",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"
},
{
"name": "FEDORA-2008-3864",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html"
},
{
"name": "29009",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29009"
},
{
"name": "oval:org.mitre.oval:def:5510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5510"
},
{
"name": "30828",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30828"
},
{
"name": "MDVSA-2008:128",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128"
},
{
"name": "ADV-2008-2268",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2268"
},
{
"name": "30345",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30345"
},
{
"name": "USN-628-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-628-1"
},
{
"name": "SSRT090192",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"
},
{
"name": "php-vector-unspecified(42137)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42137"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0176"
},
{
"name": "[oss-security] 20080502 CVE Request (PHP)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/05/02/2"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "31200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31200"
},
{
"name": "SSA:2008-128-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.488951"
},
{
"name": "30757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30757"
},
{
"name": "31326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31326"
},
{
"name": "1019958",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019958"
},
{
"name": "VU#147027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/147027"
},
{
"name": "HPSBUX02431",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124654546101607&w=2"
},
{
"name": "https://issues.rpath.com/browse/RPL-2503",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2503"
},
{
"name": "RHSA-2008:0505",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html"
},
{
"name": "SSRT080063",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01476437"
},
{
"name": "ADV-2008-1810",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1810/references"
},
{
"name": "MDVSA-2008:127",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127"
},
{
"name": "35650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35650"
},
{
"name": "30048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30048"
}
]
}
}

180
2008/1xxx/CVE-2008-1016.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1016",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1016",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT1241",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT1241"
},
{
"name" : "TA08-094A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-094A.html"
},
{
"name" : "28583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28583"
},
{
"name" : "ADV-2008-1078",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1078"
},
{
"name" : "1019760",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019760"
},
{
"name" : "29650",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29650"
},
{
"name" : "quicktime-movie-media-code-execution(41605)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41605"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime before 7.4.5 does not properly handle movie media tracks, which allows remote attackers to execute arbitrary code via a crafted movie that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT1241",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT1241"
},
{
"name": "TA08-094A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-094A.html"
},
{
"name": "ADV-2008-1078",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1078"
},
{
"name": "28583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28583"
},
{
"name": "quicktime-movie-media-code-execution(41605)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41605"
},
{
"name": "1019760",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019760"
},
{
"name": "29650",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29650"
}
]
}
}

170
2008/1xxx/CVE-2008-1146.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka \"Algorithm X3\"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource" : "MISC",
"url" : "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name" : "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/487658"
},
{
"name" : "27647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27647"
},
{
"name" : "28819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28819"
},
{
"name" : "openbsd-prng-dns-spoofing(40329)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain pseudo-random number generator (PRNG) algorithm that uses XOR and 3-bit random hops (aka \"Algorithm X3\"), as used in OpenBSD 2.8 through 4.2, allows remote attackers to guess sensitive values such as DNS transaction IDs by observing a sequence of previously generated values. NOTE: this issue can be leveraged for attacks such as DNS cache poisoning against OpenBSD's modification of BIND."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080206 A paper by Amit Klein (Trusteer): \"OpenBSD DNS Cache Poisoning and Multiple O/S Predictable IP ID Vulnerability\"",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487658"
},
{
"name": "28819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28819"
},
{
"name": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/docs/OpenBSD_DNS_Cache_Poisoning_and_Multiple_OS_Predictable_IP_ID_Vulnerability.pdf"
},
{
"name": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/securityreviews/5PP0H0UNGW.html"
},
{
"name": "openbsd-prng-dns-spoofing(40329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40329"
},
{
"name": "27647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27647"
}
]
}
}

180
2008/1xxx/CVE-2008-1441.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the \"PGM Malformed Fragment Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2008-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS08-036",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036"
},
{
"name" : "TA08-162B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name" : "29509",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29509"
},
{
"name" : "oval:org.mitre.oval:def:5604",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5604"
},
{
"name" : "ADV-2008-1783",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1783"
},
{
"name" : "1020231",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020231"
},
{
"name" : "30587",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30587"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the \"PGM Malformed Fragment Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS08-036",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036"
},
{
"name": "oval:org.mitre.oval:def:5604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5604"
},
{
"name": "ADV-2008-1783",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1783"
},
{
"name": "TA08-162B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html"
},
{
"name": "30587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30587"
},
{
"name": "1020231",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020231"
},
{
"name": "29509",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29509"
}
]
}
}

