admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:48:44 +00:00
parent f59b5385fc
commit 1dae96dfc6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3437 additions and 3437 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2001/0xxx/CVE-2001-0462.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0462", "ID": "CVE-2001-0462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010424 Advisory for perl webserver", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html" "lang": "eng",
}, "value": "Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL."
{ }
"name" : "perl-webserver-directory-traversal(6451)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6451" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2648", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2648" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "2648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2648"
},
{
"name": "perl-webserver-directory-traversal(6451)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6451"
},
{
"name": "20010424 Advisory for perl webserver",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html"
}
]
}
}

160
2008/0xxx/CVE-2008-0463.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0463", "ID": "CVE-2008-0463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/213473", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/213473" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties."
{ }
"name" : "27444", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27444" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0279", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0279" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28633", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28633" ]
}, },
{ "references": {
"name" : "workflow-messages-xss(39896)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39896" "name": "27444",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/27444"
} },
} {
"name": "28633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28633"
},
{
"name": "workflow-messages-xss(39896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39896"
},
{
"name": "ADV-2008-0279",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0279"
},
{
"name": "http://drupal.org/node/213473",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/213473"
}
]
}
}

160
2008/0xxx/CVE-2008-0492.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0492", "ID": "CVE-2008-0492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "4987", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4987" "lang": "eng",
}, "value": "Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control in XUpload.ocx 3.0.0.4 and earlier in Persits XUpload 3.0 allows remote attackers to execute arbitrary code via a long argument to the AddFile method. NOTE: some of these details are obtained from third party information."
{ }
"name" : "27456", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0315", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0315" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28660", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28660" ]
}, },
{ "references": {
"name" : "persits-xupload-bo(39967)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39967" "name": "persits-xupload-bo(39967)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39967"
} },
} {
"name": "28660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28660"
},
{
"name": "ADV-2008-0315",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0315"
},
{
"name": "4987",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4987"
},
{
"name": "27456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27456"
}
]
}
}

320
2008/1xxx/CVE-2008-1109.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-1109", "ID": "CVE-2008-1109",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://secunia.com/secunia_research/2008-23/advisory/", "description_data": [
"refsource" : "MISC", {
"url" : "http://secunia.com/secunia_research/2008-23/advisory/" "lang": "eng",
}, "value": "Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window)."
{ }
"name" : "FEDORA-2008-4990", ]
"refsource" : "FEDORA", },
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2008-5016", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-5018", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html" ]
}, },
{ "references": {
"name" : "GLSA-200806-06", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200806-06.xml" "name": "FEDORA-2008-5018",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00179.html"
"name" : "MDVSA-2008:111", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111" "name": "ADV-2008-1732",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1732/references"
"name" : "RHSA-2008:0514", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0514.html" "name": "30298",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30298"
"name" : "RHSA-2008:0515", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0515.html" "name": "FEDORA-2008-5016",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00178.html"
"name" : "SUSE-SA:2008:028", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html" "name": "30564",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30564"
"name" : "USN-615-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-615-1" "name": "SUSE-SA:2008:028",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00003.html"
"name" : "29527", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29527" "name": "RHSA-2008:0515",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0515.html"
"name" : "oval:org.mitre.oval:def:10337", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337" "name": "GLSA-200806-06",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200806-06.xml"
"name" : "ADV-2008-1732", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1732/references" "name": "30571",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30571"
"name" : "1020170", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020170" "name": "FEDORA-2008-4990",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html"
"name" : "30298", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30298" "name": "evolution-icalendar-description-bo(42826)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826"
"name" : "30571", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30571" "name": "1020170",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020170"
"name" : "30527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30527" "name": "http://secunia.com/secunia_research/2008-23/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2008-23/advisory/"
"name" : "30702", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30702" "name": "RHSA-2008:0514",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0514.html"
"name" : "30716", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30716" "name": "30716",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30716"
"name" : "30564", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30564" "name": "30527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30527"
"name" : "evolution-icalendar-description-bo(42826)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42826" "name": "29527",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29527"
} },
} {
"name": "30702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30702"
},
{
"name": "MDVSA-2008:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:111"
},
{
"name": "oval:org.mitre.oval:def:10337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10337"
},
{
"name": "USN-615-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-615-1"
}
]
}
}

