admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:17:22 +00:00
parent a6aabc58bb
commit 0e484b4c4e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3876 additions and 3876 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2008/0xxx/CVE-2008-0462.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0462", "ID": "CVE-2008-0462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors." "value": "Cross-site scripting (XSS) vulnerability in the Archive 5.x before 5.x-1.8 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://drupal.org/node/213478", "name": "http://drupal.org/node/213478",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://drupal.org/node/213478" "url": "http://drupal.org/node/213478"
}, },
{ {
"name" : "27436", "name": "drupal-archive-unspecified-xss(39898)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/27436" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39898"
}, },
{ {
"name" : "ADV-2008-0278", "name": "ADV-2008-0278",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0278" "url": "http://www.vupen.com/english/advisories/2008/0278"
}, },
{ {
"name" : "28632", "name": "28632",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/28632" "url": "http://secunia.com/advisories/28632"
}, },
{ {
"name" : "drupal-archive-unspecified-xss(39898)", "name": "27436",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39898" "url": "http://www.securityfocus.com/bid/27436"
} }
] ]
} }

92
2008/0xxx/CVE-2008-0471.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0471", "ID": "CVE-2008-0471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action." "value": "Cross-site request forgery (CSRF) vulnerability in privmsg.php in phpBB 2.0.22 allows remote attackers to delete private messages (PM) as arbitrary users via a deleteall action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080123 phpBB 2.0.22 Remote PM Delete XSRF Vulnerability", "name": "28871",
"refsource" : "BUGTRAQ", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/archive/1/487004/100/0/threaded" "url": "http://secunia.com/advisories/28871"
}, },
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589", "name": "3585",
"refsource" : "CONFIRM", "refsource": "SREASON",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589" "url": "http://securityreason.com/securityalert/3585"
}, },
{ {
"name" : "DSA-1488", "name": "DSA-1488",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1488" "url": "http://www.debian.org/security/2008/dsa-1488"
}, },
{ {
"name" : "28630", "name": "28630",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/28630" "url": "http://secunia.com/advisories/28630"
}, },
{ {
"name" : "28871", "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/28871" "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463589"
}, },
{ {
"name" : "3585", "name": "20080123 phpBB 2.0.22 Remote PM Delete XSRF Vulnerability",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/3585" "url": "http://www.securityfocus.com/archive/1/487004/100/0/threaded"
} }
] ]
} }

80
2008/0xxx/CVE-2008-0517.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0517", "ID": "CVE-2008-0517",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action." "value": "SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "5016", "name": "estateagent-index-sql-injection(40060)",
"refsource" : "EXPLOIT-DB", "refsource": "XF",
"url" : "https://www.exploit-db.com/exploits/5016" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40060"
}, },
{ {
"name" : "27520", "name": "27520",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/27520" "url": "http://www.securityfocus.com/bid/27520"
}, },
{ {
"name" : "ADV-2008-0362", "name": "5016",
"refsource" : "VUPEN", "refsource": "EXPLOIT-DB",
"url" : "http://www.vupen.com/english/advisories/2008/0362" "url": "https://www.exploit-db.com/exploits/5016"
}, },
{ {
"name" : "estateagent-index-sql-injection(40060)", "name": "ADV-2008-0362",
"refsource" : "XF", "refsource": "VUPEN",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40060" "url": "http://www.vupen.com/english/advisories/2008/0362"
} }
] ]
} }

104
2008/0xxx/CVE-2008-0711.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0711", "ID": "CVE-2008-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors." "value": "Unspecified vulnerability in the embedded management console in HP iLO-2 Management Processors (iLO-2 MP), as used in Integrity Servers rx2660, rx3600, and rx6600, and Integrity Blade Server model bl860c, allows remote attackers to cause a denial of service via unknown vectors."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "HPSBMA02327", "name": "HPSBMA02327",
"refsource" : "HP", "refsource": "HP",
"url" : "http://marc.info/?l=bugtraq&m=120766789901792&w=2" "url": "http://marc.info/?l=bugtraq&m=120766789901792&w=2"
}, },
{ {
"name" : "SSRT071455", "name": "3804",
"refsource" : "HP", "refsource": "SREASON",
"url" : "http://marc.info/?l=bugtraq&m=120766789901792&w=2" "url": "http://securityreason.com/securityalert/3804"
}, },
{ {
"name" : "28673", "name": "ADV-2008-1132",
"refsource" : "BID", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/bid/28673" "url": "http://www.vupen.com/english/advisories/2008/1132/references"
}, },
{ {
"name" : "ADV-2008-1132", "name": "hp-integrityserver-ilo2mp-console-dos(41696)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/1132/references" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41696"
}, },
{ {
"name" : "1019795", "name": "29718",
"refsource" : "SECTRACK", "refsource": "SECUNIA",
"url" : "http://www.securitytracker.com/id?1019795" "url": "http://secunia.com/advisories/29718"
}, },
{ {
"name" : "29718", "name": "1019795",
"refsource" : "SECUNIA", "refsource": "SECTRACK",
"url" : "http://secunia.com/advisories/29718" "url": "http://www.securitytracker.com/id?1019795"
}, },
{ {
"name" : "3804", "name": "SSRT071455",
"refsource" : "SREASON", "refsource": "HP",
"url" : "http://securityreason.com/securityalert/3804" "url": "http://marc.info/?l=bugtraq&m=120766789901792&w=2"
}, },
{ {
"name" : "hp-integrityserver-ilo2mp-console-dos(41696)", "name": "28673",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41696" "url": "http://www.securityfocus.com/bid/28673"
} }
] ]
} }

68
2008/0xxx/CVE-2008-0846.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0846", "ID": "CVE-2008-0846",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter." "value": "SQL injection vulnerability in index.php in the com_profile component for Joomla! allows remote attackers to execute arbitrary SQL commands via the oid parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080216 joomla SQL Injection(com_profile)", "name": "20080216 joomla SQL Injection(com_profile)",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=120335361520072&w=2" "url": "http://marc.info/?l=bugtraq&m=120335361520072&w=2"
}, },
{ {
"name" : "27851", "name": "27851",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/27851" "url": "http://www.securityfocus.com/bid/27851"
} }
] ]
} }

92
2008/0xxx/CVE-2008-0945.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0945", "ID": "CVE-2008-0945",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field." "value": "Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1", "name": "http://aluigi.altervista.org/adv/ipsimene-adv.txt",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://www.securityfocus.com/archive/1/487748/100/200/threaded" "url": "http://aluigi.altervista.org/adv/ipsimene-adv.txt"
}, },
{ {
"name" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt", "name": "20080207 Multiple vulnerabilities in Ipswitch Instant Messaging 2.0.8.1",
"refsource" : "MISC", "refsource": "BUGTRAQ",
"url" : "http://aluigi.altervista.org/adv/ipsimene-adv.txt" "url": "http://www.securityfocus.com/archive/1/487748/100/200/threaded"
}, },
{ {
"name" : "http://aluigi.org/poc/ipsimene.zip", "name": "27677",
"refsource" : "MISC", "refsource": "BID",
"url" : "http://aluigi.org/poc/ipsimene.zip" "url": "http://www.securityfocus.com/bid/27677"
}, },
{ {
"name" : "27677", "name": "3697",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/27677" "url": "http://securityreason.com/securityalert/3697"
}, },
{ {
"name" : "28824", "name": "http://aluigi.org/poc/ipsimene.zip",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/28824" "url": "http://aluigi.org/poc/ipsimene.zip"
}, },
{ {
"name" : "3697", "name": "28824",
"refsource" : "SREASON", "refsource": "SECUNIA",
"url" : "http://securityreason.com/securityalert/3697" "url": "http://secunia.com/advisories/28824"
} }
] ]
} }