190
2008/1xxx/CVE-2008-1575.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2008-05-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name" : "TA08-150A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name" : "29412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29412"
},
{
"name" : "29492",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29492"
},
{
"name" : "ADV-2008-1697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name" : "1020133",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020133"
},
{
"name" : "30430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30430"
},
{
"name" : "macosx-ats-code-execution(42707)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42707"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Apple Type Services (ATS) server in Apple Mac OS X 10.5 before 10.5.3 allows user-assisted remote attackers to execute arbitrary code via a crafted embedded font in a PDF document, related to memory corruption that occurs during printing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macosx-ats-code-execution(42707)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42707"
},
{
"name": "29492",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29492"
},
{
"name": "TA08-150A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
},
{
"name": "30430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30430"
},
{
"name": "APPLE-SA-2008-05-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
},
{
"name": "1020133",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020133"
},
{
"name": "ADV-2008-1697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1697"
},
{
"name": "29412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29412"
}
]
}
}

160
2008/1xxx/CVE-2008-1860.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
},
{
"name" : "5408",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5408"
},
{
"name" : "ADV-2008-1162",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1162/references"
},
{
"name" : "29749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29749"
},
{
"name" : "lokicms-admin-code-execution(41736)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41736"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lokicms-admin-code-execution(41736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41736"
},
{
"name": "ADV-2008-1162",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1162/references"
},
{
"name": "5408",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5408"
},
{
"name": "20080531 LokiCMS Multiple Vulnerabilities through Authorization weakness",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/492877/100/0/threaded"
},
{
"name": "29749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29749"
}
]
}
}

34
2008/1xxx/CVE-2008-1879.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1879",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1879",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2008/3xxx/CVE-2008-3399.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/494754/100/0/threaded"
},
{
"name" : "6131",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6131"
},
{
"name" : "4081",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4081"
},
{
"name" : "xrmscrm-workflowactivities-file-include(43992)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xrmscrm-workflowactivities-file-include(43992)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43992"
},
{
"name": "6131",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6131"
},
{
"name": "20080725 XRMS 1.99.2 (RFI/XSS/IG) Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/494754/100/0/threaded"
},
{
"name": "4081",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4081"
}
]
}
}

170
2008/4xxx/CVE-2008-4183.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6390",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6390"
},
{
"name" : "http://www.integramod.com/forum/viewtopic.php?f=3&t=5089",
"refsource" : "CONFIRM",
"url" : "http://www.integramod.com/forum/viewtopic.php?f=3&t=5089"
},
{
"name" : "31149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31149"
},
{
"name" : "31749",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31749"
},
{
"name" : "4300",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4300"
},
{
"name" : "integramod-backup-info-disclosure(45096)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IntegraMOD 1.4.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup via a direct request to a backup/backup-yyyy-dd-mm.sql filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.integramod.com/forum/viewtopic.php?f=3&t=5089",
"refsource": "CONFIRM",
"url": "http://www.integramod.com/forum/viewtopic.php?f=3&t=5089"
},
{
"name": "31149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31149"
},
{
"name": "4300",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4300"
},
{
"name": "6390",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6390"
},
{
"name": "integramod-backup-info-disclosure(45096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45096"
},
{
"name": "31749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31749"
}
]
}
}