140
2008/1xxx/CVE-2008-1642.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1642", "ID": "CVE-2008-1642",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "28536", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28536" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "29592", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/29592" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "savasguestbook-index-file-include(41596)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41596" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "28536",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28536"
},
{
"name": "29592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29592"
},
{
"name": "savasguestbook-index-file-include(41596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41596"
}
]
}
}

170
2008/1xxx/CVE-2008-1743.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2008-1743", "ID": "CVE-2008-1743",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml" "lang": "eng",
}, "value": "Memory leak in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM) 5.x before 5.1(3) and 6.x before 6.1(1) allows remote attackers to cause a denial of service (memory consumption and service interruption) via a series of malformed TCP packets, aka Bug ID CSCsi98433."
{ }
"name" : "29221", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/29221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1533", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1533" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020022", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1020022" ]
}, },
{ "references": {
"name" : "30238", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30238" "name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
"name" : "cucm-ctl-dos(42414)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414" "name": "ADV-2008-1533",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/1533"
} },
} {
"name": "29221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29221"
},
{
"name": "30238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30238"
},
{
"name": "1020022",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020022"
},
{
"name": "cucm-ctl-dos(42414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42414"
}
]
}
}

180
2008/4xxx/CVE-2008-4963.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4963", "ID": "CVE-2008-4963",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081105 Cisco VLAN Trunking Protocol Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_response09186a0080a231cf.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the VLAN Trunking Protocol (VTP) implementation on Cisco IOS and CatOS, when the VTP operating mode is not transparent, allows remote attackers to cause a denial of service (device reload or hang) via a crafted VTP packet sent to a switch interface configured as a trunk port."
{ }
"name" : "32120", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32120" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49601", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49601" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1021143", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1021143" ]
}, },
{ "references": {
"name" : "1021144", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021144" "name": "32573",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32573"
"name" : "32573", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32573" "name": "20081105 Cisco VLAN Trunking Protocol Vulnerability",
}, "refsource": "CISCO",
{ "url": "http://www.cisco.com/en/US/products/products_security_response09186a0080a231cf.html"
"name" : "cisco-ios-catos-vtp-dos(46346)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46346" "name": "1021143",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1021143"
} },
} {
"name": "1021144",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021144"
},
{
"name": "cisco-ios-catos-vtp-dos(46346)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46346"
},
{
"name": "32120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32120"
},
{
"name": "49601",
"refsource": "OSVDB",
"url": "http://osvdb.org/49601"
}
]
}
}

230
2008/5xxx/CVE-2008-5243.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5243", "ID": "CVE-2008-5243",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495674/100/0/threaded" "lang": "eng",
}, "value": "The real_parse_headers function in demux_real.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an untrusted input length value to \"reindex into an allocated buffer,\" which allows remote attackers to cause a denial of service (crash) via a crafted value, probably an array index error."
{ }
"name" : "http://www.ocert.org/analysis/2008-008/analysis.txt", ]
"refsource" : "MISC", },
"url" : "http://www.ocert.org/analysis/2008-008/analysis.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2009-0542", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-7512", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html" ]
}, },
{ "references": {
"name" : "FEDORA-2008-7572", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html" "name": "30797",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30797"
"name" : "MDVSA-2009:020", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020" "name": "33544",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33544"
"name" : "SUSE-SR:2009:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" "name": "http://www.ocert.org/analysis/2008-008/analysis.txt",
}, "refsource": "MISC",
{ "url": "http://www.ocert.org/analysis/2008-008/analysis.txt"
"name" : "30797", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30797" "name": "4648",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4648"
"name" : "33544", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33544" "name": "31827",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31827"
"name" : "31827", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31827" "name": "FEDORA-2008-7572",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
"name" : "4648", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4648" "name": "SUSE-SR:2009:004",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
"name" : "xinelib-realparseheader-dos(44658)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658" "name": "20080822 [oCERT-2008-008] multiple heap overflows in xine-lib",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/495674/100/0/threaded"
} },
} {
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2009-0542",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00555.html"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "xinelib-realparseheader-dos(44658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44658"
}
]
}
}

140
2008/5xxx/CVE-2008-5377.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5377", "ID": "CVE-2008-5377",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7550", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7550" "lang": "eng",
}, "value": "pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333."
{ }
"name" : "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", ]
"refsource" : "MLIST", },
"url" : "http://lists.debian.org/debian-devel/2008/08/msg00347.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://uvw.ru/report.sid.txt", "description": [
"refsource" : "MISC", {
"url" : "http://uvw.ru/report.sid.txt" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "[debian-devel] 20080813 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00347.html"
},
{
"name": "http://uvw.ru/report.sid.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.sid.txt"
},
{
"name": "7550",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7550"
}
]
}
}