74
2008/1xxx/CVE-2008-1323.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1323", "ID": "CVE-2008-1323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action." "value": "Cross-site request forgery (CSRF) vulnerability in index.php in WoltLab Burning Board Lite (wBB) 2 Beta 1 allows remote attackers to delete threads as other users via the ThreadDelete action."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080308 WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability", "name": "20080308 WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability",
"refsource" : "BUGTRAQ", "refsource": "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/489294/100/0/threaded" "url": "http://www.securityfocus.com/archive/1/489294/100/0/threaded"
}, },
{ {
"name" : "3739", "name": "woltlabburningboard-index-csrf(41098)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/3739" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41098"
}, },
{ {
"name" : "woltlabburningboard-index-csrf(41098)", "name": "3739",
"refsource" : "XF", "refsource": "SREASON",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41098" "url": "http://securityreason.com/securityalert/3739"
} }
] ]
} }

134
2008/1xxx/CVE-2008-1474.json
View File

@ -1,121 +1,121 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1474", "ID": "CVE-2008-1474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)." "value": "Multiple unspecified vulnerabilities in Roundup before 1.4.4 have unknown impact and attack vectors, some of which may be related to cross-site scripting (XSS)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=436546", "name": "29848",
"refsource" : "MISC", "refsource": "SECUNIA",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=436546" "url": "http://secunia.com/advisories/29848"
}, },
{ {
"name" : "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup", "name": "30274",
"refsource" : "CONFIRM", "refsource": "SECUNIA",
"url" : "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup" "url": "http://secunia.com/advisories/30274"
}, },
{ {
"name" : "DSA-1554", "name": "GLSA-200805-21",
"refsource" : "DEBIAN", "refsource": "GENTOO",
"url" : "http://www.debian.org/security/2008/dsa-1554" "url": "http://security.gentoo.org/glsa/glsa-200805-21.xml"
}, },
{ {
"name" : "FEDORA-2008-2370", "name": "28239",
"refsource" : "FEDORA", "refsource": "BID",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html" "url": "http://www.securityfocus.com/bid/28239"
}, },
{ {
"name" : "FEDORA-2008-2471", "name": "29336",
"refsource" : "FEDORA", "refsource": "SECUNIA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html" "url": "http://secunia.com/advisories/29336"
}, },
{ {
"name" : "GLSA-200805-21", "name": "FEDORA-2008-2471",
"refsource" : "GENTOO", "refsource": "FEDORA",
"url" : "http://security.gentoo.org/glsa/glsa-200805-21.xml" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00375.html"
}, },
{ {
"name" : "28239", "name": "DSA-1554",
"refsource" : "BID", "refsource": "DEBIAN",
"url" : "http://www.securityfocus.com/bid/28239" "url": "http://www.debian.org/security/2008/dsa-1554"
}, },
{ {
"name" : "ADV-2008-0891", "name": "roundup-multiple-unspecified(41241)",
"refsource" : "VUPEN", "refsource": "XF",
"url" : "http://www.vupen.com/english/advisories/2008/0891" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241"
}, },
{ {
"name" : "29336", "name": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/29336" "url": "http://roundup.cvs.sourceforge.net/roundup/roundup/CHANGES.txt?revision=1.939&view=markup"
}, },
{ {
"name" : "29375", "name": "FEDORA-2008-2370",
"refsource" : "SECUNIA", "refsource": "FEDORA",
"url" : "http://secunia.com/advisories/29375" "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00264.html"
}, },
{ {
"name" : "29848", "name": "29375",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/29848" "url": "http://secunia.com/advisories/29375"
}, },
{ {
"name" : "30274", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=436546",
"refsource" : "SECUNIA", "refsource": "MISC",
"url" : "http://secunia.com/advisories/30274" "url": "https://bugzilla.redhat.com/show_bug.cgi?id=436546"
}, },
{ {
"name" : "roundup-multiple-unspecified(41241)", "name": "ADV-2008-0891",
"refsource" : "XF", "refsource": "VUPEN",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41241" "url": "http://www.vupen.com/english/advisories/2008/0891"
} }
] ]
} }

80
2008/1xxx/CVE-2008-1510.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1510", "ID": "CVE-2008-1510",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter." "value": "Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080323 Alkacon OpenCms users_list.jsp searchfilter XSS", "name": "28411",
"refsource" : "BUGTRAQ", "refsource": "BID",
"url" : "http://www.securityfocus.com/archive/1/489984/100/0/threaded" "url": "http://www.securityfocus.com/bid/28411"
}, },
{ {
"name" : "28411", "name": "3777",
"refsource" : "BID", "refsource": "SREASON",
"url" : "http://www.securityfocus.com/bid/28411" "url": "http://securityreason.com/securityalert/3777"
}, },
{ {
"name" : "3777", "name": "opencms-userslist-xss(41390)",
"refsource" : "SREASON", "refsource": "XF",
"url" : "http://securityreason.com/securityalert/3777" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41390"
}, },
{ {
"name" : "opencms-userslist-xss(41390)", "name": "20080323 Alkacon OpenCms users_list.jsp searchfilter XSS",
"refsource" : "XF", "refsource": "BUGTRAQ",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41390" "url": "http://www.securityfocus.com/archive/1/489984/100/0/threaded"
} }
] ]
} }