330
2008/4xxx/CVE-2008-4933.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/03/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1"
},
{
"name" : "DSA-1687",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1687"
},
{
"name" : "DSA-1681",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1681"
},
{
"name" : "MDVSA-2008:234",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:234"
},
{
"name" : "RHSA-2009:0014",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0014.html"
},
{
"name" : "RHSA-2009:0264",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0264.html"
},
{
"name" : "SUSE-SA:2009:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html"
},
{
"name" : "SUSE-SA:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html"
},
{
"name" : "USN-679-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-679-1"
},
{
"name" : "32093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32093"
},
{
"name" : "oval:org.mitre.oval:def:11061",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11061"
},
{
"name" : "32510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32510"
},
{
"name" : "32918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32918"
},
{
"name" : "33180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33180"
},
{
"name" : "32998",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32998"
},
{
"name" : "33641",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33641"
},
{
"name" : "33704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33704"
},
{
"name" : "33556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33556"
},
{
"name" : "33858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33858"
},
{
"name" : "linux-kernel-hfsplusfindcat-bo(46405)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32998",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32998"
},
{
"name": "MDVSA-2008:234",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:234"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40"
},
{
"name": "33641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33641"
},
{
"name": "linux-kernel-hfsplusfindcat-bo(46405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46405"
},
{
"name": "32093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32093"
},
{
"name": "RHSA-2009:0014",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0014.html"
},
{
"name": "33556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33556"
},
{
"name": "DSA-1687",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1687"
},
{
"name": "RHSA-2009:0264",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0264.html"
},
{
"name": "32918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32918"
},
{
"name": "33858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33858"
},
{
"name": "USN-679-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-679-1"
},
{
"name": "oval:org.mitre.oval:def:11061",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11061"
},
{
"name": "[oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/03/2"
},
{
"name": "32510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32510"
},
{
"name": "33180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33180"
},
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1"
},
{
"name": "33704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33704"
},
{
"name": "DSA-1681",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1681"
},
{
"name": "SUSE-SA:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html"
},
{
"name": "SUSE-SA:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html"
}
]
}
}

130
2013/2xxx/CVE-2013-2029.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=958015",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=958015"
},
{
"name" : "RHSA-2013:1526",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others for Nagios Core 3.4.4, 3.5.1, and earlier, allows local users to overwrite arbitrary files via a symlink attack on a temporary nagioscfg file with a predictable name in /tmp/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1526",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1526.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=958015",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=958015"
}
]
}
}

34
2013/2xxx/CVE-2013-2092.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2092",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2092",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

280
2013/2xxx/CVE-2013-2892.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2892",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2892",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-input&m=137772185414625&w=1"
},
{
"name" : "[oss-security] 20130828 Linux HID security flaws",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/08/28/13"
},
{
"name" : "DSA-2766",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2766"
},
{
"name" : "RHSA-2013:1490",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name" : "RHSA-2013:1645",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name" : "USN-1976-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1976-1"
},
{
"name" : "USN-1977-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1977-1"
},
{
"name" : "USN-1995-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1995-1"
},
{
"name" : "USN-1998-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1998-1"
},
{
"name" : "USN-2019-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name" : "USN-2021-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name" : "USN-2022-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name" : "USN-2024-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name" : "USN-2038-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name" : "USN-2039-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name" : "USN-2050-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name" : "62049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62049"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2024-1"
},
{
"name": "RHSA-2013:1490",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
},
{
"name": "USN-1977-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1977-1"
},
{
"name": "USN-2039-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2039-1"
},
{
"name": "USN-2022-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2022-1"
},
{
"name": "[oss-security] 20130828 Linux HID security flaws",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/08/28/13"
},
{
"name": "RHSA-2013:1645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
},
{
"name": "USN-1995-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1995-1"
},
{
"name": "USN-2038-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2038-1"
},
{
"name": "DSA-2766",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2766"
},
{
"name": "USN-2021-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2021-1"
},
{
"name": "USN-1976-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1976-1"
},
{
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "62049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62049"
},
{
"name": "USN-1998-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1998-1"
},
{
"name": "[linux-input] 20130828 [PATCH 06/14] HID: pantherlord: validate output report details",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-input&m=137772185414625&w=1"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
}
]
}
}