170
2008/5xxx/CVE-2008-5436.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2008-5436", "ID": "CVE-2008-5436",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect integrity and availability via unknown vectors."
{ }
"name" : "33177", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33177" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-0115", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0115" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "51346", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/51346" ]
}, },
{ "references": {
"name" : "1021561", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021561" "name": "33525",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33525"
"name" : "33525", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33525" "name": "1021561",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1021561"
} },
} {
"name": "ADV-2009-0115",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0115"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2009-097901.html"
},
{
"name": "51346",
"refsource": "OSVDB",
"url": "http://osvdb.org/51346"
},
{
"name": "33177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33177"
}
]
}
}

150
2008/5xxx/CVE-2008-5665.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5665", "ID": "CVE-2008-5665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6748", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6748" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter."
{ }
"name" : "31749", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31749" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4784", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4784" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "xhresim-index-sql-injection(45863)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45863" ]
} },
] "references": {
} "reference_data": [
} {
"name": "xhresim-index-sql-injection(45863)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45863"
},
{
"name": "31749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31749"
},
{
"name": "6748",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6748"
},
{
"name": "4784",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4784"
}
]
}
}

140
2008/5xxx/CVE-2008-5839.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5839", "ID": "CVE-2008-5839",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sebug.net/exploit/4681/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sebug.net/exploit/4681/" "lang": "eng",
}, "value": "Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element."
{ }
"name" : "31294", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31294" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "foxmail-mailto-bo(45343)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45343" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.sebug.net/exploit/4681/",
"refsource": "MISC",
"url": "http://www.sebug.net/exploit/4681/"
},
{
"name": "foxmail-mailto-bo(45343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45343"
},
{
"name": "31294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31294"
}
]
}
}

150
2008/5xxx/CVE-2008-5893.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5893", "ID": "CVE-2008-5893",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7485", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7485" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action."
{ }
"name" : "32857", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32857" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33155", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33155" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4903", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4903" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4903",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4903"
},
{
"name": "33155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33155"
},
{
"name": "7485",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7485"
},
{
"name": "32857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32857"
}
]
}
}

180
2013/0xxx/CVE-2013-0190.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0190", "ID": "CVE-2013-0190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/01/16/8" "lang": "eng",
}, "value": "The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption."
{ }
"name" : "[oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/01/16/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=896038", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=896038" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:0496", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0496.html" ]
}, },
{ "references": {
"name" : "USN-1725-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1725-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=896038",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=896038"
"name" : "USN-1728-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1728-1" "name": "RHSA-2013:0496",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-0496.html"
"name" : "57433", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/57433" "name": "USN-1728-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-1728-1"
} },
} {
"name": "USN-1725-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1725-1"
},
{
"name": "[oss-security] 20130116 [PATCH] xen: Fix stack corruption in xen_failsafe_callback for 32bit PVOPS guests.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/16/6"
},
{
"name": "[oss-security] 20130116 Xen Security Advisory 40 (CVE-2013-0190) - Linux stack corruption in xen_failsafe_callback for 32bit PVOPS guests.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/01/16/8"
},
{
"name": "57433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57433"
}
]
}
}

160
2013/0xxx/CVE-2013-0662.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-0662", "ID": "CVE-2013-0662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45219", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45219/" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header."
{ }
"name" : "45220", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/45220/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01", "description": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01", ]
"refsource" : "CONFIRM", }
"url" : "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01" ]
}, },
{ "references": {
"name" : "66500", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66500" "name": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01",
} "refsource": "CONFIRM",
] "url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD%202013-070-01"
} },
} {
"name": "45219",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45219/"
},
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-086-01"
},
{
"name": "66500",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66500"
},
{
"name": "45220",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45220/"
}
]
}
}