134
2008/1xxx/CVE-2008-1831.json
View File

@ -1,121 +1,121 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1831", "ID": "CVE-2008-1831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06." "value": "Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html", "name": "oracle-cpu-april-2008(41858)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858"
}, },
{ {
"name" : "HPSBMA02133", "name": "ADV-2008-1267",
"refsource" : "HP", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" "url": "http://www.vupen.com/english/advisories/2008/1267/references"
}, },
{ {
"name" : "SSRT061201", "name": "ADV-2008-1233",
"refsource" : "HP", "refsource": "VUPEN",
"url" : "http://www.securityfocus.com/archive/1/491024/100/0/threaded" "url": "http://www.vupen.com/english/advisories/2008/1233/references"
}, },
{ {
"name" : "ADV-2008-1233", "name": "1019855",
"refsource" : "VUPEN", "refsource": "SECTRACK",
"url" : "http://www.vupen.com/english/advisories/2008/1233/references" "url": "http://www.securitytracker.com/id?1019855"
}, },
{ {
"name" : "ADV-2008-1267", "name": "29829",
"refsource" : "VUPEN", "refsource": "SECUNIA",
"url" : "http://www.vupen.com/english/advisories/2008/1267/references" "url": "http://secunia.com/advisories/29829"
}, },
{ {
"name" : "1019855", "name": "oracle-siebel-simbuilder-unspecified3(42070)",
"refsource" : "SECTRACK", "refsource": "XF",
"url" : "http://www.securitytracker.com/id?1019855" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42070"
}, },
{ {
"name" : "29874", "name": "HPSBMA02133",
"refsource" : "SECUNIA", "refsource": "HP",
"url" : "http://secunia.com/advisories/29874" "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}, },
{ {
"name" : "29829", "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html",
"refsource" : "SECUNIA", "refsource": "CONFIRM",
"url" : "http://secunia.com/advisories/29829" "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2008-082075.html"
}, },
{ {
"name" : "oracle-cpu-april-2008(41858)", "name": "29874",
"refsource" : "XF", "refsource": "SECUNIA",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41858" "url": "http://secunia.com/advisories/29874"
}, },
{ {
"name" : "oracle-siebel-simbuilder-unspecified(42068)", "name": "SSRT061201",
"refsource" : "XF", "refsource": "HP",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42068" "url": "http://www.securityfocus.com/archive/1/491024/100/0/threaded"
}, },
{ {
"name" : "oracle-siebel-simbuilder-unspecified2(42069)", "name": "oracle-siebel-simbuilder-unspecified2(42069)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42069" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42069"
}, },
{ {
"name" : "oracle-siebel-simbuilder-unspecified3(42070)", "name": "oracle-siebel-simbuilder-unspecified4(42071)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42070" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42071"
}, },
{ {
"name" : "oracle-siebel-simbuilder-unspecified4(42071)", "name": "oracle-siebel-simbuilder-unspecified(42068)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42071" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42068"
} }
] ]
} }

86
2008/3xxx/CVE-2008-3798.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-3798", "ID": "CVE-2008-3798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session." "value": "Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080924 Vulnerability in Cisco IOS While Processing SSL Packet", "name": "31990",
"refsource" : "CISCO", "refsource": "SECUNIA",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0146c.shtml" "url": "http://secunia.com/advisories/31990"
}, },
{ {
"name" : "oval:org.mitre.oval:def:6087", "name": "oval:org.mitre.oval:def:6087",
"refsource" : "OVAL", "refsource": "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6087" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6087"
}, },
{ {
"name" : "1020930", "name": "ADV-2008-2670",
"refsource" : "SECTRACK", "refsource": "VUPEN",
"url" : "http://www.securitytracker.com/id?1020930" "url": "http://www.vupen.com/english/advisories/2008/2670"
}, },
{ {
"name" : "ADV-2008-2670", "name": "1020930",
"refsource" : "VUPEN", "refsource": "SECTRACK",
"url" : "http://www.vupen.com/english/advisories/2008/2670" "url": "http://www.securitytracker.com/id?1020930"
}, },
{ {
"name" : "31990", "name": "20080924 Vulnerability in Cisco IOS While Processing SSL Packet",
"refsource" : "SECUNIA", "refsource": "CISCO",
"url" : "http://secunia.com/advisories/31990" "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a0146c.shtml"
} }
] ]
} }

80
2008/3xxx/CVE-2008-3902.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3902", "ID": "CVE-2008-3902",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104." "value": "HP firmware 68DTT F.0D stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer, aka SSRT080104."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20080825 [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure", "name": "http://www.ivizsecurity.com/preboot-patch.html",
"refsource" : "BUGTRAQ", "refsource": "MISC",
"url" : "http://www.securityfocus.com/archive/1/495800/100/0/threaded" "url": "http://www.ivizsecurity.com/preboot-patch.html"
}, },
{ {
"name" : "http://www.ivizsecurity.com/preboot-patch.html", "name": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://www.ivizsecurity.com/preboot-patch.html" "url": "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf"
}, },
{ {
"name" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf", "name": "4214",
"refsource" : "MISC", "refsource": "SREASON",
"url" : "http://www.ivizsecurity.com/research/preboot/preboot_whitepaper.pdf" "url": "http://securityreason.com/securityalert/4214"
}, },
{ {
"name" : "4214", "name": "20080825 [IVIZ-08-002] Hewlett-Packard BIOS Plain Text Password Disclosure",
"refsource" : "SREASON", "refsource": "BUGTRAQ",
"url" : "http://securityreason.com/securityalert/4214" "url": "http://www.securityfocus.com/archive/1/495800/100/0/threaded"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4345.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4345", "ID": "CVE-2008-4345",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter." "value": "SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6443", "name": "6443",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6443" "url": "https://www.exploit-db.com/exploits/6443"
}, },
{ {
"name" : "31156", "name": "webportalcms-download-sql-injection(45113)",
"refsource" : "BID", "refsource": "XF",
"url" : "http://www.securityfocus.com/bid/31156" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45113"
}, },
{ {
"name" : "31784", "name": "31784",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/31784" "url": "http://secunia.com/advisories/31784"
}, },
{ {
"name" : "ADV-2008-2560", "name": "ADV-2008-2560",
"refsource" : "VUPEN", "refsource": "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2560" "url": "http://www.vupen.com/english/advisories/2008/2560"
}, },
{ {
"name" : "webportalcms-download-sql-injection(45113)", "name": "31156",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45113" "url": "http://www.securityfocus.com/bid/31156"
} }
] ]
} }

86
2008/4xxx/CVE-2008-4919.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4919", "ID": "CVE-2008-4919",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method." "value": "Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "6875", "name": "31984",
"refsource" : "EXPLOIT-DB", "refsource": "BID",
"url" : "https://www.exploit-db.com/exploits/6875" "url": "http://www.securityfocus.com/bid/31984"
}, },
{ {
"name" : "31984", "name": "32426",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/31984" "url": "http://secunia.com/advisories/32426"
}, },
{ {
"name" : "32426", "name": "6875",
"refsource" : "SECUNIA", "refsource": "EXPLOIT-DB",
"url" : "http://secunia.com/advisories/32426" "url": "https://www.exploit-db.com/exploits/6875"
}, },
{ {
"name" : "4558", "name": "4558",
"refsource" : "SREASON", "refsource": "SREASON",
"url" : "http://securityreason.com/securityalert/4558" "url": "http://securityreason.com/securityalert/4558"
}, },
{ {
"name" : "expertpdfviewerx-activex-file-overwrite(46218)", "name": "expertpdfviewerx-activex-file-overwrite(46218)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46218" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46218"
} }
] ]
} }

98
2008/4xxx/CVE-2008-4965.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4965", "ID": "CVE-2008-4965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files." "value": "liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite arbitrary files via a symlink attack on (1) /tmp/liguidsoap.liq, (2) /tmp/lig.#####.log, and (3) /tmp/emission.ogg temporary files."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
}, },
{ {
"name" : "http://uvw.ru/report.lenny.txt", "name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "MISC", "refsource": "CONFIRM",
"url" : "http://uvw.ru/report.lenny.txt" "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
}, },
{ {
"name" : "http://bugs.debian.org/496360", "name": "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://bugs.debian.org/496360" "url": "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap"
}, },
{ {
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap", "name": "30912",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/liguidsoap" "url": "http://www.securityfocus.com/bid/30912"
}, },
{ {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "name": "liquidsoap-liquidsoap-symlink(44827)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44827"
}, },
{ {
"name" : "30912", "name": "http://uvw.ru/report.lenny.txt",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/30912" "url": "http://uvw.ru/report.lenny.txt"
}, },
{ {
"name" : "liquidsoap-liquidsoap-symlink(44827)", "name": "http://bugs.debian.org/496360",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44827" "url": "http://bugs.debian.org/496360"
} }
] ]
} }