160
2013/3xxx/CVE-2013-3120.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3118 and CVE-2013-3125."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "40844",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40844/"
},
{
"name" : "http://blog.skylined.nl/20161125001.html",
"refsource" : "MISC",
"url" : "http://blog.skylined.nl/20161125001.html"
},
{
"name" : "MS13-047",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
},
{
"name" : "TA13-168A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A"
},
{
"name" : "oval:org.mitre.oval:def:16778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16778"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3118 and CVE-2013-3125."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA13-168A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"
},
{
"name": "MS13-047",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
},
{
"name": "oval:org.mitre.oval:def:16778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16778"
},
{
"name": "40844",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40844/"
},
{
"name": "http://blog.skylined.nl/20161125001.html",
"refsource": "MISC",
"url": "http://blog.skylined.nl/20161125001.html"
}
]
}
}

140
2013/3xxx/CVE-2013-3179.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-067",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name" : "TA13-253A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name" : "oval:org.mitre.oval:def:18750",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-067",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-067"
},
{
"name": "oval:org.mitre.oval:def:18750",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18750"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

140
2013/3xxx/CVE-2013-3191.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3187 and CVE-2013-3193."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS13-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name" : "TA13-225A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A"
},
{
"name" : "oval:org.mitre.oval:def:18269",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18269"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3187 and CVE-2013-3193."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
},
{
"name": "oval:org.mitre.oval:def:18269",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18269"
}
]
}
}

190
2013/4xxx/CVE-2013-4401.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1015259",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
},
{
"name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c",
"refsource" : "CONFIRM",
"url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"name" : "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource" : "CONFIRM",
"url" : "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name" : "GLSA-201412-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name" : "USN-2026-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"name" : "1029241",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029241"
},
{
"name" : "55210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55210"
},
{
"name" : "60895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1015259"
},
{
"name": "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource": "CONFIRM",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c"
},
{
"name": "USN-2026-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2026-1"
},
{
"name": "55210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55210"
},
{
"name": "1029241",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029241"
}
]
}
}

140
2013/4xxx/CVE-2013-4565.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131113 Re: CVE request: ppthtml heap-based buffer overflow",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q4/279"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279"
},
{
"name" : "ppthtml-cve20134565-bo(88885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/88885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729279"
},
{
"name": "ppthtml-cve20134565-bo(88885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88885"
},
{
"name": "[oss-security] 20131113 Re: CVE request: ppthtml heap-based buffer overflow",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/279"
}
]
}
}

130
2013/6xxx/CVE-2013-6128.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-6128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "28085",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/28085/"
},
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28085",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/28085/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-295-01"
}
]
}
}

160
2013/6xxx/CVE-2013-6166.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130403 browser document.cookie DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/03/10"
},
{
"name" : "[oss-security] 20131016 Re: browser document.cookie DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q4/117"
},
{
"name" : "[oss-security] 20131017 Re: browser document.cookie DoS vulnerability",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q4/121"
},
{
"name" : "http://redmine.lighttpd.net/issues/2188",
"refsource" : "MISC",
"url" : "http://redmine.lighttpd.net/issues/2188"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=238041",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=238041"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed cookie within an HTTP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131017 Re: browser document.cookie DoS vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/121"
},
{
"name": "[oss-security] 20131016 Re: browser document.cookie DoS vulnerability",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/117"
},
{
"name": "[oss-security] 20130403 browser document.cookie DoS vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/03/10"
},
{
"name": "http://redmine.lighttpd.net/issues/2188",
"refsource": "MISC",
"url": "http://redmine.lighttpd.net/issues/2188"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=238041",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=238041"
}
]
}
}

150
2013/6xxx/CVE-2013-6433.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039812",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039812"
},
{
"name" : "RHSA-2014:0516",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0516.html"
},
{
"name" : "USN-2255-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"name" : "59533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/59533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in the Red Hat openstack-neutron package before 2013.2.3-7 does not properly set a configuration file for rootwrap, which allows remote attackers to gain privileges via a crafted configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59533"
},
{
"name": "USN-2255-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2255-1"
},
{
"name": "RHSA-2014:0516",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0516.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039812",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039812"
}
]
}
}

34
2013/6xxx/CVE-2013-6565.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6565",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6565",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

