admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:40:13 +00:00
parent 5b78b059b6
commit 22eec56947
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3863 additions and 3863 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
2008/0xxx/CVE-2008-0885.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0885",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0885",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2008/0xxx/CVE-2008-0930.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0930",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0930",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to overwrite or print arbitrary files via a symlink attack on the temporaire temporary file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468050"
},
{
"name" : "DSA-1526",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1526"
"name": "DSA-1526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1526"
},
{
"name" : "28049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28049"
"name": "29125",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29125"
},
{
"name" : "29125",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29125"
"name": "28049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28049"
},
{
"name" : "29452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29452"
"name": "29452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29452"
}
]
}

98
2008/1xxx/CVE-2008-1606.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1606",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1606",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a \"..\\\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp."
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a \"..\\\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://weblog.nomejortu.com/?p=37",
"refsource" : "MISC",
"url" : "http://weblog.nomejortu.com/?p=37"
"name": "28352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28352"
},
{
"name" : "http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf",
"refsource" : "MISC",
"url" : "http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf"
"name": "http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334",
"refsource": "CONFIRM",
"url": "http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334"
},
{
"name" : "http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334",
"refsource" : "CONFIRM",
"url" : "http://developer.elasticpath.com/entry!default.jspa?categoryID=4&externalID=1334"
"name": "http://weblog.nomejortu.com/?p=37",
"refsource": "MISC",
"url": "http://weblog.nomejortu.com/?p=37"
},
{
"name" : "28352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28352"
"name": "elasticpath-multiple-directory-traversal(41356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41356"
},
{
"name" : "29496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29496"
"name": "elasticpath-pathdir-directory-traversal(41364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41364"
},
{
"name" : "elasticpath-pathdir-directory-traversal(41364)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41364"
"name": "http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/publications/mwri_elastic-path-arbitrary-file-system-access_2008-02-22.pdf"
},
{
"name" : "elasticpath-multiple-directory-traversal(41356)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41356"
"name": "29496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29496"
}
]
}

98
2008/1xxx/CVE-2008-1670.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1670",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1670",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image."
"lang": "eng",
"value": "Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.kde.org/info/security/advisory-20080426-1.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20080426-1.txt"
"name": "ADV-2008-1371",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1371/references"
},
{
"name" : "SUSE-SR:2008:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
"name": "SUSE-SR:2008:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html"
},
{
"name" : "28937",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28937"
"name": "28937",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28937"
},
{
"name" : "ADV-2008-1371",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1371/references"
"name": "kde-khtml-png-bo(42038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42038"
},
{
"name" : "1019929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019929"
"name": "1019929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019929"
},
{
"name" : "29980",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29980"
"name": "http://www.kde.org/info/security/advisory-20080426-1.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20080426-1.txt"
},
{
"name" : "kde-khtml-png-bo(42038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42038"
"name": "29980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29980"
}
]
}

104
2008/1xxx/CVE-2008-1707.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1707",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1707",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain \"type\" field."
"lang": "eng",
"value": "IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a packet with an 0x11 value in a certain \"type\" field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080326 Multiple vulnerabilities in solidDB 06.00.1018",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490129/100/0/threaded"
"name": "http://aluigi.org/poc/soliduro.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/soliduro.zip"
},
{
"name" : "http://aluigi.altervista.org/adv/soliduro-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/soliduro-adv.txt"
"name": "29512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29512"
},
{
"name" : "http://aluigi.org/poc/soliduro.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/soliduro.zip"
"name": "1019721",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019721"
},
{
"name" : "28468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28468"
"name": "ibm-soliddb-solid-dos(41487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41487"
},
{
"name" : "29512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29512"
"name": "28468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28468"
},
{
"name" : "ADV-2008-1038",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1038"
"name": "20080326 Multiple vulnerabilities in solidDB 06.00.1018",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490129/100/0/threaded"
},
{
"name" : "1019721",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019721"
"name": "http://aluigi.altervista.org/adv/soliduro-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/soliduro-adv.txt"
},
{
"name" : "ibm-soliddb-solid-dos(41487)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41487"
"name": "ADV-2008-1038",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1038"
}
]
}

140
2008/1xxx/CVE-2008-1945.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1945",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1945",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004."
"lang": "eng",
"value": "QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "DSA-1799",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1799"
"name": "35062",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35062"
},
{
"name" : "MDVSA-2008:162",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
"name": "qemu-image-security-bypass(44269)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44269"
},
{
"name" : "RHSA-2008:0892",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2008-0892.html"
"name": "32088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32088"
},
{
"name" : "SUSE-SR:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
"name": "oval:org.mitre.oval:def:9905",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905"
},
{
"name" : "USN-776-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-776-1"
"name": "32063",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32063"
},
{
"name" : "30604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30604"
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name" : "oval:org.mitre.oval:def:9905",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905"
"name": "MDVSA-2008:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:162"
},
{
"name" : "1020959",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020959"
"name": "USN-776-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-776-1"
},
{
"name" : "32063",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32063"
"name": "30604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30604"
},
{
"name" : "32088",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32088"
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name" : "34642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34642"
"name": "DSA-1799",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1799"
},
{
"name" : "35031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35031"
"name": "RHSA-2008:0892",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2008-0892.html"
},
{
"name" : "35062",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35062"
"name": "1020959",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020959"
},
{
"name" : "qemu-image-security-bypass(44269)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44269"
"name": "35031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35031"
}
]
}

92
2008/4xxx/CVE-2008-4104.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4104",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4104",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
"lang": "eng",
"value": "Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a \"passed in\" URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122118210029084&w=2"
"name": "joomla-url-phishing(45071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
},
{
"name" : "[oss-security] 20080911 CVE request: joomla < 1.5.7",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122115344915232&w=2"
"name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"
},
{
"name" : "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122152798516853&w=2"
"name": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
},
{
"name" : "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/274-20080904-core-redirect-spam.html"
"name": "[oss-security] 20080911 CVE request: joomla < 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"
},
{
"name" : "4275",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4275"
"name": "4275",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4275"
},
{
"name" : "joomla-url-phishing(45071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45071"
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"
}
]
}

116
2008/4xxx/CVE-2008-4297.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4297",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4297",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an \"hg pull\" request."
"lang": "eng",
"value": "Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an \"hg pull\" request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080917 rPSA-2008-0276-1 mercurial mercurial-hgk",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496488/100/0/threaded"
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276"
},
{
"name" : "[oss-security] 20080918 CVE Request (mercurial)",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122169840003798&w=2"
"name": "https://issues.rpath.com/browse/RPL-2753",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2753"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0276"
"name": "ADV-2008-2604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2604"
},
{
"name" : "http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b",
"refsource" : "CONFIRM",
"url" : "http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b"
"name": "SUSE-SR:2008:020",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2753",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2753"
"name": "[oss-security] 20080918 CVE Request (mercurial)",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122169840003798&w=2"
},
{
"name" : "SUSE-SR:2008:020",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html"
"name": "32182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32182"
},
{
"name" : "31223",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31223"
"name": "mercurial-allowpull-info-disclosure(45229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45229"
},
{
"name" : "ADV-2008-2604",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2604"
"name": "http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b",
"refsource": "CONFIRM",
"url": "http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b"
},
{
"name" : "32182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32182"
"name": "20080917 rPSA-2008-0276-1 mercurial mercurial-hgk",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496488/100/0/threaded"
},
{
"name" : "mercurial-allowpull-info-disclosure(45229)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45229"
"name": "31223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31223"
}
]
}

98
2008/5xxx/CVE-2008-5720.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5720",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5720",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://mayaa.seasar.org/news/vulnerability20081225.html",
"refsource" : "CONFIRM",
"url" : "http://mayaa.seasar.org/news/vulnerability20081225.html"
"name": "mayaa-errorpage-xss(47623)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47623"
},
{
"name" : "JVN#17298485",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN17298485/index.html"
"name": "33333",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33333"
},
{
"name" : "JVNDB-2008-000085",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html"
"name": "33015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33015"
},
{
"name" : "33015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33015"
"name": "51007",
"refsource": "OSVDB",
"url": "http://osvdb.org/51007"
},
{
"name" : "51007",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51007"
"name": "JVNDB-2008-000085",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000085.html"
},
{
"name" : "33333",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33333"
"name": "http://mayaa.seasar.org/news/vulnerability20081225.html",
"refsource": "CONFIRM",
"url": "http://mayaa.seasar.org/news/vulnerability20081225.html"
},
{
"name" : "mayaa-errorpage-xss(47623)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47623"
"name": "JVN#17298485",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN17298485/index.html"
}
]
}

80
2013/2xxx/CVE-2013-2200.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2200",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2200",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors."
"lang": "eng",
"value": "WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://codex.wordpress.org/Version_3.5.2",
"refsource" : "CONFIRM",
"url" : "http://codex.wordpress.org/Version_3.5.2"
"name": "http://wordpress.org/news/2013/06/wordpress-3-5-2/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/news/2013/06/wordpress-3-5-2/"
},
{
"name" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/news/2013/06/wordpress-3-5-2/"
"name": "DSA-2718",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2718"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=976784"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=976784",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=976784"
},
{
"name" : "DSA-2718",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2718"
"name": "http://codex.wordpress.org/Version_3.5.2",
"refsource": "CONFIRM",
"url": "http://codex.wordpress.org/Version_3.5.2"
}
]
}

22
2013/2xxx/CVE-2013-2508.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2508",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2508",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

104
2013/2xxx/CVE-2013-2911.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2911",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-2911",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions."
"lang": "eng",
"value": "Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet function in core/xml/XSLStyleSheetLibxslt.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of post-failure recompilation in unspecified libxslt versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=271939",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=271939"
"name": "https://src.chromium.org/viewvc/blink?revision=156248&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=156248&view=revision"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=156248&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=156248&view=revision"
"name": "openSUSE-SU-2014:0065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
},
{
"name" : "DSA-2785",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2785"
"name": "DSA-2785",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2785"
},
{
"name" : "openSUSE-SU-2013:1556",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
"name": "openSUSE-SU-2013:1556",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
},
{
"name" : "openSUSE-SU-2013:1861",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
"name": "oval:org.mitre.oval:def:18687",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687"
},
{
"name" : "openSUSE-SU-2014:0065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
"name": "https://code.google.com/p/chromium/issues/detail?id=271939",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=271939"
},
{
"name" : "oval:org.mitre.oval:def:18687",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18687"
"name": "openSUSE-SU-2013:1861",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
}
]
}

22
2013/3xxx/CVE-2013-3019.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3019",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3019",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/3xxx/CVE-2013-3176.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3176",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-3176",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

74
2013/3xxx/CVE-2013-3491.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3491",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2013-3491",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Sharebar plugin 1.2.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) modify buttons, or (3) insert cross-site scripting (XSS) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "60956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/60956"
"name": "60956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60956"
},
{
"name" : "52948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52948"
"name": "52948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52948"
},
{
"name" : "sharebar-cve20133491-csrf(85438)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85438"
"name": "sharebar-cve20133491-csrf(85438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85438"
}
]
}

152
2013/3xxx/CVE-2013-3559.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3559",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3559",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet."
"lang": "eng",
"value": "epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.8.x before 1.8.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (integer overflow, and heap memory corruption or NULL pointer dereference, and application crash) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644"
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=48644"
"name": "53425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53425"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-27.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-27.html"
"name": "openSUSE-SU-2013:0911",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8540"
"name": "oval:org.mitre.oval:def:16228",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16228"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541"
"name": "RHSA-2014:0341",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
},
{
"name" : "DSA-2700",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2700"
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-dcp-etsi.c?r1=48644&r2=48643&pathrev=48644"
},
{
"name" : "RHSA-2014:0341",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0341.html"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8231"
},
{
"name" : "openSUSE-SU-2013:1084",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "openSUSE-SU-2013:1086",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"
"name": "openSUSE-SU-2013:1086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00196.html"
},
{
"name" : "openSUSE-SU-2013:0911",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00048.html"
"name": "http://www.wireshark.org/security/wnpa-sec-2013-27.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2013-27.html"
},
{
"name" : "openSUSE-SU-2013:0947",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
"name": "DSA-2700",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2700"
},
{
"name" : "oval:org.mitre.oval:def:16228",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16228"
"name": "openSUSE-SU-2013:0947",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00083.html"
},
{
"name" : "53425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53425"
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8541"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
"name": "openSUSE-SU-2013:1084",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00194.html"
}
]
}

68
2013/3xxx/CVE-2013-3606.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3606",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3606",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username."
"lang": "eng",
"value": "The login page in the GoAhead web server on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and 5324 2.0.1.4 switches allows remote attackers to cause a denial of service (device outage) via a long username."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "VU#122582",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/122582"
"name": "VU#122582",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/122582"
},
{
"name" : "goahead-cve20133606-dos(90598)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90598"
"name": "goahead-cve20133606-dos(90598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90598"
}
]
}

74
2013/4xxx/CVE-2013-4704.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4704",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-4704",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.chama.ne.jp/cart.htm",
"refsource" : "CONFIRM",
"url" : "http://www.chama.ne.jp/cart.htm"
"name": "http://www.chama.ne.jp/cart.htm",
"refsource": "CONFIRM",
"url": "http://www.chama.ne.jp/cart.htm"
},
{
"name" : "JVN#77455005",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN77455005/index.html"
"name": "JVNDB-2013-000088",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000088"
},
{
"name" : "JVNDB-2013-000088",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000088"
"name": "JVN#77455005",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77455005/index.html"
}
]
}

22
2013/6xxx/CVE-2013-6146.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6146",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6146",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6616.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6616",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6616",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

62
2013/6xxx/CVE-2013-6647.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6647",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6647",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A use-after-free in AnimationController::endAnimationUpdate in Google Chrome."
"lang": "eng",
"value": "A use-after-free in AnimationController::endAnimationUpdate in Google Chrome."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=315889",
"refsource" : "CONFIRM",
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=315889"
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=315889",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=315889"
}
]
}

22
2013/6xxx/CVE-2013-6675.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6675",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6675",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

80
2013/6xxx/CVE-2013-6809.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6809",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6809",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field."
"lang": "eng",
"value": "Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remote File field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131203 Tftpd32 Client Side Format String Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Dec/15"
"name": "100511",
"refsource": "OSVDB",
"url": "http://osvdb.org/100511"
},
{
"name" : "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html"
"name": "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124275/Tftpd32-Client-Side-Format-String.html"
},
{
"name" : "100511",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100511"
"name": "tftpd32-cve20136809-format-string(89455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89455"
},
{
"name" : "tftpd32-cve20136809-format-string(89455)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89455"
"name": "20131203 Tftpd32 Client Side Format String Vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/15"
}
]
}

86
2013/6xxx/CVE-2013-6963.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6963",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6963",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36207."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
"name": "64277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64277"
},
{
"name" : "64277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64277"
"name": "1029492",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029492"
},
{
"name" : "100907",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100907"
"name": "100907",
"refsource": "OSVDB",
"url": "http://osvdb.org/100907"
},
{
"name" : "1029492",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1029492"
"name": "20131212 Cisco WebEx Training Center Training Registration Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6963"
},
{
"name" : "cisco-webex-cve20136963-xss(89695)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
"name": "cisco-webex-cve20136963-xss(89695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89695"
}
]
}

62
2013/7xxx/CVE-2013-7419.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7419",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7419",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the roomid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html"
"name": "http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124239/WordPress-Js-Multi-Hotel-2.2.1-Cross-Site-Scripting.html"
}
]
}

84
2017/10xxx/CVE-2017-10170.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10170",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10170",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Field Service",
"version" : {
"version_data" : [
"product_name": "Field Service",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.1"
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
"version_affected": "=",
"version_value": "12.1.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Field Service component of Oracle E-Business Suite (subcomponent: Wireless/WAP). Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Field Service. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Field Service, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Field Service accessible data as well as unauthorized update, insert or delete access to some of Oracle Field Service accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "1038926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038926"
},
{
"name" : "99647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99647"
"name": "99647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99647"
},
{
"name" : "1038926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038926"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

80
2017/10xxx/CVE-2017-10179.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10179",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10179",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Application Management Pack for Oracle E-Business Suite",
"version" : {
"version_data" : [
"product_name": "Application Management Pack for Oracle E-Business Suite",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "AMP 12.1.0.4.0"
"version_affected": "=",
"version_value": "AMP 12.1.0.4.0"
},
{
"version_affected" : "=",
"version_value" : "AMP 13.1.1.1.0"
"version_affected": "=",
"version_value": "AMP 13.1.1.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Application Management Pack for Oracle E-Business Suite component of Oracle E-Business Suite (subcomponent: User Monitoring). Supported versions that are affected are AMP 12.1.0.4.0 and AMP 13.1.1.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Management Pack for Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Management Pack for Oracle E-Business Suite accessible data as well as unauthorized read access to a subset of Application Management Pack for Oracle E-Business Suite accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "99693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99693"
},
{
"name" : "99693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99693"
"name": "1038926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038926"
},
{
"name" : "1038926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038926"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

80
2017/10xxx/CVE-2017-10391.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10391",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10391",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "GlassFish Server",
"version" : {
"version_data" : [
"product_name": "GlassFish Server",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "3.0.1"
"version_affected": "=",
"version_value": "3.0.1"
},
{
"version_affected" : "=",
"version_value" : "3.1.2"
"version_affected": "=",
"version_value": "3.1.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration). Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GlassFish Server accessible data as well as unauthorized read access to a subset of Oracle GlassFish Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GlassFish Server."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "101347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101347"
},
{
"name" : "101347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101347"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039606",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039606"
"name": "1039606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039606"
}
]
}

22
2017/10xxx/CVE-2017-10532.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10532",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10532",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

92
2017/10xxx/CVE-2017-10662.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10662",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10662",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors."
"lang": "eng",
"value": "The sanity_check_raw_super function in fs/f2fs/super.c in the Linux kernel before 4.11.1 does not validate the segment count, which allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124"
"name": "100215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100215"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1"
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1481146",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1481146"
"name": "https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124"
},
{
"name" : "https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/b9dd46188edc2f0d1f37328637860bb65a771124"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9dd46188edc2f0d1f37328637860bb65a771124"
},
{
"name" : "https://source.android.com/security/bulletin/2017-08-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-08-01"
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1"
},
{
"name" : "100215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100215"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1481146",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481146"
}
]
}

62
2017/10xxx/CVE-2017-10782.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10782",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10782",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.\""
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpFreeHeap+0x00000000000003ca.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10782"
}
]
}

98
2017/13xxx/CVE-2017-13046.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13046",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13046",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()."
"lang": "eng",
"value": "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e"
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/d10a0f980fe8f9407ab1ffbd612641433ebe175e"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}

86
2017/13xxx/CVE-2017-13064.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13064",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13064",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12."
"lang": "eng",
"value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:311:12."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a",
"refsource" : "CONFIRM",
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/436/",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/436/"
"name": "https://sourceforge.net/p/graphicsmagick/bugs/436/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/436/"
},
{
"name" : "DSA-4321",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4321"
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
},
{
"name" : "100474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100474"
"name": "100474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100474"
}
]
}

62
2017/13xxx/CVE-2017-13136.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13136",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13136",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference."
"lang": "eng",
"value": "The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ebel34/bpg-web-encoder/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/ebel34/bpg-web-encoder/issues/1"
"name": "https://github.com/ebel34/bpg-web-encoder/issues/1",
"refsource": "MISC",
"url": "https://github.com/ebel34/bpg-web-encoder/issues/1"
}
]
}

84
2017/13xxx/CVE-2017-13241.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-02-05T00:00:00",
"ID" : "CVE-2017-13241",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-02-05T00:00:00",
"ID": "CVE-2017-13241",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "5.1.1"
"version_value": "5.1.1"
},
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "7.1.1"
"version_value": "7.1.1"
},
{
"version_value" : "7.1.2"
"version_value": "7.1.2"
},
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.1"
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651."
"lang": "eng",
"value": "A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information disclosure"
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01"
"name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
},
{
"name" : "103017",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103017"
"name": "103017",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103017"
}
]
}

22
2017/13xxx/CVE-2017-13515.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13515",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13515",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

116
2017/13xxx/CVE-2017-13872.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-13872",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-13872",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "macOS High Sierra",
"version" : {
"version_data" : [
"product_name": "macOS High Sierra",
"version": {
"version_data": [
{
"version_value" : "macOS High Sierra"
"version_value": "macOS High Sierra"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the \"Directory Utility\" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the \"Directory Utility\" component. It allows attackers to obtain administrator access without a password via certain interactions involving entry of the root user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "improper access control"
"lang": "eng",
"value": "improper access control"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43201",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43201/"
"name": "https://objective-see.com/blog/blog_0x24.html",
"refsource": "MISC",
"url": "https://objective-see.com/blog/blog_0x24.html"
},
{
"name" : "43248",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43248/"
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name" : "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/",
"refsource" : "MISC",
"url" : "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/"
"name": "https://support.apple.com/HT208315",
"refsource": "MISC",
"url": "https://support.apple.com/HT208315"
},
{
"name" : "https://github.com/rapid7/metasploit-framework/pull/9302",
"refsource" : "MISC",
"url" : "https://github.com/rapid7/metasploit-framework/pull/9302"
"name": "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/11/macos-bug-lets-you-log-in-as-admin-with-no-password-required/"
},
{
"name" : "https://objective-see.com/blog/blog_0x24.html",
"refsource" : "MISC",
"url" : "https://objective-see.com/blog/blog_0x24.html"
"name": "1039875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039875"
},
{
"name" : "https://support.apple.com/HT208315",
"refsource" : "MISC",
"url" : "https://support.apple.com/HT208315"
"name": "43201",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43201/"
},
{
"name" : "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/",
"refsource" : "MISC",
"url" : "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/"
"name": "https://github.com/rapid7/metasploit-framework/pull/9302",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/pull/9302"
},
{
"name" : "https://support.apple.com/HT208331",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208331"
"name": "43248",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43248/"
},
{
"name" : "101981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101981"
"name": "101981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101981"
},
{
"name" : "1039875",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039875"
"name": "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/",
"refsource": "MISC",
"url": "https://www.wired.com/story/macos-update-undoes-apple-root-bug-patch/"
}
]
}

74
2017/17xxx/CVE-2017-17046.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17046",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17046",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled."
"lang": "eng",
"value": "An issue was discovered in Xen through 4.9.x on the ARM platform allowing guest OS users to obtain sensitive information from DRAM after a reboot, because disjoint blocks, and physical addresses that do not start at zero, are mishandled."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"
"name": "https://xenbits.xen.org/xsa/advisory-245.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-245.html"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-245.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-245.html"
"name": "[debian-lts-announce] 20181018 [SECURITY] [DLA 1549-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00009.html"
},
{
"name" : "GLSA-201801-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201801-14"
"name": "GLSA-201801-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201801-14"
}
]
}

74
2017/17xxx/CVE-2017-17088.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17088",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17088",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service."
"lang": "eng",
"value": "The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Overflow that causes a Denial of Service."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43344",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43344/"
"name": "43344",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43344/"
},
{
"name" : "20171215 SyncBreeze <= 10.2.12 - Denial of Service",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2017/Dec/45"
"name": "20171215 SyncBreeze <= 10.2.12 - Denial of Service",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Dec/45"
},
{
"name" : "http://packetstormsecurity.com/files/145435/Sync-Breeze-10.2.12-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/145435/Sync-Breeze-10.2.12-Denial-Of-Service.html"
"name": "http://packetstormsecurity.com/files/145435/Sync-Breeze-10.2.12-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/145435/Sync-Breeze-10.2.12-Denial-Of-Service.html"
}
]
}

22
2017/17xxx/CVE-2017-17340.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17340",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17340",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/17xxx/CVE-2017-17831.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17831",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17831",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a \"url =\" line in a .lfsconfig file within a repository."
"lang": "eng",
"value": "GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a \"url =\" line in a .lfsconfig file within a repository."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://blog.recurity-labs.com/2017-08-10/scm-vulns",
"refsource" : "MISC",
"url" : "http://blog.recurity-labs.com/2017-08-10/scm-vulns"
"name": "https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1",
"refsource": "MISC",
"url": "https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1"
},
{
"name" : "https://github.com/git-lfs/git-lfs/pull/2242",
"refsource" : "MISC",
"url" : "https://github.com/git-lfs/git-lfs/pull/2242"
"name": "http://blog.recurity-labs.com/2017-08-10/scm-vulns",
"refsource": "MISC",
"url": "http://blog.recurity-labs.com/2017-08-10/scm-vulns"
},
{
"name" : "https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1",
"refsource" : "MISC",
"url" : "https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1"
"name": "102926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102926"
},
{
"name" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource" : "CONFIRM",
"url" : "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
"name": "https://github.com/git-lfs/git-lfs/pull/2242",
"refsource": "MISC",
"url": "https://github.com/git-lfs/git-lfs/pull/2242"
},
{
"name" : "102926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102926"
"name": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html",
"refsource": "CONFIRM",
"url": "https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2018-01-24-942834324.html"
}
]
}

68
2017/9xxx/CVE-2017-9208.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9208",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9208",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1."
"lang": "eng",
"value": "libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/",
"refsource" : "MISC",
"url" : "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/"
"name": "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/"
},
{
"name" : "USN-3638-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3638-1/"
"name": "USN-3638-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3638-1/"
}
]
}

80
2017/9xxx/CVE-2017-9815.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file."
"lang": "eng",
"value": "In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in libtiff/tif_dirread.c mishandles a malloc operation, which allows attackers to cause a denial of service (memory leak within the function _TIFFmalloc in tif_unix.c) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2682",
"refsource" : "MISC",
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2682"
"name": "USN-3602-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3602-1/"
},
{
"name" : "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html",
"refsource" : "MISC",
"url" : "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html"
"name": "99235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99235"
},
{
"name" : "USN-3602-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3602-1/"
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2682",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2682"
},
{
"name" : "99235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99235"
"name": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html",
"refsource": "MISC",
"url": "http://somevulnsofadlab.blogspot.jp/2017/06/libtiffmemory-leak-in-tiffmalloc.html"
}
]
}

74
2018/0xxx/CVE-2018-0221.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0221",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0221",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco Identity Services Engine",
"version" : {
"version_data" : [
"product_name": "Cisco Identity Services Engine",
"version": {
"version_data": [
{
"version_value" : "Cisco Identity Services Engine"
"version_value": "Cisco Identity Services Engine"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an administrative user, issuing a specific CLI command, and entering crafted, malicious user input for the command parameters. An exploit could allow the attacker to perform command injection to the lower-level Linux operating system. It is also possible the attacker could cause the ISE user interface for this management session to hang or disconnect. Cisco Bug IDs: CSCvg95479."
"lang": "eng",
"value": "A vulnerability in specific CLI commands for the Cisco Identity Services Engine (ISE) could allow an authenticated, local attacker to perform command injection to the underlying operating system or cause a hang or disconnect of the user session. The attacker needs valid administrator credentials for the device. The vulnerability is due to incomplete input validation of user input for certain CLI ISE configuration commands. An attacker could exploit this vulnerability by authenticating as an administrative user, issuing a specific CLI command, and entering crafted, malicious user input for the command parameters. An exploit could allow the attacker to perform command injection to the lower-level Linux operating system. It is also possible the attacker could cause the ISE user interface for this management session to hang or disconnect. Cisco Bug IDs: CSCvg95479."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-78"
"lang": "eng",
"value": "CWE-78"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6"
"name": "103347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103347"
},
{
"name" : "103347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103347"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180307-ise6"
},
{
"name" : "1040471",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040471"
"name": "1040471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040471"
}
]
}

68
2018/0xxx/CVE-2018-0663.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0663",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0663",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Multiple I-O DATA network camera products",
"version" : {
"version_data" : [
"product_name": "Multiple I-O DATA network camera products",
"version": {
"version_data": [
{
"version_value" : "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
"version_value": "(TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier)"
}
]
}
}
]
},
"vendor_name" : "I-O DATA DEVICE, INC."
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
"lang": "eng",
"value": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource" : "CONFIRM",
"url" : "http://www.iodata.jp/support/information/2018/ts-wrlp/"
"name": "http://www.iodata.jp/support/information/2018/ts-wrlp/",
"refsource": "CONFIRM",
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"name" : "JVN#83701666",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83701666/index.html"
"name": "JVN#83701666",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83701666/index.html"
}
]
}

108
2018/0xxx/CVE-2018-0980.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-0980",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0980",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Windows 10 for 32-bit Systems"
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1511 for 32-bit Systems"
"version_value": "Windows 10 Version 1511 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1511 for x64-based Systems"
"version_value": "Windows 10 Version 1511 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value" : "ChakraCore"
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019."
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44653",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44653/"
"name": "1040650",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040650"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980"
"name": "103626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103626"
},
{
"name" : "103626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103626"
"name": "44653",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44653/"
},
{
"name" : "1040650",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040650"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0980"
}
]
}

124
2018/1000xxx/CVE-2018-1000030.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-02-02",
"ID" : "CVE-2018-1000030",
"REQUESTER" : "tylerp96@gmail.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-02",
"ID": "CVE-2018-1000030",
"REQUESTER": "tylerp96@gmail.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Python",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "2.7.14"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Python"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE."
"lang": "eng",
"value": "Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a Heap-Use-After-Free. Python versions prior to 2.7.14 may also be vulnerable and it appears that Python 2.7.17 and prior may also be vulnerable however this has not been confirmed. The vulnerability lies when multiply threads are handling large amounts of data. In both cases there is essentially a race condition that occurs. For the Heap-Buffer-Overflow, Thread 2 is creating the size for a buffer, but Thread1 is already writing to the buffer without knowing how much to write. So when a large amount of data is being processed, it is very easy to cause memory corruption using a Heap-Buffer-Overflow. As for the Use-After-Free, Thread3->Malloc->Thread1->Free's->Thread2-Re-uses-Free'd Memory. The PSRT has stated that this is not a security vulnerability due to the fact that the attacker must be able to run code, however in some situations, such as function as a service, this vulnerability can potentially be used by an attacker to violate a trust boundary, as such the DWF feels this issue deserves a CVE."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : "3.6",
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": "3.6",
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap-Buffer-Overflow / Heap-Use-After-Free"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view",
"refsource" : "MISC",
"url" : "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view"
"name": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view",
"refsource": "MISC",
"url": "https://drive.google.com/file/d/1oyR9DAZjZK_SCn3mor6NRAYLJS6ueXaY/view"
},
{
"name" : "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0",
"refsource" : "MISC",
"url" : "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0"
"name": "USN-3817-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3817-2/"
},
{
"name" : "https://bugs.python.org/issue31530",
"refsource" : "CONFIRM",
"url" : "https://bugs.python.org/issue31530"
"name": "GLSA-201811-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-02"
},
{
"name" : "GLSA-201811-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-02"
"name": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0",
"refsource": "MISC",
"url": "https://www.dropbox.com/sh/sj3ee7xv55j36k7/AADwP-YfOYikBMuy32e0uvPFa?dl=0"
},
{
"name" : "USN-3817-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3817-1/"
"name": "USN-3817-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3817-1/"
},
{
"name" : "USN-3817-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3817-2/"
"name": "https://bugs.python.org/issue31530",
"refsource": "CONFIRM",
"url": "https://bugs.python.org/issue31530"
}
]
}

72
2018/1000xxx/CVE-2018-1000094.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2/20/2018 19:45:25",
"ID" : "CVE-2018-1000094",
"REQUESTER" : "strukt93@gmail.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2/20/2018 19:45:25",
"ID": "CVE-2018-1000094",
"REQUESTER": "strukt93@gmail.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "CMS Made Simple",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "2.2.5"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "CMS Made Simple"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension."
"lang": "eng",
"value": "CMS Made Simple version 2.2.5 contains a Remote Code Execution vulnerability in File Manager that can result in Allows an authenticated admin that has access to the file manager to execute code on the server. This attack appear to be exploitable via File upload -> copy to any extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44976",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44976/"
"name": "44976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44976/"
},
{
"name" : "http://dev.cmsmadesimple.org/bug/view/11741",
"refsource" : "MISC",
"url" : "http://dev.cmsmadesimple.org/bug/view/11741"
"name": "http://dev.cmsmadesimple.org/bug/view/11741",
"refsource": "MISC",
"url": "http://dev.cmsmadesimple.org/bug/view/11741"
}
]
}

22
2018/18xxx/CVE-2018-18133.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18133",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18133",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/18xxx/CVE-2018-18893.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18893",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18893",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java."
"lang": "eng",
"value": "Jinjava before 2.4.6 does not block the getClass method, related to com/hubspot/jinjava/el/ext/JinjavaBeanELResolver.java."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/HubSpot/jinjava/blob/master/CHANGES.md",
"refsource" : "MISC",
"url" : "https://github.com/HubSpot/jinjava/blob/master/CHANGES.md"
"name": "https://github.com/HubSpot/jinjava/blob/master/CHANGES.md",
"refsource": "MISC",
"url": "https://github.com/HubSpot/jinjava/blob/master/CHANGES.md"
},
{
"name" : "https://github.com/HubSpot/jinjava/pull/230",
"refsource" : "MISC",
"url" : "https://github.com/HubSpot/jinjava/pull/230"
"name": "https://github.com/HubSpot/jinjava/pull/230",
"refsource": "MISC",
"url": "https://github.com/HubSpot/jinjava/pull/230"
}
]
}

22
2018/19xxx/CVE-2018-19488.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19488",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19488",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/19xxx/CVE-2018-19557.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19557",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19557",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images."
"lang": "eng",
"value": "An issue was discovered in arcms through 2018-03-19. No authentication is required for index/main, user/useradd, or img/images."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/assnr/arcms/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/assnr/arcms/issues/1"
"name": "https://github.com/assnr/arcms/issues/1",
"refsource": "MISC",
"url": "https://github.com/assnr/arcms/issues/1"
}
]
}

68
2018/19xxx/CVE-2018-19815.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19815",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19815",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/UserPopupAddNewProp.jsp\" has reflected XSS via the ConnPoolName parameter."
"lang": "eng",
"value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"/VPortal/mgtconsole/UserPopupAddNewProp.jsp\" has reflected XSS via the ConnPoolName parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20"
"name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
},
{
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
"name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/20"
}
]
}

86
2018/19xxx/CVE-2018-19935.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19935",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19935",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function."
"lang": "eng",
"value": "ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20181217 [SECURITY] [DLA 1608-1] php5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html"
"name": "DSA-4353",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4353"
},
{
"name" : "https://bugs.php.net/bug.php?id=77020",
"refsource" : "MISC",
"url" : "https://bugs.php.net/bug.php?id=77020"
"name": "https://bugs.php.net/bug.php?id=77020",
"refsource": "MISC",
"url": "https://bugs.php.net/bug.php?id=77020"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181221-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181221-0003/"
"name": "106143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106143"
},
{
"name" : "DSA-4353",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4353"
"name": "https://security.netapp.com/advisory/ntap-20181221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0003/"
},
{
"name" : "106143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106143"
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1608-1] php5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html"
}
]
}

82
2018/1xxx/CVE-2018-1073.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-1073",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1073",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ovirt-engine",
"version" : {
"version_data" : [
"product_name": "ovirt-engine",
"version": {
"version_data": [
{
"version_value" : "ovirt-engine 4.2.3"
"version_value": "ovirt-engine 4.2.3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts."
"lang": "eng",
"value": "The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user accounts."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version" : "3.0"
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-209"
"lang": "eng",
"value": "CWE-209"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1073"
},
{
"name" : "RHSA-2018:1525",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1525"
"name": "104189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104189"
},
{
"name" : "104189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104189"
"name": "RHSA-2018:1525",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1525"
}
]
}

88
2018/1xxx/CVE-2018-1132.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-1132",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1132",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "opendaylight",
"version" : {
"version_data" : [
"product_name": "opendaylight",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
"vendor_name": "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL."
"lang": "eng",
"value": "A flaw was found in Opendaylight's SDNInterfaceapp (SDNI). Attackers can SQL inject the component's database (SQLite) without authenticating to the controller or SDNInterfaceapp. SDNInterface has been deprecated in OpenDayLight since it was last used in the final Carbon series release. In addition to the component not being included in OpenDayLight in newer releases, the SDNInterface component is not packaged in the opendaylight package included in RHEL."
}
]
},
"impact" : {
"cvss" : [
"impact": {
"cvss": [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version" : "3.0"
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-89"
"lang": "eng",
"value": "CWE-89"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44747",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44747/"
"name": "44747",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44747/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132"
"name": "104238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104238"
},
{
"name" : "https://jira.opendaylight.org/browse/SDNINTRFAC-14",
"refsource" : "CONFIRM",
"url" : "https://jira.opendaylight.org/browse/SDNINTRFAC-14"
"name": "https://jira.opendaylight.org/browse/SDNINTRFAC-14",
"refsource": "CONFIRM",
"url": "https://jira.opendaylight.org/browse/SDNINTRFAC-14"
},
{
"name" : "104238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104238"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1132"
}
]
}

116
2018/1xxx/CVE-2018-1496.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-05-29T00:00:00",
"ID" : "CVE-2018-1496",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-05-29T00:00:00",
"ID": "CVE-2018-1496",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Content Navigator",
"version" : {
"version_data" : [
"product_name": "Content Navigator",
"version": {
"version_data": [
{
"version_value" : "2.0.3"
"version_value": "2.0.3"
},
{
"version_value" : "3.0.0"
"version_value": "3.0.0"
},
{
"version_value" : "3.0.1"
"version_value": "3.0.1"
},
{
"version_value" : "3.0.2"
"version_value": "3.0.2"
},
{
"version_value" : "3.0.3"
"version_value": "3.0.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219."
"lang": "eng",
"value": "IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 141219."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg22015420",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg22015420"
"name": "104374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104374"
},
{
"name" : "104374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104374"
"name": "http://www.ibm.com/support/docview.wss?uid=swg22015420",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg22015420"
},
{
"name" : "ibm-cmis-cve20181496-xss(141219)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/141219"
"name": "ibm-cmis-cve20181496-xss(141219)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/141219"
}
]
}