68
2013/2xxx/CVE-2013-2695.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2013-2695", "ID": "CVE-2013-2695",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter." "value": "Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "92275", "name": "92275",
"refsource" : "OSVDB", "refsource": "OSVDB",
"url" : "http://osvdb.org/92275" "url": "http://osvdb.org/92275"
}, },
{ {
"name" : "52864", "name": "52864",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/52864" "url": "http://secunia.com/advisories/52864"
} }
] ]
} }

98
2013/2xxx/CVE-2013-2870.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2870", "ID": "CVE-2013-2870",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request." "value": "Use-after-free vulnerability in Google Chrome before 28.0.1500.71 allows remote servers to execute arbitrary code via crafted response traffic after a URL request."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96", "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96" "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=2b0ff6d8a832f4fe5c187b17342b56675fbf7b96"
}, },
{ {
"name" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6", "name": "https://code.google.com/p/chromium/issues/detail?id=244746",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6" "url": "https://code.google.com/p/chromium/issues/detail?id=244746"
}, },
{ {
"name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html", "name": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html" "url": "http://git.chromium.org/gitweb/?p=chromium/chromium.git;a=commit;h=5449227016f44d7c023b28a697ada40064c681a6"
}, },
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=242762", "name": "oval:org.mitre.oval:def:16723",
"refsource" : "CONFIRM", "refsource": "OVAL",
"url" : "https://code.google.com/p/chromium/issues/detail?id=242762" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723"
}, },
{ {
"name" : "https://code.google.com/p/chromium/issues/detail?id=244746", "name": "DSA-2724",
"refsource" : "CONFIRM", "refsource": "DEBIAN",
"url" : "https://code.google.com/p/chromium/issues/detail?id=244746" "url": "http://www.debian.org/security/2013/dsa-2724"
}, },
{ {
"name" : "DSA-2724", "name": "https://code.google.com/p/chromium/issues/detail?id=242762",
"refsource" : "DEBIAN", "refsource": "CONFIRM",
"url" : "http://www.debian.org/security/2013/dsa-2724" "url": "https://code.google.com/p/chromium/issues/detail?id=242762"
}, },
{ {
"name" : "oval:org.mitre.oval:def:16723", "name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html",
"refsource" : "OVAL", "refsource": "CONFIRM",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16723" "url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update.html"
} }
] ]
} }

74
2013/3xxx/CVE-2013-3183.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3183", "ID": "CVE-2013-3183",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka \"ICMPv6 Vulnerability.\"" "value": "The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly perform memory allocation for inbound ICMPv6 packets, which allows remote attackers to cause a denial of service (system hang) via crafted packets, aka \"ICMPv6 Vulnerability.\""
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "MS13-065", "name": "TA13-225A",
"refsource" : "MS", "refsource": "CERT",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065" "url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
}, },
{ {
"name" : "TA13-225A", "name": "oval:org.mitre.oval:def:17918",
"refsource" : "CERT", "refsource": "OVAL",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918"
}, },
{ {
"name" : "oval:org.mitre.oval:def:17918", "name": "MS13-065",
"refsource" : "OVAL", "refsource": "MS",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17918" "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-065"
} }
] ]
} }

22
2013/3xxx/CVE-2013-3489.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3489", "ID": "CVE-2013-3489",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2013/3xxx/CVE-2013-3675.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3675", "ID": "CVE-2013-3675",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data." "value": "The process_frame_obj function in sanm.c in libavcodec in FFmpeg before 1.2.1 does not validate width and height values, which allows remote attackers to cause a denial of service (integer overflow, out-of-bounds array access, and application crash) via crafted LucasArts Smush video data."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://ffmpeg.org/security.html", "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://ffmpeg.org/security.html" "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf"
}, },
{ {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf", "name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=524d0d2cfc7bab1b348f85e7c0369859e63781cf" "url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915"
}, },
{ {
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915", "name": "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=9dd04f6d8cdd1c10c28b2cb4252c1a41df581915" "url": "http://ffmpeg.org/security.html"
} }
] ]
} }

74
2013/3xxx/CVE-2013-3976.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-3976", "ID": "CVE-2013-3976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore." "value": "The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and 6.3 before 6.3.1 in IBM Tivoli Storage Manager for Mail and the (2) FlashCopy Manager for Exchange component 2.2 and 3.1 before 3.1.1 in IBM Tivoli Storage FlashCopy Manager do not properly constrain mailbox contents during certain PST restore operations, which allows remote authenticated users to read the personal e-mail of other users in opportunistic circumstances by launching an e-mail client after an administrator performs a multiple-mailbox restore."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644407", "name": "IC81223",
"refsource" : "CONFIRM", "refsource": "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644407" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223"
}, },
{ {
"name" : "IC81223", "name": "tsm-cve20133976-info-disclosure(84881)",
"refsource" : "AIXAPAR", "refsource": "XF",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC81223" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881"
}, },
{ {
"name" : "tsm-cve20133976-info-disclosure(84881)", "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84881" "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644407"
} }
] ]
} }

80
2013/4xxx/CVE-2013-4533.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4533", "ID": "CVE-2013-4533",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image." "value": "Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in QEMU before 1.7.2 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted s->rx_level value in a savevm image."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues", "name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource" : "MLIST", "refsource": "MLIST",
"url" : "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html" "url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
}, },
{ {
"name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", "name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7",
"refsource" : "MLIST", "refsource": "CONFIRM",
"url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" "url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7"
}, },
{ {
"name" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7", "name": "[Qemu-devel] 20131213 [PATCH 00/23] qemu state loading issues",
"refsource" : "CONFIRM", "refsource": "MLIST",
"url" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=caa881abe0e01f9931125a0977ec33c5343e4aa7" "url": "http://lists.gnu.org/archive/html/qemu-devel/2013-12/msg00394.html"
}, },
{ {
"name" : "FEDORA-2014-6288", "name": "FEDORA-2014-6288",
"refsource" : "FEDORA", "refsource": "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
} }
] ]
} }

22
2013/6xxx/CVE-2013-6544.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6544", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
"ID": "CVE-2013-6544",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0",
"description" : {
"description_data" : [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }

22
2013/6xxx/CVE-2013-6847.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6847", "ID": "CVE-2013-6847",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

86
2013/7xxx/CVE-2013-7187.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7187", "ID": "CVE-2013-7187",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter." "value": "SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "30002", "name": "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt",
"refsource" : "EXPLOIT-DB", "refsource": "MISC",
"url" : "http://www.exploit-db.com/exploits/30002" "url": "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt", "name": "formcraft-wpblogheader-sql-injection(89581)",
"refsource" : "MISC", "refsource": "XF",
"url" : "http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89581"
}, },
{ {
"name" : "64183", "name": "30002",
"refsource" : "BID", "refsource": "EXPLOIT-DB",
"url" : "http://www.securityfocus.com/bid/64183" "url": "http://www.exploit-db.com/exploits/30002"
}, },
{ {
"name" : "56044", "name": "56044",
"refsource" : "SECUNIA", "refsource": "SECUNIA",
"url" : "http://secunia.com/advisories/56044" "url": "http://secunia.com/advisories/56044"
}, },
{ {
"name" : "formcraft-wpblogheader-sql-injection(89581)", "name": "64183",
"refsource" : "XF", "refsource": "BID",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89581" "url": "http://www.securityfocus.com/bid/64183"
} }
] ]
} }