160
2013/6xxx/CVE-2013-6659.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=306959",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=306959"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?revision=229611&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?revision=229611&view=revision"
},
{
"name" : "DSA-2883",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2014/dsa-2883"
},
{
"name" : "openSUSE-SU-2014:0327",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLClientSocketNSS::Core::OwnAuthCertHandler function in net/socket/ssl_client_socket_nss.cc in Google Chrome before 33.0.1750.117 does not prevent changes to server X.509 certificates during renegotiations, which allows remote SSL servers to trigger use of a new certificate chain, inconsistent with the user's expectations, by initiating a TLS renegotiation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2883",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2883"
},
{
"name": "openSUSE-SU-2014:0327",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00006.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=306959",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=306959"
},
{
"name": "https://src.chromium.org/viewvc/chrome?revision=229611&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?revision=229611&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2014/02/stable-channel-update_20.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10019.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected": "=",
"version_value": "8.55"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "99735",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99735"
},
{
"name" : "1038932",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 7.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "99735",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99735"
}
]
}
}

298
2017/10xxx/CVE-2017-10102.json
View File

@ -1,151 +1,151 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u151"
},
{
"version_affected" : "=",
"version_value" : "7u141"
},
{
"version_affected" : "=",
"version_value" : "8u131; Java SE Embedded: 8u131"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u151"
},
{
"version_affected": "=",
"version_value": "7u141"
},
{
"version_affected": "=",
"version_value": "8u131; Java SE Embedded: 8u131"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name" : "https://cert.vde.com/en-us/advisories/vde-2017-002",
"refsource" : "CONFIRM",
"url" : "https://cert.vde.com/en-us/advisories/vde-2017-002"
},
{
"name" : "DSA-3919",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3919"
},
{
"name" : "DSA-3954",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3954"
},
{
"name" : "GLSA-201709-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-22"
},
{
"name" : "RHSA-2017:3453",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name" : "RHSA-2017:1789",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1789"
},
{
"name" : "RHSA-2017:1790",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1790"
},
{
"name" : "RHSA-2017:1791",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1791"
},
{
"name" : "RHSA-2017:1792",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1792"
},
{
"name" : "RHSA-2017:2424",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2424"
},
{
"name" : "RHSA-2017:2469",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2469"
},
{
"name" : "RHSA-2017:2481",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2481"
},
{
"name" : "RHSA-2017:2530",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:2530"
},
{
"name" : "99712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99712"
},
{
"name" : "1038931",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: RMI). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. While the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:1791",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1791"
},
{
"name": "RHSA-2017:1790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1790"
},
{
"name": "https://security.netapp.com/advisory/ntap-20170720-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20170720-0001/"
},
{
"name": "RHSA-2017:1789",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1789"
},
{
"name": "https://cert.vde.com/en-us/advisories/vde-2017-002",
"refsource": "CONFIRM",
"url": "https://cert.vde.com/en-us/advisories/vde-2017-002"
},
{
"name": "RHSA-2017:2424",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2424"
},
{
"name": "99712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99712"
},
{
"name": "1038931",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038931"
},
{
"name": "RHSA-2017:1792",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1792"
},
{
"name": "GLSA-201709-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-22"
},
{
"name": "DSA-3919",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3919"
},
{
"name": "RHSA-2017:2481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2481"
},
{
"name": "RHSA-2017:2530",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2530"
},
{
"name": "RHSA-2017:3453",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3453"
},
{
"name": "RHSA-2017:2469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2469"
},
{
"name": "DSA-3954",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3954"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

142
2017/10xxx/CVE-2017-10400.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GlassFish Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "3.1.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GlassFish Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.1.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101383",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101383"
},
{
"name" : "1039606",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039606"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration Graphical User Interface). The supported version that is affected is 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
},
{
"name": "101383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101383"
}
]
}
}

162
2017/10xxx/CVE-2017-10897.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10897",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BBR-4HG",
"version" : {
"version_data" : [
{
"version_value" : "firmware 1.00 to 1.48"
},
{
"version_value" : "firmware 2.00 to 2.07"
}
]
}
},
{
"product_name" : "BBR-4MG",
"version" : {
"version_data" : [
{
"version_value" : "firmware 1.00 to 1.48"
},
{
"version_value" : "firmware 2.00 to 2.07"
}
]
}
}
]
},
"vendor_name" : "BUFFALO INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10897",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BBR-4HG",
"version": {
"version_data": [
{
"version_value": "firmware 1.00 to 1.48"
},
{
"version_value": "firmware 2.00 to 2.07"
}
]
}
},
{
"product_name": "BBR-4MG",
"version": {
"version_data": [
{
"version_value": "firmware 1.00 to 1.48"
},
{
"version_value": "firmware 2.00 to 2.07"
}
]
}
}
]
},
"vendor_name": "BUFFALO INC."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://buffalo.jp/support_s/s20171201.html",
"refsource" : "CONFIRM",
"url" : "http://buffalo.jp/support_s/s20171201.html"
},
{
"name" : "JVN#65994435",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN65994435/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to cause the device to become unresponsive via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#65994435",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65994435/index.html"
},
{
"name": "http://buffalo.jp/support_s/s20171201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20171201.html"
}
]
}
}

34
2017/13xxx/CVE-2017-13411.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13411",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13411",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2017/13xxx/CVE-2017-13768.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/706",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/706"
},
{
"name" : "GLSA-201711-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-07"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
},
{
"name" : "100569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Null Pointer Dereference in the IdentifyImage function in MagickCore/identify.c in ImageMagick through 7.0.6-10 allows an attacker to perform denial of service by sending a crafted image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "100569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100569"
},
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/706",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/706"
}
]
}
}

130
2017/13xxx/CVE-2017-13834.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-13834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
},
{
"name" : "1039710",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039710"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the \"Kernel\" component. It allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted mach binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name": "1039710",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039710"
}
]
}
}

122
2017/17xxx/CVE-2017-17442.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@blackberry.com",
"DATE_PUBLIC" : "2018-03-13T00:00:00",
"ID" : "CVE-2017-17442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "UEM Management Console",
"version" : {
"version_data" : [
{
"version_value" : "12.7.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "BlackBerry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected cross-site scripting vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "secure@blackberry.com",
"DATE_PUBLIC": "2018-03-13T00:00:00",
"ID": "CVE-2017-17442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "UEM Management Console",
"version": {
"version_data": [
{
"version_value": "12.7.1 and earlier"
}
]
}
}
]
},
"vendor_name": "BlackBerry"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In BlackBerry UEM Management Console version 12.7.1 and earlier, a reflected cross-site scripting vulnerability that could allow an attacker to execute script commands in the context of the affected UEM Management Console account by crafting a malicious link and then persuading a user with legitimate access to the Management Console to click on the malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227",
"refsource": "CONFIRM",
"url": "http://support.blackberry.com/kb/articleDetail?articleNumber=000047227"
}
]
}
}

140
2017/9xxx/CVE-2017-9324.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
},
{
"name" : "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/",
"refsource" : "MISC",
"url" : "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"name" : "DSA-3876",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3876"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through 4.0.23, and 5.x through 5.0.19, an attacker with agent permission is capable of opening a specific URL in a browser to gain administrative privileges / full access. Afterward, all system settings can be read and changed. The URLs in question contain index.pl?Action=Installer with ;Subaction=Intro or ;Subaction=Start or ;Subaction=System appended at the end."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/",
"refsource": "MISC",
"url": "https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/"
},
{
"name": "DSA-3876",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3876"
},
{
"name": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/142862/OTRS-Install-Dialog-Disclosure.html"
}
]
}
}

34
2017/9xxx/CVE-2017-9329.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9329",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9329",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2017/9xxx/CVE-2017-9343.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669",
"refsource" : "MISC",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2017-30.html",
"refsource" : "MISC",
"url" : "https://www.wireshark.org/security/wnpa-sec-2017-30.html"
},
{
"name" : "98797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98797"
},
{
"name" : "1038612",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector misuses a NULL pointer. This was addressed in epan/dissectors/packet-msnip.c by validating an IPv4 address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "98797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98797"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2017-30.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2017-30.html"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1678"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725"
},
{
"name": "1038612",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038612"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669",
"refsource": "MISC",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=27556320b41904716b9c9f73ef8f4fe705d1e669"
}
]
}
}

120
2017/9xxx/CVE-2017-9490.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9490",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9490",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt",
"refsource" : "MISC",
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt"
}
]
}
}

188
2018/0xxx/CVE-2018-0417.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-17T16:00:00-0500",
"ID" : "CVE-2018-0417",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Wireless LAN Controller (WLC) ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "7.5",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-264"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-17T16:00:00-0500",
"ID": "CVE-2018-0417",
"STATE": "PUBLIC",
"TITLE": "Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Wireless LAN Controller (WLC) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181017 Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"name" : "105667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105667"
},
{
"name" : "1041924",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041924"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181017-wlc-gui-privesc",
"defect" : [
[
"CSCvh65876"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in TACACS authentication with Cisco Wireless LAN Controller (WLC) Software could allow an authenticated, local attacker to perform certain operations within the GUI that are not normally available to that user on the CLI. The vulnerability is due to incorrect parsing of a specific TACACS attribute received in the TACACS response from the remote TACACS server. An attacker could exploit this vulnerability by authenticating via TACACS to the GUI on the affected device. A successful exploit could allow an attacker to create local user accounts with administrative privileges on an affected WLC and execute other commands that are not allowed from the CLI and should be prohibited."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-264"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041924",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041924"
},
{
"name": "20181017 Cisco Wireless LAN Controller Software GUI Privilege Escalation Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181017-wlc-gui-privesc"
},
{
"name": "105667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105667"
}
]
},
"source": {
"advisory": "cisco-sa-20181017-wlc-gui-privesc",
"defect": [
[
"CSCvh65876"
]
],
"discovery": "INTERNAL"
}
}

126
2018/1000xxx/CVE-2018-1000660.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-09-03T16:07:16.969603",
"DATE_REQUESTED" : "2018-08-20T08:59:35",
"ID" : "CVE-2018-1000660",
"REQUESTER" : "ivanaf@mit.edu",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "TOCK",
"version" : {
"version_data" : [
{
"version_value" : "prior to commit 42f7f36e74088036068d62253e1d8fb26605feed"
}
]
}
}
]
},
"vendor_name" : "TOCK"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable \"pub package_name: &'static str,\" in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Permissions"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-09-03T16:07:16.969603",
"DATE_REQUESTED": "2018-08-20T08:59:35",
"ID": "CVE-2018-1000660",
"REQUESTER": "ivanaf@mit.edu",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/tock/tock/issues/1147",
"refsource" : "CONFIRM",
"url" : "https://github.com/tock/tock/issues/1147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TOCK version prior to commit 42f7f36e74088036068d62253e1d8fb26605feed. For example dfde28196cd12071fcf6669f7654be7df482b85d contains a Insecure Permissions vulnerability in Function get_package_name in the file kernel/src/tbfheader.rs, variable \"pub package_name: &'static str,\" in the file process.rs that can result in A tock capsule (untrusted driver) could access arbitrary memory by using only safe code. This vulnerability appears to have been fixed in commit 42f7f36e74088036068d62253e1d8fb26605feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tock/tock/issues/1147",
"refsource": "CONFIRM",
"url": "https://github.com/tock/tock/issues/1147"
}
]
}
}

146
2018/1000xxx/CVE-2018-1000807.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-10-05T22:22:07.611739",
"DATE_REQUESTED" : "2018-09-20T17:00:49",
"ID" : "CVE-2018-1000807",
"REQUESTER" : "secure@veritas.com",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pyopenssl",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 17.5.0"
}
]
}
}
]
},
"vendor_name" : "Python Cryptographic Authority "
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416: Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-10-05T22:22:07.611739",
"DATE_REQUESTED": "2018-09-20T17:00:49",
"ID": "CVE-2018-1000807",
"REQUESTER": "secure@veritas.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/pyca/pyopenssl/pull/723",
"refsource" : "CONFIRM",
"url" : "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name" : "RHSA-2019:0085",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name" : "USN-3813-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3813-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitable via Depends on the calling application and if it retains a reference to the memory.. This vulnerability appears to have been fixed in 17.5.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pyca/pyopenssl/pull/723",
"refsource": "CONFIRM",
"url": "https://github.com/pyca/pyopenssl/pull/723"
},
{
"name": "RHSA-2019:0085",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0085"
},
{
"name": "USN-3813-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3813-1/"
}
]
}
}

34
2018/19xxx/CVE-2018-19099.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19099",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19099",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/19xxx/CVE-2018-19183.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a \"code: Buffer.from(my_code, 'hex')\" attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ethereumjs/ethereumjs-vm/issues/386",
"refsource" : "MISC",
"url" : "https://github.com/ethereumjs/ethereumjs-vm/issues/386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ethereumjs-vm 2.4.0 allows attackers to cause a denial of service (vm.runCode failure and REVERT) via a \"code: Buffer.from(my_code, 'hex')\" attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ethereumjs/ethereumjs-vm/issues/386",
"refsource": "MISC",
"url": "https://github.com/ethereumjs/ethereumjs-vm/issues/386"
}
]
}
}

34
2018/19xxx/CVE-2018-19453.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19453",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19453",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

428
2018/1xxx/CVE-2018-1040.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-1040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka \"Windows Code Integrity Module Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-1040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1040",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1040"
},
{
"name" : "104389",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104389"
},
{
"name" : "1041112",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka \"Windows Code Integrity Module Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104389"
},
{
"name": "1041112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041112"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1040",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1040"
}
]
}
}

180
2018/1xxx/CVE-2018-1140.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psampaio@redhat.com",
"ID" : "CVE-2018-1140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "samba",
"version" : {
"version_data" : [
{
"version_value" : "4.8.0 and newer"
}
]
}
}
]
},
"vendor_name" : "The Samba Team"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable"
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "6.5/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "samba",
"version": {
"version_data": [
{
"version_value": "4.8.0 and newer"
}
]
}
}
]
},
"vendor_name": "The Samba Team"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.samba.org/show_bug.cgi?id=13374",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.samba.org/show_bug.cgi?id=13374"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1140",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1140"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2018-1140.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2018-1140.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180814-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180814-0001/"
},
{
"name" : "105082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing input sanitization flaw was found in the implementation of LDP database used for the LDAP server. An attacker could use this flaw to cause a denial of service against a samba server, used as a Active Directory Domain Controller. All versions of Samba from 4.8.0 onwards are vulnerable"
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "6.5/CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.samba.org/show_bug.cgi?id=13374",
"refsource": "CONFIRM",
"url": "https://bugzilla.samba.org/show_bug.cgi?id=13374"
},
{
"name": "https://www.samba.org/samba/security/CVE-2018-1140.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2018-1140.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180814-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180814-0001/"
},
{
"name": "105082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105082"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1140",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1140"
}
]
}
}

226
2018/1xxx/CVE-2018-1659.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-20T00:00:00",
"ID" : "CVE-2018-1659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Engineering Lifecycle Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
},
{
"version_value" : "5.01"
},
{
"version_value" : "5.02"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-09-20T00:00:00",
"ID": "CVE-2018-1659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Engineering Lifecycle Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
},
{
"version_value": "5.01"
},
{
"version_value": "5.02"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
},
{
"name" : "ibm-relm-cve20181659-xss(144885)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144885"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 144885."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10731511",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10731511"
},
{
"name": "ibm-relm-cve20181659-xss(144885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144885"
}
]
}
}

172
2018/1xxx/CVE-2018-1795.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-02T00:00:00",
"ID" : "CVE-2018-1795",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Robotic Process Automation with Automation Anywhere",
"version" : {
"version_data" : [
{
"version_value" : "10"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-02T00:00:00",
"ID": "CVE-2018-1795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Robotic Process Automation with Automation Anywhere",
"version": {
"version_data": [
{
"version_value": "10"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10730615",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10730615"
},
{
"name" : "ibm-rpa-cve20181795-xss(149073)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/149073"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Robotic Process Automation with Automation Anywhere Enterprise 10 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 149073."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10730615",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10730615"
},
{
"name": "ibm-rpa-cve20181795-xss(149073)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149073"
}
]
}
}