150
2013/0xxx/CVE-2013-0977.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2013-0977", "ID": "CVE-2013-0977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT5702", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5702" "lang": "eng",
}, "value": "dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not properly manage the state of file loading for Mach-O executable files, which allows local users to bypass intended code-signing requirements via a file that contains overlapping segments."
{ }
"name" : "http://support.apple.com/kb/HT5704", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT5704" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2013-03-19-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2013-03-19-2", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "APPLE-SA-2013-03-19-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00005.html"
},
{
"name": "APPLE-SA-2013-03-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT5702",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5702"
},
{
"name": "http://support.apple.com/kb/HT5704",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5704"
}
]
}
}

140
2013/3xxx/CVE-2013-3190.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3190", "ID": "CVE-2013-3190",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-059", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
{ }
"name" : "TA13-225A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-225A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18037", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18037" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-059"
},
{
"name": "oval:org.mitre.oval:def:18037",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18037"
},
{
"name": "TA13-225A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-225A"
}
]
}
}

150
2013/3xxx/CVE-2013-3242.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3242", "ID": "CVE-2013-3242",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130426 [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0232.html" "lang": "eng",
}, "value": "plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors."
{ }
"name" : "25087", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/25087" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://karmainsecurity.com/KIS-2013-04", "description": [
"refsource" : "MISC", {
"url" : "http://karmainsecurity.com/KIS-2013-04" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html", ]
"refsource" : "CONFIRM", }
"url" : "http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://karmainsecurity.com/KIS-2013-04",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2013-04"
},
{
"name": "20130426 [KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0232.html"
},
{
"name": "http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html"
},
{
"name": "25087",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/25087"
}
]
}
}

130
2013/3xxx/CVE-2013-3627.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-3627", "ID": "CVE-2013-3627",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10055", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10055" "lang": "eng",
}, "value": "FrameworkService.exe in McAfee Framework Service in McAfee Managed Agent (MA) before 4.5.0.1927 and 4.6 before 4.6.0.3258 allows remote attackers to cause a denial of service (service crash) via a malformed HTTP request."
{ }
"name" : "VU#613886", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/613886" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#613886",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/613886"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10055",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10055"
}
]
}
}

130
2013/4xxx/CVE-2013-4035.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-4035", "ID": "CVE-2013-4035",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/" "lang": "eng",
}, "value": "IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, and 3.6.0.1 allow remote attackers to have unspecified impact by leveraging failure to reject client requests for an unencrypted session when used as the server in a TCP/IP session and configured for SSL encryption with the client. IBM X-Force ID: 86138."
{ }
"name" : "scd-cve20134035-weak-security(86138)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86138" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "scd-cve20134035-weak-security(86138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86138"
},
{
"name": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-sterling-connectdirect-for-openvms-unencrypted-data-transfers-can-occur-even-when-ssl-encryption-is-specified-in-the-security-configuration-cve-2013-4035/"
}
]
}
}

130
2013/4xxx/CVE-2013-4092.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4092", "ID": "CVE-2013-4092",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html" "lang": "eng",
}, "value": "The SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows context-dependent attackers to obtain sensitive information by leveraging the presence of (1) a session ID in the jsessionid field to secsphLogin.jsp or (2) credentials in the j_password parameter to j_acegi_security_check, and reading (a) web-server access logs, (b) web-server Referer logs, or (c) the browser history."
{ }
"name" : "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt", ]
"refsource" : "MISC", },
"url" : "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121861/Imperva-SecureSphere-Operations-Manager-Command-Execution.html"
},
{
"name": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt",
"refsource": "MISC",
"url": "http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt"
}
]
}
}

180
2013/4xxx/CVE-2013-4205.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4205", "ID": "CVE-2013-4205",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130806 Re: CLONE_NEWUSER local DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/08/06/2" "lang": "eng",
}, "value": "Memory leak in the unshare_userns function in kernel/user_namespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service (memory consumption) via an invalid CLONE_NEWUSER unshare call."
{ }
"name" : "http://twitter.com/grsecurity/statuses/364566062336978944", ]
"refsource" : "MISC", },
"url" : "http://twitter.com/grsecurity/statuses/364566062336978944" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6160968cee8b90a5dd95318d716e31d7775c4ef3", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6160968cee8b90a5dd95318d716e31d7775c4ef3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/6160968cee8b90a5dd95318d716e31d7775c4ef3", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/6160968cee8b90a5dd95318d716e31d7775c4ef3" "name": "https://github.com/torvalds/linux/commit/6160968cee8b90a5dd95318d716e31d7775c4ef3",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/6160968cee8b90a5dd95318d716e31d7775c4ef3"
"name" : "USN-1971-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1971-1" "name": "[oss-security] 20130806 Re: CLONE_NEWUSER local DoS",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/08/06/2"
"name" : "USN-1974-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1974-1" "name": "http://twitter.com/grsecurity/statuses/364566062336978944",
} "refsource": "MISC",
] "url": "http://twitter.com/grsecurity/statuses/364566062336978944"
} },
} {
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.6"
},
{
"name": "USN-1971-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1971-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6160968cee8b90a5dd95318d716e31d7775c4ef3",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6160968cee8b90a5dd95318d716e31d7775c4ef3"
},
{
"name": "USN-1974-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1974-1"
}
]
}
}