80
2013/7xxx/CVE-2013-7274.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7274", "ID": "CVE-2013-7274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload." "value": "Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "30356", "name": "30356",
"refsource" : "EXPLOIT-DB", "refsource": "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/30356" "url": "http://www.exploit-db.com/exploits/30356"
}, },
{ {
"name" : "64480", "name": "56205",
"refsource" : "BID", "refsource": "SECUNIA",
"url" : "http://www.securityfocus.com/bid/64480" "url": "http://secunia.com/advisories/56205"
}, },
{ {
"name" : "56205", "name": "64480",
"refsource" : "SECUNIA", "refsource": "BID",
"url" : "http://secunia.com/advisories/56205" "url": "http://www.securityfocus.com/bid/64480"
}, },
{ {
"name" : "wallpaperscript-title-xss(89913)", "name": "wallpaperscript-title-xss(89913)",
"refsource" : "XF", "refsource": "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89913" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89913"
} }
] ]
} }

80
2017/10xxx/CVE-2017-10097.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10097", "ID": "CVE-2017-10097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Reporting and Analytics", "product_name": "Hospitality Reporting and Analytics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.1" "version_value": "8.5.1"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.0.0" "version_value": "9.0.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." "value": "Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Reporting). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data." "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Reporting and Analytics. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Reporting and Analytics, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Reporting and Analytics accessible data as well as unauthorized read access to a subset of Oracle Hospitality Reporting and Analytics accessible data."
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "name": "99679",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "url": "http://www.securityfocus.com/bid/99679"
}, },
{ {
"name" : "99679", "name": "1038941",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/99679" "url": "http://www.securitytracker.com/id/1038941"
}, },
{ {
"name" : "1038941", "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "SECTRACK", "refsource": "CONFIRM",
"url" : "http://www.securitytracker.com/id/1038941" "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
} }
] ]
} }

22
2017/10xxx/CVE-2017-10558.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10558", "ID": "CVE-2017-10558",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2017/10xxx/CVE-2017-10705.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10705", "ID": "CVE-2017-10705",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

74
2017/10xxx/CVE-2017-10793.json
View File

@ -1,71 +1,71 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10793", "ID": "CVE-2017-10793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports." "value": "The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/", "name": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/" "url": "https://threatpost.com/bugs-in-arris-modems-distributed-by-att-vulnerable-to-trivial-attacks/127753/"
}, },
{ {
"name" : "https://www.nomotion.net/blog/sharknatto/", "name": "100585",
"refsource" : "MISC", "refsource": "BID",
"url" : "https://www.nomotion.net/blog/sharknatto/" "url": "http://www.securityfocus.com/bid/100585"
}, },
{ {
"name" : "100585", "name": "https://www.nomotion.net/blog/sharknatto/",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/100585" "url": "https://www.nomotion.net/blog/sharknatto/"
} }
] ]
} }

86
2017/10xxx/CVE-2017-10979.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10979", "ID": "CVE-2017-10979",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code." "value": "An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows \"Write overflow in rad_coalesce()\" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://freeradius.org/security/fuzzer-2017.html", "name": "1038914",
"refsource" : "CONFIRM", "refsource": "SECTRACK",
"url" : "http://freeradius.org/security/fuzzer-2017.html" "url": "http://www.securitytracker.com/id/1038914"
}, },
{ {
"name" : "DSA-3930", "name": "RHSA-2017:1759",
"refsource" : "DEBIAN", "refsource": "REDHAT",
"url" : "http://www.debian.org/security/2017/dsa-3930" "url": "https://access.redhat.com/errata/RHSA-2017:1759"
}, },
{ {
"name" : "RHSA-2017:1759", "name": "DSA-3930",
"refsource" : "REDHAT", "refsource": "DEBIAN",
"url" : "https://access.redhat.com/errata/RHSA-2017:1759" "url": "http://www.debian.org/security/2017/dsa-3930"
}, },
{ {
"name" : "99901", "name": "http://freeradius.org/security/fuzzer-2017.html",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/99901" "url": "http://freeradius.org/security/fuzzer-2017.html"
}, },
{ {
"name" : "1038914", "name": "99901",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1038914" "url": "http://www.securityfocus.com/bid/99901"
} }
] ]
} }

68
2017/13xxx/CVE-2017-13671.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13671", "ID": "CVE-2017-13671",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation." "value": "app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa", "name": "100533",
"refsource" : "CONFIRM", "refsource": "BID",
"url" : "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa" "url": "http://www.securityfocus.com/bid/100533"
}, },
{ {
"name" : "100533", "name": "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa",
"refsource" : "BID", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/bid/100533" "url": "https://github.com/MISP/MISP/commit/6eba658d4a648b41b357025d864c19a67412b8aa"
} }
] ]
} }

22
2017/14xxx/CVE-2017-14046.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14046", "ID": "CVE-2017-14046",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

104
2017/14xxx/CVE-2017-14083.json
View File

@ -1,96 +1,96 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@trendmicro.com", "ASSIGNER": "security@trendmicro.com",
"ID" : "CVE-2017-14083", "ID": "CVE-2017-14083",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Trend Micro OfficeScan", "product_name": "Trend Micro OfficeScan",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.0, XG (12.0)" "version_value": "11.0, XG (12.0)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Trend Micro" "vendor_name": "Trend Micro"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file." "value": "A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Unauthorized Access Control" "value": "Unauthorized Access Control"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)", "name": "https://success.trendmicro.com/solution/1118372",
"refsource" : "BUGTRAQ", "refsource": "CONFIRM",
"url" : "http://www.securityfocus.com/archive/1/541273/100/0/threaded" "url": "https://success.trendmicro.com/solution/1118372"
}, },
{ {
"name" : "42889", "name": "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083",
"refsource" : "EXPLOIT-DB", "refsource": "FULLDISC",
"url" : "https://www.exploit-db.com/exploits/42889/" "url": "http://seclists.org/fulldisclosure/2017/Sep/90"
}, },
{ {
"name" : "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083", "name": "20170929 Trend Micro OfficeScan v11.0 and XG (12.0)* Unauthorized Remote Encryption Key Disclosure CVE-2017-14083 (apparitionsec / hyp3rlinx)",
"refsource" : "FULLDISC", "refsource": "BUGTRAQ",
"url" : "http://seclists.org/fulldisclosure/2017/Sep/90" "url": "http://www.securityfocus.com/archive/1/541273/100/0/threaded"
}, },
{ {
"name" : "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt", "name": "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt" "url": "http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt"
}, },
{ {
"name" : "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html", "name": "42889",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html" "url": "https://www.exploit-db.com/exploits/42889/"
}, },
{ {
"name" : "https://success.trendmicro.com/solution/1118372", "name": "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html",
"refsource" : "CONFIRM", "refsource": "MISC",
"url" : "https://success.trendmicro.com/solution/1118372" "url": "http://packetstormsecurity.com/files/144398/TrendMicro-OfficeScan-11.0-XG-12.0-Encryption-Key-Disclosure.html"
}, },
{ {
"name" : "101076", "name": "1039500",
"refsource" : "BID", "refsource": "SECTRACK",
"url" : "http://www.securityfocus.com/bid/101076" "url": "http://www.securitytracker.com/id/1039500"
}, },
{ {
"name" : "1039500", "name": "101076",
"refsource" : "SECTRACK", "refsource": "BID",
"url" : "http://www.securitytracker.com/id/1039500" "url": "http://www.securityfocus.com/bid/101076"
} }
] ]
} }

78
2017/14xxx/CVE-2017-14358.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"DATE_PUBLIC" : "2017-10-30T00:00:00", "DATE_PUBLIC": "2017-10-30T00:00:00",
"ID" : "CVE-2017-14358", "ID": "CVE-2017-14358",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HP ArcSight ESM", "product_name": "HP ArcSight ESM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" "version_value": "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1"
} }
] ]
} }
}, },
{ {
"product_name" : "HP ArcSight ESM Express", "product_name": "HP ArcSight ESM Express",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1" "version_value": "Any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Micro Focus" "vendor_name": "Micro Focus"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site." "value": "A URL redirection to untrusted site vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1. This vulnerability could be exploited remotely to allow URL redirection to untrusted site."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "URL redirection" "value": "URL redirection"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://softwaresupport.hpe.com/km/KM02996760", "name": "https://softwaresupport.hpe.com/km/KM02996760",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://softwaresupport.hpe.com/km/KM02996760" "url": "https://softwaresupport.hpe.com/km/KM02996760"
}, },
{ {
"name" : "ESB-2017.2737", "name": "ESB-2017.2737",
"refsource" : "AUSCERT", "refsource": "AUSCERT",
"url" : "https://www.auscert.org.au/bulletins/54166" "url": "https://www.auscert.org.au/bulletins/54166"
} }
] ]
} }

92
2017/17xxx/CVE-2017-17095.json
View File

@ -1,86 +1,86 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17095", "ID": "CVE-2017-17095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file." "value": "tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to cause a denial of service (TIFFSetupStrips heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted TIFF file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "43322", "name": "USN-3606-1",
"refsource" : "EXPLOIT-DB", "refsource": "UBUNTU",
"url" : "https://www.exploit-db.com/exploits/43322/" "url": "https://usn.ubuntu.com/3606-1/"
}, },
{ {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2750", "name": "http://bugzilla.maptools.org/show_bug.cgi?id=2750",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2750" "url": "http://bugzilla.maptools.org/show_bug.cgi?id=2750"
}, },
{ {
"name" : "http://www.openwall.com/lists/oss-security/2017/11/30/3", "name": "43322",
"refsource" : "MISC", "refsource": "EXPLOIT-DB",
"url" : "http://www.openwall.com/lists/oss-security/2017/11/30/3" "url": "https://www.exploit-db.com/exploits/43322/"
}, },
{ {
"name" : "DSA-4349", "name": "DSA-4349",
"refsource" : "DEBIAN", "refsource": "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4349" "url": "https://www.debian.org/security/2018/dsa-4349"
}, },
{ {
"name" : "USN-3606-1", "name": "102124",
"refsource" : "UBUNTU", "refsource": "BID",
"url" : "https://usn.ubuntu.com/3606-1/" "url": "http://www.securityfocus.com/bid/102124"
}, },
{ {
"name" : "102124", "name": "http://www.openwall.com/lists/oss-security/2017/11/30/3",
"refsource" : "BID", "refsource": "MISC",
"url" : "http://www.securityfocus.com/bid/102124" "url": "http://www.openwall.com/lists/oss-security/2017/11/30/3"
} }
] ]
} }

22
2017/17xxx/CVE-2017-17119.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17119", "ID": "CVE-2017-17119",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2017/17xxx/CVE-2017-17151.json
View File

File diff suppressed because one or more lines are too long

62
2017/17xxx/CVE-2017-17414.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-17414", "ID": "CVE-2017-17414",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Quest NetVault Backup", "product_name": "Quest NetVault Backup",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.3.0.12" "version_value": "11.3.0.12"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Quest" "vendor_name": "Quest"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225." "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Get method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4225."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')" "value": "CWE-89-Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-979", "name": "https://zerodayinitiative.com/advisories/ZDI-17-979",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-979" "url": "https://zerodayinitiative.com/advisories/ZDI-17-979"
} }
] ]
} }

64
2017/17xxx/CVE-2017-17769.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2017-17769", "ID": "CVE-2017-17769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver." "value": "Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Information Exposure in Audio" "value": "Information Exposure in Audio"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", "name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" "url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
} }
] ]
} }

62
2017/9xxx/CVE-2017-9223.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9223", "ID": "CVE-2017-9223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file." "value": "The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://seclists.org/fulldisclosure/2017/Jun/32", "name": "http://seclists.org/fulldisclosure/2017/Jun/32",
"refsource" : "MISC", "refsource": "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/32" "url": "http://seclists.org/fulldisclosure/2017/Jun/32"
} }
] ]
} }

62
2017/9xxx/CVE-2017-9570.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9570", "ID": "CVE-2017-9570",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate." "value": "The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", "name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
} }
] ]
} }

68
2017/9xxx/CVE-2017-9639.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-9639", "ID": "CVE-2017-9639",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Fuji Electric V-Server", "product_name": "Fuji Electric V-Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Fuji Electric V-Server" "version_value": "Fuji Electric V-Server"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution." "value": "An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-119" "value": "CWE-119"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02", "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02" "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-192-02"
}, },
{ {
"name" : "99544", "name": "99544",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/99544" "url": "http://www.securityfocus.com/bid/99544"
} }
] ]
} }

68
2018/0xxx/CVE-2018-0145.json
View File

@ -1,66 +1,66 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0145", "ID": "CVE-2018-0145",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Data Center Analytics Framework", "product_name": "Cisco Data Center Analytics Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Data Center Analytics Framework" "version_value": "Cisco Data Center Analytics Framework"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105." "value": "A vulnerability in the web-based management interface of the Cisco Data Center Analytics Framework application could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information on the affected system. Cisco Bug IDs: CSCvg45105."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-79" "value": "CWE-79"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf", "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-dcaf"
}, },
{ {
"name" : "103131", "name": "103131",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103131" "url": "http://www.securityfocus.com/bid/103131"
} }
] ]
} }

128
2018/0xxx/CVE-2018-0284.json
View File

@ -1,131 +1,131 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600", "DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-0284", "ID": "CVE-2018-0284",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Meraki Local Status Page Privilege Escalation Vulnerability" "TITLE": "Cisco Meraki Local Status Page Privilege Escalation Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Meraki MR", "product_name": "Cisco Meraki MR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<24.13" "version_value": "<24.13"
} }
] ]
} }
}, },
{ {
"product_name" : "Cisco Meraki M5", "product_name": "Cisco Meraki M5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<9.37" "version_value": "<9.37"
} }
] ]
} }
}, },
{ {
"product_name" : "Cisco Meraki MX", "product_name": "Cisco Meraki MX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<13.32" "version_value": "<13.32"
} }
] ]
} }
}, },
{ {
"product_name" : "Cisco Meraki Z1", "product_name": "Cisco Meraki Z1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<13.32" "version_value": "<13.32"
} }
] ]
} }
}, },
{ {
"product_name" : "Cisco Meraki Z3", "product_name": "Cisco Meraki Z3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<13.32" "version_value": "<13.32"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited." "value": "A vulnerability in the local status page functionality of the Cisco Meraki MR, MS, MX, Z1, and Z3 product lines could allow an authenticated, remote attacker to modify device configuration files. The vulnerability occurs when handling requests to the local status page. An exploit could allow the attacker to establish an interactive session to the device with elevated privileges. The attacker could then use the elevated privileges to further compromise the device or obtain additional configuration data from the device that is being exploited."
} }
] ]
}, },
"exploit" : [ "exploit": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. " "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
} }
], ],
"impact" : { "impact": {
"cvss" : { "cvss": {
"baseScore" : "8.8", "baseScore": "8.8",
"vectorString" : "", "vectorString": "",
"version" : "3.0" "version": "3.0"
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-264" "value": "CWE-264"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability", "name": "20181107 Cisco Meraki Local Status Page Privilege Escalation Vulnerability",
"refsource" : "CISCO", "refsource": "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki" "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-meraki"
}, },
{ {
"name" : "105878", "name": "105878",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/105878" "url": "http://www.securityfocus.com/bid/105878"
} }
] ]
}, },
"source" : { "source": {
"advisory" : "cisco-sa-20181107-meraki", "advisory": "cisco-sa-20181107-meraki",
"defect" : [ "defect": [
[ [
"NA" "NA"
] ]
], ],
"discovery" : "INTERNAL" "discovery": "INTERNAL"
} }
} }

72
2018/1000xxx/CVE-2018-1000058.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2/5/2018 0:00:00", "DATE_ASSIGNED": "2/5/2018 0:00:00",
"ID" : "CVE-2018-1000058", "ID": "CVE-2018-1000058",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Pipeline: Supporting APIs Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.17 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles." "value": "Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an arbitrary code execution due to incomplete sandbox protection: Methods related to Java deserialization like readResolve implemented in Pipeline scripts were not subject to sandbox protection, and could therefore execute arbitrary code. This could be exploited e.g. by regular Jenkins users with the permission to configure Pipelines in Jenkins, or by trusted committers to repositories containing Jenkinsfiles."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Incomplete sandboxing" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://jenkins.io/security/advisory/2018-02-05/", "name": "https://jenkins.io/security/advisory/2018-02-05/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-02-05/" "url": "https://jenkins.io/security/advisory/2018-02-05/"
}, },
{ {
"name" : "103034", "name": "103034",
"refsource" : "BID", "refsource": "BID",
"url" : "http://www.securityfocus.com/bid/103034" "url": "http://www.securityfocus.com/bid/103034"
} }
] ]
} }

92
2018/1000xxx/CVE-2018-1000168.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-04-30T20:15:49.358836", "DATE_ASSIGNED": "2018-04-30T20:15:49.358836",
"DATE_REQUESTED" : "2018-04-09T10:52:35", "DATE_REQUESTED": "2018-04-09T10:52:35",
"ID" : "CVE-2018-1000168", "ID": "CVE-2018-1000168",
"REQUESTER" : "tatsuhiro.t@gmail.com", "REQUESTER": "tatsuhiro.t@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "nghttp2", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : ">= 1.10.0 and nghttp2 <= v1.31.0" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "nghttp2" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1." "value": "nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Improper Input Validation CWE-20" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/", "name": "RHSA-2019:0367",
"refsource" : "CONFIRM", "refsource": "REDHAT",
"url" : "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/" "url": "https://access.redhat.com/errata/RHSA-2019:0367"
}, },
{ {
"name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/", "name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/" "url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
}, },
{ {
"name" : "RHSA-2019:0366", "name": "103952",
"refsource" : "REDHAT", "refsource": "BID",
"url" : "https://access.redhat.com/errata/RHSA-2019:0366" "url": "http://www.securityfocus.com/bid/103952"
}, },
{ {
"name" : "RHSA-2019:0367", "name": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/",
"refsource" : "REDHAT", "refsource": "CONFIRM",
"url" : "https://access.redhat.com/errata/RHSA-2019:0367" "url": "https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/"
}, },
{ {
"name" : "103952", "name": "RHSA-2019:0366",
"refsource" : "BID", "refsource": "REDHAT",
"url" : "http://www.securityfocus.com/bid/103952" "url": "https://access.redhat.com/errata/RHSA-2019:0366"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000197.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.656691", "DATE_ASSIGNED": "2018-06-05T13:57:43.656691",
"DATE_REQUESTED" : "2018-05-09T00:00:00", "DATE_REQUESTED": "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000197", "ID": "CVE-2018-1000197",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Black Duck Hub Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.0.3 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration." "value": "An improper authorization vulnerability exists in Jenkins Black Duck Hub Plugin 3.0.3 and older in PostBuildScanDescriptor.java that allows users with Overall/Read permission to read and write the Black Duck Hub plugin configuration."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "CWE-285" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670", "name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670" "url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-670"
} }
] ]
} }

68
2018/1000xxx/CVE-2018-1000547.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-23T11:22:33.069504", "DATE_ASSIGNED": "2018-06-23T11:22:33.069504",
"DATE_REQUESTED" : "2018-03-27T08:05:54", "DATE_REQUESTED": "2018-03-27T08:05:54",
"ID" : "CVE-2018-1000547", "ID": "CVE-2018-1000547",
"REQUESTER" : "cve@unsecure.blog", "REQUESTER": "cve@unsecure.blog",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "coreBOS", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.0 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "coreBOS" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. ." "value": "coreBOS version 7.0 and earlier contains a Incorrect Access Control vulnerability in Module: Contacts that can result in The error allows you to access records that you have no permissions to. ."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Incorrect Access Control" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54", "name": "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54" "url": "https://github.com/tsolucio/corebos/blob/287780a61f98adca1fa631ae6e5de346947c7f81/modules/Contacts/EditView.php#L54"
} }
] ]
} }

22
2018/19xxx/CVE-2018-19006.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19006", "ID": "CVE-2018-19006",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

62
2018/19xxx/CVE-2018-19223.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19223", "ID": "CVE-2018-19223",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI." "value": "An issue was discovered in LAOBANCMS 2.0. It allows XSS via the first input field to the admin/type.php?id=1 URI."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "n/a" "value": "n/a"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2", "name": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2",
"refsource" : "MISC", "refsource": "MISC",
"url" : "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2" "url": "https://github.com/AvaterXXX/laobanCMS/blob/master/1.md#xss2"
} }
] ]
} }

62
2018/1xxx/CVE-2018-1192.json
View File

@ -1,61 +1,61 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2018-1192", "ID": "CVE-2018-1192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3", "product_name": "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3" "version_value": "Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user." "value": "In Cloud Foundry Foundation cf-release versions prior to v285; cf-deployment versions prior to v1.7; UAA 4.5.x versions prior to 4.5.5, 4.8.x versions prior to 4.8.3, and 4.7.x versions prior to 4.7.4; and UAA-release 45.7.x versions prior to 45.7, 52.7.x versions prior to 52.7, and 53.3.x versions prior to 53.3, the SessionID is logged in audit event logs. An attacker can use the SessionID to impersonate a logged-in user."
} }
] ]
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "UAA SessionID present in Audit Event Logs" "value": "UAA SessionID present in Audit Event Logs"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.cloudfoundry.org/blog/cve-2018-1192/", "name": "https://www.cloudfoundry.org/blog/cve-2018-1192/",
"refsource" : "CONFIRM", "refsource": "CONFIRM",
"url" : "https://www.cloudfoundry.org/blog/cve-2018-1192/" "url": "https://www.cloudfoundry.org/blog/cve-2018-1192/"
} }
] ]
} }

134
2018/1xxx/CVE-2018-1536.json
View File

@ -1,133 +1,133 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-07-16T00:00:00", "DATE_PUBLIC": "2018-07-16T00:00:00",
"ID" : "CVE-2018-1536", "ID": "CVE-2018-1536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rational Software Architect Design Manager", "product_name": "Rational Software Architect Design Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Rational Rhapsody Design Manager", "product_name": "Rational Rhapsody Design Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.0" "version_value": "5.0"
}, },
{ {
"version_value" : "5.0.2" "version_value": "5.0.2"
}, },
{ {
"version_value" : "5.0.1" "version_value": "5.0.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "6.0.2" "version_value": "6.0.2"
}, },
{ {
"version_value" : "6.0.3" "version_value": "6.0.3"
}, },
{ {
"version_value" : "6.0.4" "version_value": "6.0.4"
}, },
{ {
"version_value" : "6.0.5" "version_value": "6.0.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558." "value": "IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 142558."
} }
] ]
}, },
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"A" : "N", "A": "N",
"AC" : "L", "AC": "L",
"AV" : "N", "AV": "N",
"C" : "L", "C": "L",
"I" : "L", "I": "L",
"PR" : "L", "PR": "L",
"S" : "C", "S": "C",
"SCORE" : "5.400", "SCORE": "5.400",
"UI" : "R" "UI": "R"
}, },
"TM" : { "TM": {
"E" : "H", "E": "H",
"RC" : "C", "RC": "C",
"RL" : "O" "RL": "O"
} }
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-Site Scripting" "value": "Cross-Site Scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10716029", "name": "ibm-rhapsody-cve20181536-xss(142558)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10716029" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/142558"
}, },
{ {
"name" : "ibm-rhapsody-cve20181536-xss(142558)", "name": "http://www.ibm.com/support/docview.wss?uid=ibm10716029",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/142558" "url": "http://www.ibm.com/support/docview.wss?uid=ibm10716029"
} }
] ]
} }

104
2018/1xxx/CVE-2018-1647.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-03T00:00:00", "DATE_PUBLIC": "2018-10-03T00:00:00",
"ID" : "CVE-2018-1647", "ID": "CVE-2018-1647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QRadar Incident Forensics", "product_name": "QRadar Incident Forensics",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.2" "version_value": "7.2"
}, },
{ {
"version_value" : "7.3" "version_value": "7.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650." "value": "IBM QRadar Incident Forensics 7.2 and 7.3 does not properly restrict the size or amount of resources requested which could allow an unauthenticated user to cause a denial of service. IBM X-Force ID: 144650."
} }
] ]
}, },
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"A" : "H", "A": "H",
"AC" : "L", "AC": "L",
"AV" : "N", "AV": "N",
"C" : "N", "C": "N",
"I" : "N", "I": "N",
"PR" : "N", "PR": "N",
"S" : "U", "S": "U",
"SCORE" : "7.500", "SCORE": "7.500",
"UI" : "N" "UI": "N"
}, },
"TM" : { "TM": {
"E" : "U", "E": "U",
"RC" : "C", "RC": "C",
"RL" : "O" "RL": "O"
} }
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Denial of Service" "value": "Denial of Service"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729705", "name": "ibm-qradar-cve20181647-dos(144650)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729705" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144650"
}, },
{ {
"name" : "ibm-qradar-cve20181647-dos(144650)", "name": "https://www.ibm.com/support/docview.wss?uid=ibm10729705",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/144650" "url": "https://www.ibm.com/support/docview.wss?uid=ibm10729705"
} }
] ]
} }

120
2018/1xxx/CVE-2018-1715.json
View File

@ -1,114 +1,114 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-08-14T00:00:00", "DATE_PUBLIC": "2018-08-14T00:00:00",
"ID" : "CVE-2018-1715", "ID": "CVE-2018-1715",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Maximo Asset Management", "product_name": "Maximo Asset Management",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.6" "version_value": "7.6"
}, },
{ {
"version_value" : "7.6.0" "version_value": "7.6.0"
}, },
{ {
"version_value" : "7.6.0.1" "version_value": "7.6.0.1"
}, },
{ {
"version_value" : "7.6.1" "version_value": "7.6.1"
}, },
{ {
"version_value" : "7.6.2" "version_value": "7.6.2"
}, },
{ {
"version_value" : "7.6.2.1" "version_value": "7.6.2.1"
}, },
{ {
"version_value" : "7.6.2.2" "version_value": "7.6.2.2"
}, },
{ {
"version_value" : "7.6.2.3" "version_value": "7.6.2.3"
}, },
{ {
"version_value" : "7.6.2.4" "version_value": "7.6.2.4"
}, },
{ {
"version_value" : "7.6.3" "version_value": "7.6.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
] ]
} }
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003." "value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 147003."
} }
] ]
}, },
"impact" : { "impact": {
"cvssv3" : { "cvssv3": {
"BM" : { "BM": {
"A" : "N", "A": "N",
"AC" : "L", "AC": "L",
"AV" : "N", "AV": "N",
"C" : "L", "C": "L",
"I" : "L", "I": "L",
"PR" : "L", "PR": "L",
"S" : "C", "S": "C",
"SCORE" : "5.400", "SCORE": "5.400",
"UI" : "R" "UI": "R"
}, },
"TM" : { "TM": {
"E" : "H", "E": "H",
"RC" : "C", "RC": "C",
"RL" : "O" "RL": "O"
} }
} }
}, },
"problemtype" : { "problemtype": {
"problemtype_data" : [ "problemtype_data": [
{ {
"description" : [ "description": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Cross-Site Scripting" "value": "Cross-Site Scripting"
} }
] ]
} }
] ]
}, },
"references" : { "references": {
"reference_data" : [ "reference_data": [
{ {
"name" : "https://www.ibm.com/support/docview.wss?uid=swg22017453", "name": "ibm-maximo-cve20181715-xss(147003)",
"refsource" : "CONFIRM", "refsource": "XF",
"url" : "https://www.ibm.com/support/docview.wss?uid=swg22017453" "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003"
}, },
{ {
"name" : "ibm-maximo-cve20181715-xss(147003)", "name": "https://www.ibm.com/support/docview.wss?uid=swg22017453",
"refsource" : "XF", "refsource": "CONFIRM",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/147003" "url": "https://www.ibm.com/support/docview.wss?uid=swg22017453"
} }
] ]
} }

22
2018/4xxx/CVE-2018-4371.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4371", "ID": "CVE-2018-4371",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }

22
2018/4xxx/CVE-2018-4750.json
View File

@ -1,17 +1,17 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4750", "ID": "CVE-2018-4750",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }