admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:48:38 +00:00
parent 6e2c9083f9
commit 1c25d779f6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3274 additions and 3274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0077.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001212 Two Holes in Sun Cluster 2.x",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html"
},
{
"name" : "clustmon-no-authentication(6123)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6123"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001212 Two Holes in Sun Cluster 2.x",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html"
},
{
"name": "clustmon-no-authentication(6123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6123"
}
]
}
}

34
2001/0xxx/CVE-2001-0661.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0661",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0661",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2001/0xxx/CVE-2001-0673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0673",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2008/0xxx/CVE-2008-0920.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
},
{
"name" : "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
},
{
"name" : "5171",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5171"
},
{
"name" : "27927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27927"
},
{
"name" : "29046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29046"
},
{
"name" : "3689",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3689"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in port/modifyportform.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 allows remote authenticated users to execute arbitrary SQL commands via the portname parameter, which is not properly handled by a validation regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27927"
},
{
"name": "3689",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3689"
},
{
"name": "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
},
{
"name": "5171",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5171"
},
{
"name": "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
},
{
"name": "29046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29046"
}
]
}
}

150
2008/1xxx/CVE-2008-1127.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5201",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5201"
},
{
"name" : "28039",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28039"
},
{
"name" : "ADV-2008-0735",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0735"
},
{
"name" : "29155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29155"
},
{
"name": "ADV-2008-0735",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0735"
},
{
"name": "5201",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5201"
},
{
"name": "28039",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28039"
}
]
}
}

180
2008/1xxx/CVE-2008-1328.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified \"command arguments.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490463/100/0/threaded"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105"
},
{
"name" : "28616",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28616"
},
{
"name" : "ADV-2008-1104",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1104/references"
},
{
"name" : "1019788",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019788"
},
{
"name" : "3800",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3800"
},
{
"name" : "ca-arcservebackup-lgserverservice-bo(41641)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41641"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the LGServer service in CA ARCserve Backup for Laptops and Desktops r11.0 through r11.5, and Suite 11.1 and 11.2, allows remote attackers to execute arbitrary code via unspecified \"command arguments.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=173105"
},
{
"name": "ca-arcservebackup-lgserverservice-bo(41641)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41641"
},
{
"name": "3800",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3800"
},
{
"name": "28616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28616"
},
{
"name": "20080404 CA ARCserve Backup for Laptops and Desktops Server and CA Desktop Management Suite Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490463/100/0/threaded"
},
{
"name": "1019788",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019788"
},
{
"name": "ADV-2008-1104",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1104/references"
}
]
}
}

34
2008/5xxx/CVE-2008-5251.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5251",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5251",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2008/5xxx/CVE-2008-5431.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080214 UniversalFtp Server 1.0.44 Multiple Remote Denial of service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488142/100/200/threaded"
},
{
"name" : "27804",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27804"
},
{
"name" : "22553",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22553"
},
{
"name" : "4722",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a denial of service via (1) a certain CWD command, (2) a long LIST command, or (3) a certain PORT command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080214 UniversalFtp Server 1.0.44 Multiple Remote Denial of service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488142/100/200/threaded"
},
{
"name": "4722",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4722"
},
{
"name": "27804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27804"
},
{
"name": "22553",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22553"
}
]
}
}

190
2008/5xxx/CVE-2008-5679.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"name" : "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php",
"refsource" : "MISC",
"url" : "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name" : "http://www.opera.com/docs/changelogs/linux/963/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name" : "http://www.opera.com/support/kb/view/921/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/921/"
},
{
"name" : "GLSA-200903-30",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-30.xml"
},
{
"name" : "1021460",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021460"
},
{
"name" : "34294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34294"
},
{
"name" : "4791",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4791"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20081217 n.runs-SA-2008.010 - Opera HTML parsing Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499315/100/0/threaded"
},
{
"name": "http://www.opera.com/docs/changelogs/linux/963/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/linux/963/"
},
{
"name": "4791",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4791"
},
{
"name": "1021460",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021460"
},
{
"name": "http://www.opera.com/support/kb/view/921/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/921/"
},
{
"name": "34294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34294"
},
{
"name": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_opera_html_parsing_code_execution.php"
},
{
"name": "GLSA-200903-30",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-30.xml"
}
]
}
}

150
2008/5xxx/CVE-2008-5855.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7526",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7526"
},
{
"name" : "33253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33253"
},
{
"name" : "4873",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4873"
},
{
"name" : "loginsession-login-info-disclosure(47502)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47502"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "myPHPscripts Login Session 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover usernames, e-mail addresses, and password hashes via a direct request for users.txt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4873",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4873"
},
{
"name": "7526",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7526"
},
{
"name": "33253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33253"
},
{
"name": "loginsession-login-info-disclosure(47502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47502"
}
]
}
}

34
2013/0xxx/CVE-2013-0161.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0161",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0161",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2013/0xxx/CVE-2013-0394.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

130
2013/0xxx/CVE-2013-0519.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21636369",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"
},
{
"name" : "ssp-cve20130519-info-disclosure(82654)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 provides web-server version data in (1) an unspecified page title and (2) an unspecified HTTP header field, which allows remote attackers to obtain potentially sensitive information by reading a version string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ssp-cve20130519-info-disclosure(82654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82654"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21636369"
}
]
}
}

160
2013/0xxx/CVE-2013-0860.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-0860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b"
},
{
"name" : "http://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.ffmpeg.org/security.html"
},
{
"name" : "GLSA-201603-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-06"
},
{
"name" : "MDVSA-2014:227",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=68a0477bc0af026db971ddba22541029a9e8715b"
},
{
"name": "MDVSA-2014:227",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:227"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e196e4def03c7a91423803402f84d638d316c33"
}
]
}
}

140
2013/1xxx/CVE-2013-1086.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/kb/doc.php?id=7012064",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=802906",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name" : "53098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/kb/doc.php?id=7012064",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/kb/doc.php?id=7012064"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=802906",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=802906"
},
{
"name": "53098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53098"
}
]
}
}

270
2013/3xxx/CVE-2013-3557.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-25.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599"
},
{
"name" : "https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html"
},
{
"name" : "DSA-2700",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2700"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "MDVSA-2013:172",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:172"
},
{
"name" : "RHSA-2014:0341",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name" : "openSUSE-SU-2013:1084",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"
},
{
"name" : "openSUSE-SU-2013:1086",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"
},
{
"name" : "openSUSE-SU-2013:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
},
{
"name" : "openSUSE-SU-2013:0947",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
},
{
"name" : "oval:org.mitre.oval:def:16521",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16521"
},
{
"name" : "53425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53425"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.6.x before 1.6.15 and 1.8.x before 1.8.7 does not properly initialize a certain variable, which allows remote attackers to cause a denial of service (application crash) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ber.c?r1=48944&r2=48943&pathrev=48944"
},
{
"name": "53425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53425"
},
{
"name": "openSUSE-SU-2013:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
},
{
"name": "oval:org.mitre.oval:def:16521",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16521"
},
{
"name": "RHSA-2014:0341",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48944"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2013-25.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-25.html"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8599"
},
{
"name": "openSUSE-SU-2013:1086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"
},
{
"name": "https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/docs/relnotes/wireshark-1.6.15.html"
},
{
"name": "DSA-2700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2700"
},
{
"name": "openSUSE-SU-2013:0947",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
},
{
"name": "MDVSA-2013:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:172"
},
{
"name": "openSUSE-SU-2013:1084",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"
}
]
}
}

160
2013/3xxx/CVE-2013-3773.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remote attackers to affect availability via vectors related to XSCF Control Package (XCP)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "61247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61247"
},
{
"name" : "95311",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95311"
},
{
"name" : "54240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54240"
},
{
"name" : "oracle-cpujuly2013-cve20133773(85698)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85698"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the SPARC Enterprise M Series Servers component in Oracle and Sun Systems Products Suite XCP 1114 and earlier allows remote attackers to affect availability via vectors related to XSCF Control Package (XCP)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujuly2013-cve20133773(85698)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85698"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "95311",
"refsource": "OSVDB",
"url": "http://osvdb.org/95311"
},
{
"name": "61247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61247"
},
{
"name": "54240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54240"
}
]
}
}

150
2013/3xxx/CVE-2013-3797.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3797",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "61239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61239"
},
{
"name" : "95315",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95315"
},
{
"name" : "oracle-cpujuly2013-cve20133797(85702)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 11 allows local users to affect availability via unknown vectors related to Filesystem/DevFS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujuly2013-cve20133797(85702)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85702"
},
{
"name": "95315",
"refsource": "OSVDB",
"url": "http://osvdb.org/95315"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name": "61239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61239"
}
]
}
}

130
2013/4xxx/CVE-2013-4065.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659959",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
},
{
"name" : "ibm-inotes-cve20134065-xss(86596)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-inotes-cve20134065-xss(86596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86596"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21659959"
}
]
}
}

130
2013/4xxx/CVE-2013-4778.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130614-0_Siemens_OpenScape_Branch_SBC_Multiple_Vulnerabilities_v10.txt",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130614-0_Siemens_OpenScape_Branch_SBC_Multiple_Vulnerabilities_v10.txt"
},
{
"name" : "60555",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "60555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60555"
},
{
"name": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130614-0_Siemens_OpenScape_Branch_SBC_Multiple_Vulnerabilities_v10.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130614-0_Siemens_OpenScape_Branch_SBC_Multiple_Vulnerabilities_v10.txt"
}
]
}
}

130
2013/4xxx/CVE-2013-4843.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-4843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF02939",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name" : "SSRT101326",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF02939",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
},
{
"name": "SSRT101326",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03996804"
}
]
}
}

160
2013/7xxx/CVE-2013-7235.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131213 Multiple vulnerabilities in SMF forum software",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"name" : "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name" : "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name" : "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/",
"refsource" : "MISC",
"url" : "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"name" : "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource" : "CONFIRM",
"url" : "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20131230 CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/1"
},
{
"name": "[oss-security] 20131229 Re: CVE request: SMF 1.1.19, 2.0.6",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/30/3"
},
{
"name": "20131213 Multiple vulnerabilities in SMF forum software",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/83"
},
{
"name": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/",
"refsource": "MISC",
"url": "http://www.jakoblell.com/blog/2013/12/13/multiple-vulnerabilities-in-smf-forum-software/"
},
{
"name": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt",
"refsource": "CONFIRM",
"url": "http://download.simplemachines.org/index.php?thanks;filename=smf_2-0-6_changelog.txt"
}
]
}
}

34
2017/12xxx/CVE-2017-12048.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12048",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12048",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/12xxx/CVE-2017-12262.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2017-12262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Application Policy Infrastructure Controller Enterprise Module",
"version" : {
"version_data" : [
{
"version_value" : "Cisco Application Policy Infrastructure Controller Enterprise Module"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-284"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2017-12262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Application Policy Infrastructure Controller Enterprise Module",
"version": {
"version_data": [
{
"version_value": "Cisco Application Policy Infrastructure Controller Enterprise Module"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem"
},
{
"name" : "101647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101647"
},
{
"name" : "1039716",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability within the firewall configuration of the Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) could allow an unauthenticated, adjacent attacker to gain privileged access to services only available on the internal network of the device. The vulnerability is due to an incorrect firewall rule on the device. The misconfiguration could allow traffic sent to the public interface of the device to be forwarded to the internal virtual network of the APIC-EM. An attacker that is logically adjacent to the network on which the public interface of the affected APIC-EM resides could leverage this behavior to gain access to services listening on the internal network with elevated privileges. This vulnerability affects appliances or virtual devices running Cisco Application Policy Infrastructure Controller Enterprise Module prior to version 1.5. Cisco Bug IDs: CSCve89638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1039716",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039716"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171101-apicem"
},
{
"name": "101647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101647"
}
]
}
}

34
2017/12xxx/CVE-2017-12841.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12841",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12841",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/12xxx/CVE-2017-12909.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lu4n.com/cve/9.txt",
"refsource" : "MISC",
"url" : "http://lu4n.com/cve/9.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lu4n.com/cve/9.txt",
"refsource": "MISC",
"url": "http://lu4n.com/cve/9.txt"
}
]
}
}

120
2017/12xxx/CVE-2017-12963.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482335",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1482335"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from GitHub after 2017-07-24)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1482335",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1482335"
}
]
}
}

174
2017/13xxx/CVE-2017-13255.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-13255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "5.1.1"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-13255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "5.1.1"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name" : "103253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In process_service_attr_req of sdp_server.c, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68776054."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-03-01"
},
{
"name": "103253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103253"
}
]
}
}

158
2017/13xxx/CVE-2017-13278.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2017-13278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android",
"version" : {
"version_data" : [
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "7.0"
},
{
"version_value" : "7.1.1"
},
{
"version_value" : "7.1.2"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2017-13278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "7.0"
},
{
"version_value": "7.1.1"
},
{
"version_value": "7.1.2"
},
{
"version_value": "8.0"
},
{
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70546581."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
}
]
}
}

34
2017/13xxx/CVE-2017-13437.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13437",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13437",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2017/16xxx/CVE-2017-16053.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16053",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "fabric-js node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16053",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "fabric-js node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/487",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "`fabric-js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/487",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/487"
}
]
}
}

122
2017/16xxx/CVE-2017-16055.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "sqlserver node module",
"version" : {
"version_data" : [
{
"version_value" : "All versions"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Embedded Malicious Code (CWE-506)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sqlserver node module",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodesecurity.io/advisories/486",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/486"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "`sqlserver` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Embedded Malicious Code (CWE-506)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/486",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/486"
}
]
}
}

130
2017/16xxx/CVE-2017-16905.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/281605",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/281605"
},
{
"name" : "https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/",
"refsource" : "MISC",
"url" : "https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DuoLingo TinyCards application before 1.0 for Android has one use of unencrypted HTTP, which allows remote attackers to spoof content, and consequently achieve remote code execution, via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/",
"refsource": "MISC",
"url": "https://wwws.nightwatchcybersecurity.com/2018/01/04/rce-in-duolingos-tinycards-app-for-android-cve-2017-16905/"
},
{
"name": "https://hackerone.com/reports/281605",
"refsource": "MISC",
"url": "https://hackerone.com/reports/281605"
}
]
}
}

120
2017/16xxx/CVE-2017-16936.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Iolop/Poc/tree/master/Router/Tenda",
"refsource" : "MISC",
"url" : "https://github.com/Iolop/Poc/tree/master/Router/Tenda"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V15.03.05.05_multi_TD01, and Ac18 ac18_kf_V15.03.05.19(6318_)_cn devices allows remote unauthenticated attackers to read arbitrary files via a cgi-bin/luci/request?op=1&path= URI that uses directory traversal sequences after a /usb/ substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Iolop/Poc/tree/master/Router/Tenda",
"refsource": "MISC",
"url": "https://github.com/Iolop/Poc/tree/master/Router/Tenda"
}
]
}
}

34
2017/17xxx/CVE-2017-17261.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17261",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-17261",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}
}

140
2017/17xxx/CVE-2017-17621.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43290",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43290/"
},
{
"name" : "https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html"
},
{
"name" : "https://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the PATH_INFO to the /detail URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43290",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43290/"
},
{
"name": "https://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145333/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html"
},
{
"name": "https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145331/Multivendor-Penny-Auction-Clone-Script-1.0-SQL-Injection.html"
}
]
}
}

130
2017/17xxx/CVE-2017-17628.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43297",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43297/"
},
{
"name" : "https://packetstormsecurity.com/files/145340/Responsive-Realestate-Script-3.2-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145340/Responsive-Realestate-Script-3.2-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/145340/Responsive-Realestate-Script-3.2-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145340/Responsive-Realestate-Script-3.2-SQL-Injection.html"
},
{
"name": "43297",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43297/"
}
]
}
}

34
2018/18xxx/CVE-2018-18055.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18055",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18055",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/18xxx/CVE-2018-18071.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://vuldb.com/?id.125081",
"refsource" : "MISC",
"url" : "https://vuldb.com/?id.125081"
},
{
"name" : "https://www.scip.ch/en/?labs.20180405",
"refsource" : "MISC",
"url" : "https://www.scip.ch/en/?labs.20180405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Daimler Mercedes-Benz Me app 2.11.0-846 for iOS. The encrypted Connected Vehicle API data exchange between the app and a server might be intercepted. The app can be used to operate the Remote Parking Pilot, unlock the vehicle, or obtain sensitive information such as latitude, longitude, and direction of travel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.125081",
"refsource": "MISC",
"url": "https://vuldb.com/?id.125081"
},
{
"name": "https://www.scip.ch/en/?labs.20180405",
"refsource": "MISC",
"url": "https://www.scip.ch/en/?labs.20180405"
}
]
}
}

120
2018/18xxx/CVE-2018-18377.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/remix30303/AirBoxDoom",
"refsource" : "MISC",
"url" : "https://github.com/remix30303/AirBoxDoom"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "goform/setReset on Orange AirBox Y858_FL_01.16_04 devices allows attackers to reset a router to factory settings, which can be used to login using the default admin:admin credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/remix30303/AirBoxDoom",
"refsource": "MISC",
"url": "https://github.com/remix30303/AirBoxDoom"
}
]
}
}

34
2018/18xxx/CVE-2018-18466.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18466",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/18xxx/CVE-2018-18744.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss7",
"refsource" : "MISC",
"url" : "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss7",
"refsource": "MISC",
"url": "https://github.com/AvaterXXX/SEMCMS/blob/master/XSS.md#xss7"
}
]
}
}

132
2018/19xxx/CVE-2018-19019.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2019-01-17T00:00:00",
"ID" : "CVE-2018-19019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CX-Supervisor",
"version" : {
"version_data" : [
{
"version_value" : "Versions 3.42 and prior"
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2019-01-17T00:00:00",
"ID": "CVE-2018-19019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CX-Supervisor",
"version": {
"version_data": [
{
"version_value": "Versions 3.42 and prior"
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
},
{
"name" : "106654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A type confusion vulnerability exists when processing project files in CX-Supervisor (Versions 3.42 and prior). An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106654"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-19-017-01"
}
]
}
}

130
2018/19xxx/CVE-2018-19059.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/661",
"refsource" : "MISC",
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"name" : "USN-3837-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3837-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Poppler 0.71.0. There is a out-of-bounds read in EmbFile::save2 in FileSpec.cc, will lead to denial of service, as demonstrated by utils/pdfdetach.cc not validating embedded files before save attempts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/661",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/661"
},
{
"name": "USN-3837-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3837-1/"
}
]
}
}

34
2018/19xxx/CVE-2018-19663.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19663",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19663",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2018/1xxx/CVE-2018-1201.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-03-19T00:00:00",
"ID" : "CVE-2018-1201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Isilon OneFS",
"version" : {
"version_data" : [
{
"version_value" : "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-03-19T00:00:00",
"ID": "CVE-2018-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Isilon OneFS",
"version": {
"version_data": [
{
"version_value": "versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, 8.0.0.0 - 8.0.0.6, versions 7.2.1.x and version 7.1.1.11"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44039",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44039/"
},
{
"name" : "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name" : "103033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103033"
},
{
"name": "20180319 DSA-2018-018: Dell EMC Isilon OneFS Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/50"
},
{
"name": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/dell-emc-isilon-onefs-multiple-vulnerabilities"
},
{
"name": "44039",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44039/"
}
]
}
}

122
2018/1xxx/CVE-2018-1353.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@fortinet.com",
"DATE_PUBLIC" : "2018-08-27T00:00:00",
"ID" : "CVE-2018-1353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FortiManager",
"version" : {
"version_data" : [
{
"version_value" : "6.0.1 and below"
}
]
}
}
]
},
"vendor_name" : "Fortinet, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@fortinet.com",
"DATE_PUBLIC": "2018-08-27T00:00:00",
"ID": "CVE-2018-1353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FortiManager",
"version": {
"version_data": [
{
"version_value": "6.0.1 and below"
}
]
}
}
]
},
"vendor_name": "Fortinet, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://fortiguard.com/advisory/FG-IR-18-016",
"refsource" : "CONFIRM",
"url" : "https://fortiguard.com/advisory/FG-IR-18-016"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Fortinet FortiManager 6.0.1 and below versions allows a standard user with adom assignment read the interface settings of vdoms unrelated to the assigned adom."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://fortiguard.com/advisory/FG-IR-18-016",
"refsource": "CONFIRM",
"url": "https://fortiguard.com/advisory/FG-IR-18-016"
}
]
}
}

226
2018/1xxx/CVE-2018-1829.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-08T00:00:00",
"ID" : "CVE-2018-1829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-08T00:00:00",
"ID": "CVE-2018-1829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
},
{
"name" : "ibm-rqm-cve20181829-xss(150432)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150432."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
},
{
"name": "ibm-rqm-cve20181829-xss(150432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150432"
}
]
}
}

34
2018/1xxx/CVE-2018-1832.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1832",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1832",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/5xxx/CVE-2018-5001.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-5001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Flash Player 29.0.0.171 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Flash Player 29.0.0.171 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-5001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player 29.0.0.171 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player 29.0.0.171 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"
},
{
"name" : "GLSA-201806-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201806-02"
},
{
"name" : "RHSA-2018:1827",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1827"
},
{
"name" : "104413",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104413"
},
{
"name" : "1041058",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player versions 29.0.0.171 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1827",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1827"
},
{
"name": "1041058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041058"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-19.html"
},
{
"name": "GLSA-201806-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-02"
},
{
"name": "104413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104413"
}
]
}
}

162
2018/5xxx/CVE-2018-5107.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "58"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Printing process will follow symlinks for local file access"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "58"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1379276",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1379276"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-02/"
},
{
"name" : "USN-3544-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3544-1/"
},
{
"name" : "102786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102786"
},
{
"name" : "1040270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. This vulnerability affects Firefox < 58."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Printing process will follow symlinks for local file access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040270"
},
{
"name": "USN-3544-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3544-1/"
},
{
"name": "102786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102786"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379276",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1379276"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-02/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-02/"
}
]
}
}

150
2018/5xxx/CVE-2018-5213.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805",
"refsource" : "MISC",
"url" : "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805"
},
{
"name" : "https://github.com/Arsenal21/simple-download-monitor/issues/27",
"refsource" : "MISC",
"url" : "https://github.com/Arsenal21/simple-download-monitor/issues/27"
},
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md"
},
{
"name" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/",
"refsource" : "MISC",
"url" : "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/simple-download-monitor.md"
},
{
"name": "https://github.com/Arsenal21/simple-download-monitor/issues/27",
"refsource": "MISC",
"url": "https://github.com/Arsenal21/simple-download-monitor/issues/27"
},
{
"name": "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/",
"refsource": "MISC",
"url": "https://wordpress.org/support/topic/stored-xss-bug-at-the-latest-version-of-simple-download-monitor/"
},
{
"name": "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805",
"refsource": "MISC",
"url": "https://github.com/Arsenal21/simple-download-monitor/commit/8ab8b9166bc87feba26a1573cf595af48eff7805"
}
]
}
}

130
2018/5xxx/CVE-2018-5358.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5358",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/939",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/939"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes function in coders/json.c, as demonstrated by the ReadPSDLayersInternal function in coders/psd.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/939",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/939"
}
]
}
}

120
2018/5xxx/CVE-2018-5695.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vulnerability-lab.com/get_content.php?id=1940",
"refsource" : "MISC",
"url" : "https://www.vulnerability-lab.com/get_content.php?id=1940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the order or sort parameter to the wpjb-job or wpjb-alerts module, with a request to wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerability-lab.com/get_content.php?id=1940",
"refsource": "MISC",
"url": "https://www.vulnerability-lab.com/get_content.php?id=1940"
}
]
}
}