200
2013/4xxx/CVE-2013-4635.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4635", "ID": "CVE-2013-4635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.php.net/ChangeLog-5.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function."
{ }
"name" : "https://bugs.php.net/bug.php?id=64895", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.php.net/bug.php?id=64895" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:1285", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2013:1316", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2013:1315", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html" "name": "1028699",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1028699"
"name" : "USN-1905-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1905-1" "name": "54104",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54104"
"name" : "20130624 CVE-2013-4635 SndToJewish / SdnToJewish function name", },
"refsource" : "VIM", {
"url" : "http://www.attrition.org/pipermail/vim/2013-June/002697.html" "name": "SUSE-SU-2013:1316",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00007.html"
"name" : "1028699", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1028699" "name": "USN-1905-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1905-1"
"name" : "54104", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54104" "name": "http://www.php.net/ChangeLog-5.php",
} "refsource": "CONFIRM",
] "url": "http://www.php.net/ChangeLog-5.php"
} },
} {
"name": "20130624 CVE-2013-4635 SndToJewish / SdnToJewish function name",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2013-June/002697.html"
},
{
"name": "SUSE-SU-2013:1315",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00006.html"
},
{
"name": "SUSE-SU-2013:1285",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00034.html"
},
{
"name": "https://bugs.php.net/bug.php?id=64895",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=64895"
}
]
}
}

180
2013/6xxx/CVE-2013-6337.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6337", "ID": "CVE-2013-6337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-62.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-62.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet."
{ }
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2792", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2792" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0342", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0342.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:1671", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html" "name": "openSUSE-SU-2013:1675",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html"
"name" : "openSUSE-SU-2013:1675", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-11/msg00027.html" "name": "http://www.wireshark.org/security/wnpa-sec-2013-62.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2013-62.html"
"name" : "oval:org.mitre.oval:def:19329", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19329" "name": "DSA-2792",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2013/dsa-2792"
} },
} {
"name": "oval:org.mitre.oval:def:19329",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19329"
},
{
"name": "openSUSE-SU-2013:1671",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-11/msg00026.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168"
},
{
"name": "RHSA-2014:0342",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0342.html"
}
]
}
}

180
2013/7xxx/CVE-2013-7225.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7225", "ID": "CVE-2013-7225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131224 Happy Holidays / Xmas Advisory", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Dec/199" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage timeline feature or (2) the activity feature."
{ }
"name" : "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2013/12/28/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.phenoelit.org/stuff/ffcrm.txt", "description": [
"refsource" : "MISC", {
"url" : "http://www.phenoelit.org/stuff/ffcrm.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066" ]
}, },
{ "references": {
"name" : "https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd" "name": "20131224 Happy Holidays / Xmas Advisory",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Dec/199"
"name" : "https://github.com/fatfreecrm/fat_free_crm/issues/300", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/fatfreecrm/fat_free_crm/issues/300" "name": "[oss-security] 20131228 Re: CVE request: Fat Free CRM multiple vulnerabilities",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2013/12/28/2"
"name" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29" "name": "http://www.phenoelit.org/stuff/ffcrm.txt",
} "refsource": "MISC",
] "url": "http://www.phenoelit.org/stuff/ffcrm.txt"
} },
} {
"name": "https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/issues/300",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/issues/300"
},
{
"name": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29",
"refsource": "CONFIRM",
"url": "https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29"
}
]
}
}

160
2013/7xxx/CVE-2013-7279.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7279", "ID": "CVE-2013-7279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML via the base parameter."
{ }
"name" : "http://wordpress.org/plugins/s3-video/changelog", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/plugins/s3-video/changelog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "64420", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64420" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "56167", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/56167" ]
}, },
{ "references": {
"name" : "wp-s3video-base-xss(89866)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89866" "name": "http://wordpress.org/plugins/s3-video/changelog",
} "refsource": "CONFIRM",
] "url": "http://wordpress.org/plugins/s3-video/changelog"
} },
} {
"name": "56167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56167"
},
{
"name": "wp-s3video-base-xss(89866)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89866"
},
{
"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fs3-video&old=823847&new_path=%2Fs3-video&new=823847"
},
{
"name": "64420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64420"
}
]
}
}

34
2017/10xxx/CVE-2017-10542.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10542", "ID": "CVE-2017-10542",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/10xxx/CVE-2017-10628.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10628", "ID": "CVE-2017-10628",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/10xxx/CVE-2017-10727.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10727", "ID": "CVE-2017-10727",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to \"Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10727", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10727" "lang": "eng",
} "value": "Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to \"Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10727",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10727"
}
]
}
}

122
2017/10xxx/CVE-2017-10936.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@zte.com.cn", "ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC" : "2017-11-22T00:00:00", "DATE_PUBLIC": "2017-11-22T00:00:00",
"ID" : "CVE-2017-10936", "ID": "CVE-2017-10936",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ZXCDN-SNS", "product_name": "ZXCDN-SNS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to V4.01.01" "version_value": "All versions prior to V4.01.01"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ZTE" "vendor_name": "ZTE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722" "lang": "eng",
} "value": "SQL injection vulnerability in all versions prior to V4.01.01 of the ZTE ZXCDN-SNS product allows remote attackers to execute arbitrary SQL commands via the aoData parameter, resulting in the disclosure of database information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008722"
}
]
}
}

142
2017/12xxx/CVE-2017-12544.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"DATE_PUBLIC" : "2017-09-26T00:00:00", "DATE_PUBLIC": "2017-09-26T00:00:00",
"ID" : "CVE-2017-12544", "ID": "CVE-2017-12544",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "System Management Homepage for Windows and Linux", "product_name": "System Management Homepage for Windows and Linux",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to 7.6.1" "version_value": "prior to 7.6.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us" "lang": "eng",
}, "value": "A cross-site scripting vulnerability in HPE System Management Homepage for Windows and Linux version prior to v7.6.1 was found."
{ }
"name" : "101029", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101029" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039437", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039437" "lang": "eng",
} "value": "cross-site scripting"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1039437",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039437"
},
{
"name": "101029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101029"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us"
}
]
}
}

140
2017/12xxx/CVE-2017-12650.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12650", "ID": "CVE-2017-12650",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://wpvulndb.com/vulnerabilities/8883", "description_data": [
"refsource" : "MISC", {
"url" : "https://wpvulndb.com/vulnerabilities/8883" "lang": "eng",
}, "value": "SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header."
{ }
"name" : "https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/", ]
"refsource" : "MISC", },
"url" : "https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sv.wordpress.org/plugins/loginizer/#developers", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sv.wordpress.org/plugins/loginizer/#developers" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/",
"refsource": "MISC",
"url": "https://blog.wpscans.com/sql-injection-and-csrf-security-vulnerability-in-loginizer/"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8883",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8883"
},
{
"name": "https://sv.wordpress.org/plugins/loginizer/#developers",
"refsource": "CONFIRM",
"url": "https://sv.wordpress.org/plugins/loginizer/#developers"
}
]
}
}

130
2017/12xxx/CVE-2017-12946.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12946", "ID": "CVE-2017-12946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "classes\\controller\\admin\\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf" "lang": "eng",
}, "value": "classes\\controller\\admin\\modals.php in the Easy Modal plugin before 2.1.0 for WordPress has SQL injection in a delete action with the id, ids, or modal parameter to wp-admin/admin.php, exploitable by administrators."
{ }
"name" : "https://wordpress.org/plugins/easy-modal/#developers", ]
"refsource" : "MISC", },
"url" : "https://wordpress.org/plugins/easy-modal/#developers" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/easy-modal/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy-modal/#developers"
},
{
"name": "http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf",
"refsource": "MISC",
"url": "http://www.defensecode.com/advisories/DC-2017-01-007_WordPress_Easy_Modal_Plugin_Advisory.pdf"
}
]
}
}

184
2017/13xxx/CVE-2017-13176.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-01-02T00:00:00", "DATE_PUBLIC": "2018-01-02T00:00:00",
"ID" : "CVE-2017-13176", "ID": "CVE-2017-13176",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.1" "version_value": "5.1.1"
}, },
{ {
"version_value" : "6.0" "version_value": "6.0"
}, },
{ {
"version_value" : "6.0.1" "version_value": "6.0.1"
}, },
{ {
"version_value" : "7.0" "version_value": "7.0"
}, },
{ {
"version_value" : "7.1.1" "version_value": "7.1.1"
}, },
{ {
"version_value" : "7.1.2" "version_value": "7.1.2"
}, },
{ {
"version_value" : "8.0" "version_value": "8.0"
}, },
{ {
"version_value" : "8.1" "version_value": "8.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-01-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-01-01" "lang": "eng",
}, "value": "In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68341964."
{ }
"name" : "102422", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102422" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040106", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040106" "lang": "eng",
} "value": "Elevation of privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-01-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-01-01"
},
{
"name": "102422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102422"
},
{
"name": "1040106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040106"
}
]
}
}

122
2017/13xxx/CVE-2017-13304.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@google.com", "ASSIGNER": "security@android.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2017-13304", "ID": "CVE-2017-13304",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android", "product_name": "Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Android kernel" "version_value": "Android kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google Inc." "vendor_name": "Google Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2018-04-01" "lang": "eng",
} "value": "A information disclosure vulnerability in the Upstream kernel mnh_sm driver. Product: Android. Versions: Android kernel. Android ID: A-70576999."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-04-01"
}
]
}
}

130
2017/17xxx/CVE-2017-17067.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17067", "ID": "CVE-2017-17067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.splunk.com/view/SP-CAAAP3K", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.splunk.com/view/SP-CAAAP3K" "lang": "eng",
}, "value": "Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6.4.x before 6.4.9, and 6.3.x before 6.3.12, when the SAML authType is enabled, mishandles SAML, which allows remote attackers to bypass intended access restrictions or conduct impersonation attacks."
{ }
"name" : "102005", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102005" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102005"
},
{
"name": "https://www.splunk.com/view/SP-CAAAP3K",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/view/SP-CAAAP3K"
}
]
}
}

34
2017/17xxx/CVE-2017-17194.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17194", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17194",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

190
2017/17xxx/CVE-2017-17562.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17562", "ID": "CVE-2017-17562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43360", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43360/" "lang": "eng",
}, "value": "Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0."
{ }
"name" : "43877", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/43877/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/embedthis/goahead/issues/249", ]
"refsource" : "MISC", }
"url" : "https://github.com/embedthis/goahead/issues/249" ]
}, },
{ "references": {
"name" : "https://github.com/elttam/advisories/tree/master/CVE-2017-17562", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/elttam/advisories/tree/master/CVE-2017-17562" "name": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562",
}, "refsource": "MISC",
{ "url": "https://github.com/elttam/advisories/tree/master/CVE-2017-17562"
"name" : "https://www.elttam.com.au/blog/goahead/", },
"refsource" : "MISC", {
"url" : "https://www.elttam.com.au/blog/goahead/" "name": "1040702",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040702"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" "name": "https://www.elttam.com.au/blog/goahead/",
}, "refsource": "MISC",
{ "url": "https://www.elttam.com.au/blog/goahead/"
"name" : "1040702", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040702" "name": "43360",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/43360/"
} },
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/commit/6f786c123196eb622625a920d54048629a7caa74"
},
{
"name": "https://github.com/embedthis/goahead/issues/249",
"refsource": "MISC",
"url": "https://github.com/embedthis/goahead/issues/249"
},
{
"name": "43877",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43877/"
}
]
}
}

34
2017/17xxx/CVE-2017-17945.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17945", "ID": "CVE-2017-17945",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/0xxx/CVE-2018-0532.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0532", "ID": "CVE-2018-0532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cybozu Garoon", "product_name": "Cybozu Garoon",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.0.0 to 4.2.6" "version_value": "3.0.0 to 4.2.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cybozu, Inc." "vendor_name": "Cybozu, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.cybozu.com/ja-jp/article/9378", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.cybozu.com/ja-jp/article/9378" "lang": "eng",
}, "value": "Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors."
{ }
"name" : "JVN#65268217", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN65268217/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/9378",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/9378"
},
{
"name": "JVN#65268217",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65268217/index.html"
}
]
}
}

120
2018/18xxx/CVE-2018-18201.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18201", "ID": "CVE-2018-18201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/yanchongchong/swallow/issues/2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/yanchongchong/swallow/issues/2" "lang": "eng",
} "value": "qibosoft V7.0 allows CSRF via admin/index.php?lfj=member&action=addmember to add a user account."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/yanchongchong/swallow/issues/2",
"refsource": "MISC",
"url": "https://github.com/yanchongchong/swallow/issues/2"
}
]
}
}

162
2018/18xxx/CVE-2018-18349.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-18349", "ID": "CVE-2018-18349",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "71.0.3578.80" "version_value": "71.0.3578.80"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/894399", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/894399" "lang": "eng",
}, "value": "Remote frame navigations was incorrectly permitted to local resources in Blink in Google Chrome prior to 71.0.3578.80 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system via a crafted Chrome Extension."
{ }
"name" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4352", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4352" "lang": "eng",
}, "value": "Insufficient policy enforcement"
{ }
"name" : "RHSA-2018:3803", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:3803" ]
}, },
{ "references": {
"name" : "106084", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106084" "name": "https://crbug.com/894399",
} "refsource": "MISC",
] "url": "https://crbug.com/894399"
} },
} {
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "RHSA-2018:3803",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3803"
},
{
"name": "DSA-4352",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4352"
},
{
"name": "106084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106084"
}
]
}
}

130
2018/18xxx/CVE-2018-18793.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18793", "ID": "CVE-2018-18793",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45723", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45723/" "lang": "eng",
}, "value": "School Event Management System 1.0 allows Arbitrary File Upload via event/controller.php?action=photos."
{ }
"name" : "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45723",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45723/"
},
{
"name": "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150006/School-Event-Management-System-1.0-Shell-Upload.html"
}
]
}
}

120
2018/18xxx/CVE-2018-18828.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18828", "ID": "CVE-2018-18828",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1135", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1135" "lang": "eng",
} "value": "There exists a heap-based buffer overflow in vc1_decode_i_block_adv in vc1_block.c in Libav 12.3, which allows attackers to cause a denial-of-service via a crafted aac file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1135",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1135"
}
]
}
}

34
2018/19xxx/CVE-2018-19037.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19037", "ID": "CVE-2018-19037",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19165.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19165", "ID": "CVE-2018-19165",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19412.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19412", "ID": "CVE-2018-19412",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/19xxx/CVE-2018-19510.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19510", "ID": "CVE-2018-19510",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/1xxx/CVE-2018-1043.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-1043", "ID": "CVE-2018-1043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Moodle 3.x", "product_name": "Moodle 3.x",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Moodle 3.x" "version_value": "Moodle 3.x"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient access control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://moodle.org/mod/forum/discuss.php?d=364382", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://moodle.org/mod/forum/discuss.php?d=364382" "lang": "eng",
}, "value": "In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames."
{ }
"name" : "102769", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102769" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "insufficient access control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102769"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=364382",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=364382"
}
]
}
}

142
2018/1xxx/CVE-2018-1248.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC" : "2018-05-04T00:00:00", "DATE_PUBLIC": "2018-05-04T00:00:00",
"ID" : "CVE-2018-1248", "ID": "CVE-2018-1248",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "RSA Authentication Manager Security Console, Operation Console and Self-Service Console", "product_name": "RSA Authentication Manager Security Console, Operation Console and Self-Service Console",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 8.3 and earlier" "version_value": "version 8.3 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dell EMC" "vendor_name": "Dell EMC"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Host Header Injection Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180504 DSA-2018-086: RSA Authentication Manager Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/18" "lang": "eng",
}, "value": "RSA Authentication Manager Security Console, Operation Console and Self-Service Console, version 8.3 and earlier, is affected by a Host header injection vulnerability. This could allow a remote attacker to potentially poison HTTP cache and subsequently redirect users to arbitrary web domains."
{ }
"name" : "104113", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104113" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040835", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040835" "lang": "eng",
} "value": "Host Header Injection Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104113"
},
{
"name": "20180504 DSA-2018-086: RSA Authentication Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/18"
},
{
"name": "1040835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040835"
}
]
}
}

34
2018/1xxx/CVE-2018-1562.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1562", "ID": "CVE-2018-1562",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/1xxx/CVE-2018-1816.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1816", "ID": "CVE-2018-1816",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }