admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:50:22 +00:00
parent b1e9113cf1
commit 246a9338d0
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 4353 additions and 4353 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2001/0xxx/CVE-2001-0468.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in FTPFS allows local users to gain root privileges via a long user name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010313 Buffer oveflow in FTPFS (linux kernel module)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-03/0163.html"
},
{
"name" : "ftpfs-bo(6234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FTPFS allows local users to gain root privileges via a long user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftpfs-bo(6234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6234"
},
{
"name": "20010313 Buffer oveflow in FTPFS (linux kernel module)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-03/0163.html"
}
]
}
}

140
2001/0xxx/CVE-2001-0808.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20010627 gnats update ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html"
},
{
"name" : "http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html",
"refsource" : "CONFIRM",
"url" : "http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html"
},
{
"name" : "gnatsweb-helpfile-execute-commands(6753)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6753"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gnatsweb-helpfile-execute-commands(6753)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6753"
},
{
"name": "http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html",
"refsource": "CONFIRM",
"url": "http://sources.redhat.com/gnats/gnatsweb/advisory-jun-26-2001.html"
},
{
"refsource": "BUGTRAQ",
"name": "20010627 gnats update",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-06/0365.html"
}
]
}
}

200
2001/0xxx/CVE-2001-0835.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011024 Cross-site Scripting Flaw in webalizer",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=100394630702875&w=2"
},
{
"name" : "http://www.mrunix.net/webalizer/news.html",
"refsource" : "CONFIRM",
"url" : "http://www.mrunix.net/webalizer/news.html"
},
{
"name" : "SuSE-SA:2001:040",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html"
},
{
"name" : "RHSA-2001:140",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-140.html"
},
{
"name" : "RHSA-2001:141",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2001-141.html"
},
{
"name" : "ESA-20011101-01",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-1677.html"
},
{
"name" : "3473",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3473"
},
{
"name" : "webalizer-html-tag-host(7350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7350"
},
{
"name" : "webalizer-html-tags-keywords(7351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3473"
},
{
"name": "http://www.mrunix.net/webalizer/news.html",
"refsource": "CONFIRM",
"url": "http://www.mrunix.net/webalizer/news.html"
},
{
"name": "RHSA-2001:141",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-141.html"
},
{
"name": "SuSE-SA:2001:040",
"refsource": "SUSE",
"url": "http://lists.suse.com/archives/suse-security-announce/2001-Nov/0001.html"
},
{
"name": "ESA-20011101-01",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-1677.html"
},
{
"name": "webalizer-html-tags-keywords(7351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7351"
},
{
"name": "webalizer-html-tag-host(7350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7350"
},
{
"name": "RHSA-2001:140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2001-140.html"
},
{
"name": "20011024 Cross-site Scripting Flaw in webalizer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=100394630702875&w=2"
}
]
}
}

310
2008/0xxx/CVE-2008-0015.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0015",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \"Microsoft Video ActiveX Control Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities",
"refsource" : "ISS",
"url" : "http://www.iss.net/threats/329.html"
},
{
"name" : "http://isc.sans.org/diary.html?storyid=6733",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.html?storyid=6733"
},
{
"name" : "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799",
"refsource" : "MISC",
"url" : "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799"
},
{
"name" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
"refsource" : "MISC",
"url" : "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/972890.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/972890.mspx"
},
{
"name" : "MS09-032",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032"
},
{
"name" : "MS09-037",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
},
{
"name" : "TA09-187A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-187A.html"
},
{
"name" : "TA09-195A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name" : "TA09-223A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name" : "VU#180513",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/180513"
},
{
"name" : "35558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35558"
},
{
"name" : "35585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35585"
},
{
"name" : "55651",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55651"
},
{
"name" : "oval:org.mitre.oval:def:6333",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333"
},
{
"name" : "oval:org.mitre.oval:def:6363",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363"
},
{
"name" : "oval:org.mitre.oval:def:7436",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436"
},
{
"name" : "1022514",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022514"
},
{
"name" : "36187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36187"
},
{
"name" : "ADV-2009-2232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka \"Microsoft Video ActiveX Control Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35558"
},
{
"name": "TA09-223A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/srd/archive/2009/08/11/ms09-037-why-we-are-using-cve-s-already-used-in-ms09-035.aspx"
},
{
"name": "55651",
"refsource": "OSVDB",
"url": "http://osvdb.org/55651"
},
{
"name": "oval:org.mitre.oval:def:6333",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6333"
},
{
"name": "35585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35585"
},
{
"name": "36187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36187"
},
{
"name": "MS09-032",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-032"
},
{
"name": "oval:org.mitre.oval:def:7436",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7436"
},
{
"name": "ADV-2009-2232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2232"
},
{
"name": "1022514",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022514"
},
{
"name": "MS09-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-037"
},
{
"name": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799",
"refsource": "MISC",
"url": "http://www.csis.dk/dk/nyheder/nyheder.asp?tekstID=799"
},
{
"name": "http://isc.sans.org/diary.html?storyid=6733",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?storyid=6733"
},
{
"name": "TA09-187A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-187A.html"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/972890.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/972890.mspx"
},
{
"name": "TA09-195A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-195A.html"
},
{
"name": "20090706 Multiple Microsoft Video Control ActiveX Remote Code Execution Vulnerabilities",
"refsource": "ISS",
"url": "http://www.iss.net/threats/329.html"
},
{
"name": "oval:org.mitre.oval:def:6363",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6363"
},
{
"name": "VU#180513",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180513"
}
]
}
}

160
2008/0xxx/CVE-2008-0236.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "4873",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4873"
},
{
"name" : "http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html",
"refsource" : "MISC",
"url" : "http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html"
},
{
"name" : "27205",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27205"
},
{
"name" : "28417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28417"
},
{
"name" : "microsoft-foxserver-command-execution(39558)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39558"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28417"
},
{
"name": "27205",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27205"
},
{
"name": "microsoft-foxserver-command-execution(39558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39558"
},
{
"name": "4873",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4873"
},
{
"name": "http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html",
"refsource": "MISC",
"url": "http://shinnai.altervista.org/exploits/txt/TXT_DiWu9j82RCq4zpaQAoxn.html"
}
]
}
}

160
2008/0xxx/CVE-2008-0498.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5002",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5002"
},
{
"name" : "27489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27489"
},
{
"name" : "ADV-2008-0351",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0351"
},
{
"name" : "28691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28691"
},
{
"name" : "bigwareshop-mainbigware-sql-injection(40010)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop 2.0 allows remote attackers to execute arbitrary SQL commands via the pollid parameter in a results action to main_bigware_53.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0351",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0351"
},
{
"name": "bigwareshop-mainbigware-sql-injection(40010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40010"
},
{
"name": "28691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28691"
},
{
"name": "27489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27489"
},
{
"name": "5002",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5002"
}
]
}
}

170
2008/0xxx/CVE-2008-0751.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080208 Serendipity Freetag-plugin XSS vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html"
},
{
"name" : "http://www.bitsploit.de/uploads/Code/200802080000/",
"refsource" : "MISC",
"url" : "http://www.bitsploit.de/uploads/Code/200802080000/"
},
{
"name" : "http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html",
"refsource" : "CONFIRM",
"url" : "http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html"
},
{
"name" : "27697",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27697"
},
{
"name" : "28852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28852"
},
{
"name" : "serendipity-freetag-xss(40376)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html",
"refsource": "CONFIRM",
"url": "http://blog.s9y.org/archives/190-Freetag-plugin-updated-to-prevent-XSS.html"
},
{
"name": "http://www.bitsploit.de/uploads/Code/200802080000/",
"refsource": "MISC",
"url": "http://www.bitsploit.de/uploads/Code/200802080000/"
},
{
"name": "28852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28852"
},
{
"name": "20080208 Serendipity Freetag-plugin XSS vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060122.html"
},
{
"name": "serendipity-freetag-xss(40376)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40376"
},
{
"name": "27697",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27697"
}
]
}
}

560
2008/1xxx/CVE-2008-1195.json
View File

@ -1,282 +1,282 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1195",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080327 rPSA-2008-0128-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
},
{
"name" : "http://support.apple.com/kb/HT3178",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3178"
},
{
"name" : "http://support.apple.com/kb/HT3179",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3179"
},
{
"name" : "APPLE-SA-2008-09-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name" : "GLSA-200804-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name" : "GLSA-200804-28",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name" : "GLSA-200806-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name" : "MDVSA-2008:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
},
{
"name" : "RHSA-2008:0186",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
},
{
"name" : "RHSA-2008:0210",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0210.html"
},
{
"name" : "RHSA-2008:0267",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0267.html"
},
{
"name" : "233326",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1"
},
{
"name" : "238492",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name" : "SUSE-SA:2008:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
},
{
"name" : "SUSE-SA:2008:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
},
{
"name" : "SUSE-SA:2008:025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
},
{
"name" : "USN-592-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-592-1"
},
{
"name" : "TA08-066A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
},
{
"name" : "TA08-087A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
},
{
"name" : "oval:org.mitre.oval:def:9486",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486"
},
{
"name" : "ADV-2008-0770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0770/references"
},
{
"name" : "ADV-2008-0998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0998/references"
},
{
"name" : "ADV-2008-1856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1856/references"
},
{
"name" : "ADV-2008-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name" : "1019553",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019553"
},
{
"name" : "29273",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29273"
},
{
"name" : "29239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29239"
},
{
"name" : "29560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29560"
},
{
"name" : "29526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29526"
},
{
"name" : "29541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29541"
},
{
"name" : "29547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29547"
},
{
"name" : "29498",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29498"
},
{
"name" : "29645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29645"
},
{
"name" : "29582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29582"
},
{
"name" : "29858",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29858"
},
{
"name" : "29897",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29897"
},
{
"name" : "30676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30676"
},
{
"name" : "30780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30780"
},
{
"name" : "31497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31497"
},
{
"name" : "32018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32018"
},
{
"name" : "30620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30620"
},
{
"name" : "sun-jre-javascript-unauthorized-access(41030)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41030"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080327 rPSA-2008-0128-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
},
{
"name": "29541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29541"
},
{
"name": "APPLE-SA-2008-09-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name": "30676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30676"
},
{
"name": "RHSA-2008:0267",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0267.html"
},
{
"name": "30620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30620"
},
{
"name": "29560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29560"
},
{
"name": "SUSE-SA:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00000.html"
},
{
"name": "233326",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-233326-1"
},
{
"name": "32018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32018"
},
{
"name": "238492",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name": "29897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29897"
},
{
"name": "29498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29498"
},
{
"name": "USN-592-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-592-1"
},
{
"name": "oval:org.mitre.oval:def:9486",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9486"
},
{
"name": "sun-jre-javascript-unauthorized-access(41030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41030"
},
{
"name": "29645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29645"
},
{
"name": "GLSA-200804-28",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200804-28.xml"
},
{
"name": "29239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29239"
},
{
"name": "29858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29858"
},
{
"name": "TA08-066A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html"
},
{
"name": "ADV-2008-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name": "SUSE-SA:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00010.html"
},
{
"name": "http://support.apple.com/kb/HT3178",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3178"
},
{
"name": "29582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29582"
},
{
"name": "ADV-2008-0770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0770/references"
},
{
"name": "29526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29526"
},
{
"name": "SUSE-SA:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
},
{
"name": "31497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31497"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-18.html"
},
{
"name": "RHSA-2008:0210",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0210.html"
},
{
"name": "TA08-087A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
},
{
"name": "30780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30780"
},
{
"name": "ADV-2008-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1856/references"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0010.html"
},
{
"name": "29547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29547"
},
{
"name": "1019553",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019553"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
},
{
"name": "GLSA-200804-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200804-20.xml"
},
{
"name": "GLSA-200806-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200806-11.xml"
},
{
"name": "RHSA-2008:0186",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0186.html"
},
{
"name": "http://support.apple.com/kb/HT3179",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3179"
},
{
"name": "ADV-2008-0998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0998/references"
},
{
"name": "29273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29273"
},
{
"name": "MDVSA-2008:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
}
]
}
}

460
2008/1xxx/CVE-2008-1238.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080327 rPSA-2008-0128-1 firefox",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
},
{
"name" : "http://sla.ckers.org/forum/read.php?10,20033",
"refsource" : "MISC",
"url" : "http://sla.ckers.org/forum/read.php?10,20033"
},
{
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-16.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
},
{
"name" : "DSA-1532",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1532"
},
{
"name" : "DSA-1534",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1534"
},
{
"name" : "DSA-1535",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1535"
},
{
"name" : "GLSA-200805-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name" : "MDVSA-2008:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
},
{
"name" : "RHSA-2008:0208",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
},
{
"name" : "RHSA-2008:0207",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
},
{
"name" : "RHSA-2008:0209",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
},
{
"name" : "238492",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name" : "SUSE-SA:2008:019",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
},
{
"name" : "USN-592-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-592-1"
},
{
"name" : "TA08-087A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
},
{
"name" : "28448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28448"
},
{
"name" : "oval:org.mitre.oval:def:9889",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889"
},
{
"name" : "ADV-2008-0998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0998/references"
},
{
"name" : "ADV-2008-1793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name" : "1019703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019703"
},
{
"name" : "29391",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29391"
},
{
"name" : "29560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29560"
},
{
"name" : "29550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29550"
},
{
"name" : "29539",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29539"
},
{
"name" : "29558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29558"
},
{
"name" : "29616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29616"
},
{
"name" : "29526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29526"
},
{
"name" : "29541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29541"
},
{
"name" : "29547",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29547"
},
{
"name" : "29645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29645"
},
{
"name" : "29607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29607"
},
{
"name" : "30327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30327"
},
{
"name" : "30620",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30620"
},
{
"name" : "mozilla-http-referrer-spoofing(41449)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41449"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when generating the HTTP Referer header, does not list the entire URL when it contains Basic Authentication credentials without a username, which makes it easier for remote attackers to bypass application protection mechanisms that rely on Referer headers, such as with some Cross-Site Request Forgery (CSRF) mechanisms."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080327 rPSA-2008-0128-1 firefox",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490196/100/0/threaded"
},
{
"name": "29541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29541"
},
{
"name": "29539",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29539"
},
{
"name": "1019703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019703"
},
{
"name": "30620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30620"
},
{
"name": "29560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29560"
},
{
"name": "DSA-1532",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1532"
},
{
"name": "30327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30327"
},
{
"name": "238492",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
},
{
"name": "USN-592-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-592-1"
},
{
"name": "29616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29616"
},
{
"name": "29550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29550"
},
{
"name": "29645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29645"
},
{
"name": "29607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29607"
},
{
"name": "ADV-2008-1793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
},
{
"name": "29558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29558"
},
{
"name": "oval:org.mitre.oval:def:9889",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9889"
},
{
"name": "RHSA-2008:0208",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0208.html"
},
{
"name": "29526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29526"
},
{
"name": "SUSE-SA:2008:019",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00002.html"
},
{
"name": "TA08-087A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-087A.html"
},
{
"name": "29391",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29391"
},
{
"name": "RHSA-2008:0209",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0209.html"
},
{
"name": "28448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28448"
},
{
"name": "RHSA-2008:0207",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0207.html"
},
{
"name": "mozilla-http-referrer-spoofing(41449)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41449"
},
{
"name": "DSA-1534",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1534"
},
{
"name": "29547",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29547"
},
{
"name": "http://sla.ckers.org/forum/read.php?10,20033",
"refsource": "MISC",
"url": "http://sla.ckers.org/forum/read.php?10,20033"
},
{
"name": "GLSA-200805-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0128"
},
{
"name": "ADV-2008-0998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0998/references"
},
{
"name": "DSA-1535",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1535"
},
{
"name": "MDVSA-2008:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:080"
},
{
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-16.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-16.html"
}
]
}
}

190
2008/1xxx/CVE-2008-1517.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090514 Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "1022213",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022213"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "macos-kernel-workqueue-code-execution(50489)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50489"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 before 10.5.7 allows local users to gain privileges or cause a denial of service (system shutdown) via unspecified vectors related to workqueues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "1022213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022213"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "20090514 Apple Mac OS X xnu Kernel workqueue_additem/workqueue_removeitem Index Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=797"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "macos-kernel-workqueue-code-execution(50489)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50489"
}
]
}
}

170
2008/1xxx/CVE-2008-1993.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080420 Acidcat CMS Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/491129/100/0/threaded"
},
{
"name" : "5478",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5478"
},
{
"name" : "http://bugreport.ir/index.php?/36",
"refsource" : "MISC",
"url" : "http://bugreport.ir/index.php?/36"
},
{
"name" : "28868",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28868"
},
{
"name" : "3842",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3842"
},
{
"name" : "acidcat-fckeditor-file-upload(41922)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41922"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugreport.ir/index.php?/36",
"refsource": "MISC",
"url": "http://bugreport.ir/index.php?/36"
},
{
"name": "3842",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3842"
},
{
"name": "20080420 Acidcat CMS Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491129/100/0/threaded"
},
{
"name": "28868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28868"
},
{
"name": "5478",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5478"
},
{
"name": "acidcat-fckeditor-file-upload(41922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41922"
}
]
}
}

290
2008/5xxx/CVE-2008-5028.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[nagios-devel] 20081107 Security fixes completed",
"refsource" : "MLIST",
"url" : "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel"
},
{
"name" : "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name" : "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18",
"refsource" : "CONFIRM",
"url" : "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name" : "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource" : "CONFIRM",
"url" : "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name" : "GLSA-200907-15",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name" : "HPSBMA02419",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124156641928637&w=2"
},
{
"name" : "SSRT090060",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124156641928637&w=2"
},
{
"name" : "USN-698-3",
"refsource" : "UBUNTU",
"url" : "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name" : "49678",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49678"
},
{
"name" : "1022165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022165"
},
{
"name" : "32610",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32610"
},
{
"name" : "33320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33320"
},
{
"name" : "35002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35002"
},
{
"name" : "32630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32630"
},
{
"name" : "ADV-2008-3029",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name" : "ADV-2009-1256",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name" : "nagios-cmd-csrf(46426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name" : "op5monitor-unspecified-csrf(46521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nagios-cmd-csrf(46426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46426"
},
{
"name": "[nagios-devel] 20081107 Security fixes completed",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/forum.php?thread_name=4914396D.5010009%40op5.se&forum_name=nagios-devel"
},
{
"name": "op5monitor-unspecified-csrf(46521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46521"
},
{
"name": "GLSA-200907-15",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-15.xml"
},
{
"name": "33320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33320"
},
{
"name": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18",
"refsource": "CONFIRM",
"url": "http://git.op5.org/git/?p=nagios.git;a=commit;h=814d8d4d1a73f7151eeed187c0667585d79fea18"
},
{
"name": "[oss-security] 20081106 CVE request: Nagios (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/06/2"
},
{
"name": "1022165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022165"
},
{
"name": "USN-698-3",
"refsource": "UBUNTU",
"url": "https://www.ubuntu.com/usn/USN-698-3/"
},
{
"name": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor",
"refsource": "CONFIRM",
"url": "http://www.op5.com/support/news/389-important-security-fix-available-for-op5-monitor"
},
{
"name": "ADV-2008-3029",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3029"
},
{
"name": "SSRT090060",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124156641928637&w=2"
},
{
"name": "HPSBMA02419",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124156641928637&w=2"
},
{
"name": "ADV-2009-1256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1256"
},
{
"name": "32610",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32610"
},
{
"name": "32630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32630"
},
{
"name": "35002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35002"
},
{
"name": "49678",
"refsource": "OSVDB",
"url": "http://osvdb.org/49678"
}
]
}
}

190
2008/5xxx/CVE-2008-5078.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-5078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=473958",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=473958"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm"
},
{
"name" : "RHSA-2008:1021",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-1021.html"
},
{
"name" : "SUSE-SR:2009:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name" : "oval:org.mitre.oval:def:11807",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11807"
},
{
"name" : "1021401",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021401"
},
{
"name" : "33181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33181"
},
{
"name" : "enscript-recognize-tilde-bo(47680)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the (1) recognize_eps_file function (src/psgen.c) and (2) tilde_subst function (src/util.c) in GNU enscript 1.6.1, and possibly earlier, might allow remote attackers to execute arbitrary code via an epsf escape sequence with a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "enscript-recognize-tilde-bo(47680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47680"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-504.htm"
},
{
"name": "33181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33181"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "RHSA-2008:1021",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1021.html"
},
{
"name": "oval:org.mitre.oval:def:11807",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11807"
},
{
"name": "1021401",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021401"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=473958",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=473958"
}
]
}
}

150
2008/5xxx/CVE-2008-5129.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt"
},
{
"name" : "32409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32409"
},
{
"name" : "ocean12-mdb-information-disclosure(46133)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46133"
},
{
"name" : "pollmanager-o12poll-info-disclosure(46692)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46692"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ocean12 Poll Manager Pro 1.00 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to o12poll.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32409"
},
{
"name": "ocean12-mdb-information-disclosure(46133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46133"
},
{
"name": "http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0810-exploits/ocean12-database.txt"
},
{
"name": "pollmanager-o12poll-info-disclosure(46692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46692"
}
]
}
}

130
2008/5xxx/CVE-2008-5135.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating \"the insecure code path should only ever run inside a d-i environment, which has no non-root users.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-devel/2008/08/msg00285.html"
},
{
"name" : "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource" : "MLIST",
"url" : "http://lists.debian.org/debian-devel/2008/08/msg00296.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** os-prober in os-prober 1.17 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/mounted-map or (2) /tmp/raided-map temporary file. NOTE: the vendor disputes this issue, stating \"the insecure code path should only ever run inside a d-i environment, which has no non-root users.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00296.html"
},
{
"name": "[debian-devel] 20080811 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages",
"refsource": "MLIST",
"url": "http://lists.debian.org/debian-devel/2008/08/msg00285.html"
}
]
}
}

160
2008/5xxx/CVE-2008-5734.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog.vijatov.com/index.php?itemid=11",
"refsource" : "MISC",
"url" : "http://blog.vijatov.com/index.php?itemid=11"
},
{
"name" : "32969",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32969"
},
{
"name" : "50885",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50885"
},
{
"name" : "32770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32770"
},
{
"name" : "merak-img-xss(47533)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32969",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32969"
},
{
"name": "32770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32770"
},
{
"name": "50885",
"refsource": "OSVDB",
"url": "http://osvdb.org/50885"
},
{
"name": "merak-img-xss(47533)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47533"
},
{
"name": "http://blog.vijatov.com/index.php?itemid=11",
"refsource": "MISC",
"url": "http://blog.vijatov.com/index.php?itemid=11"
}
]
}
}

360
2008/5xxx/CVE-2008-5913.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a \"temporary footprint\" and an \"in-session phishing attack.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html",
"refsource" : "MISC",
"url" : "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html"
},
{
"name" : "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161",
"refsource" : "MISC",
"url" : "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161"
},
{
"name" : "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html",
"refsource" : "MISC",
"url" : "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html"
},
{
"name" : "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf",
"refsource" : "MISC",
"url" : "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf"
},
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-33.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-33.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"
},
{
"name" : "http://support.avaya.com/css/P8/documents/100091069",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/css/P8/documents/100091069"
},
{
"name" : "FEDORA-2010-10344",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html"
},
{
"name" : "FEDORA-2010-10361",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html"
},
{
"name" : "MDVSA-2010:125",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125"
},
{
"name" : "RHSA-2010:0500",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0500.html"
},
{
"name" : "RHSA-2010:0501",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0501.html"
},
{
"name" : "SUSE-SA:2010:030",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html"
},
{
"name" : "USN-930-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-930-1"
},
{
"name" : "USN-930-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-930-2"
},
{
"name" : "33276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33276"
},
{
"name" : "oval:org.mitre.oval:def:11139",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139"
},
{
"name" : "40326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40326"
},
{
"name" : "40401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40401"
},
{
"name" : "40481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40481"
},
{
"name" : "ADV-2010-1551",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1551"
},
{
"name" : "ADV-2010-1557",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1557"
},
{
"name" : "ADV-2010-1640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1640"
},
{
"name" : "ADV-2010-1773",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1773"
},
{
"name" : "ADV-2010-1592",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, uses a random number generator that is seeded only once per browser session, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a \"temporary footprint\" and an \"in-session phishing attack.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40481"
},
{
"name": "USN-930-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-930-1"
},
{
"name": "oval:org.mitre.oval:def:11139",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11139"
},
{
"name": "FEDORA-2010-10361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043405.html"
},
{
"name": "ADV-2010-1640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1640"
},
{
"name": "RHSA-2010:0501",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0501.html"
},
{
"name": "ADV-2010-1557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1557"
},
{
"name": "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html",
"refsource": "MISC",
"url": "http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.html"
},
{
"name": "MDVSA-2010:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:125"
},
{
"name": "ADV-2010-1773",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1773"
},
{
"name": "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161",
"refsource": "MISC",
"url": "http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161"
},
{
"name": "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html",
"refsource": "MISC",
"url": "http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.html"
},
{
"name": "ADV-2010-1592",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1592"
},
{
"name": "USN-930-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-930-2"
},
{
"name": "ADV-2010-1551",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1551"
},
{
"name": "RHSA-2010:0500",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0500.html"
},
{
"name": "SUSE-SA:2010:030",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-07/msg00005.html"
},
{
"name": "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf",
"refsource": "MISC",
"url": "http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-33.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-33.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=475585"
},
{
"name": "40401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40401"
},
{
"name": "FEDORA-2010-10344",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043369.html"
},
{
"name": "33276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33276"
},
{
"name": "40326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40326"
},
{
"name": "http://support.avaya.com/css/P8/documents/100091069",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100091069"
}
]
}
}

140
2013/0xxx/CVE-2013-0266.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"name" : "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
"refsource" : "CONFIRM",
"url" : "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name" : "RHSA-2013:0595",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to read OpenStack administrative passwords by reading the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=908581",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908581"
},
{
"name": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc",
"refsource": "CONFIRM",
"url": "https://github.com/puppetlabs/puppetlabs-cinder/commit/7da792fbd40c0e6eae1ee093aa00e0b177bd2ebc"
},
{
"name": "RHSA-2013:0595",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0595.html"
}
]
}
}

150
2013/0xxx/CVE-2013-0317.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name" : "http://drupal.org/node/1916312",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1916312"
},
{
"name" : "http://drupal.org/node/1915408",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1915408"
},
{
"name" : "http://drupalcode.org/project/og_manager_change.git/commitdiff/ab7152b",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/og_manager_change.git/commitdiff/ab7152b"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130220 Re: CVE request for Drupal Core and contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/21/5"
},
{
"name": "http://drupal.org/node/1915408",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1915408"
},
{
"name": "http://drupal.org/node/1916312",
"refsource": "MISC",
"url": "http://drupal.org/node/1916312"
},
{
"name": "http://drupalcode.org/project/og_manager_change.git/commitdiff/ab7152b",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/og_manager_change.git/commitdiff/ab7152b"
}
]
}
}

170
2013/0xxx/CVE-2013-0647.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2013-0647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
},
{
"name" : "RHSA-2013:0254",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
},
{
"name" : "SUSE-SU-2013:0296",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
},
{
"name" : "openSUSE-SU-2013:0295",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name" : "openSUSE-SU-2013:0298",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name" : "TA13-043A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and 3.x, and before 11.1.115.47 on Android 4.x; Adobe AIR before 3.6.0.597; and Adobe AIR SDK before 3.6.0.599 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-0638."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2013:0296",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00010.html"
},
{
"name": "RHSA-2013:0254",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0254.html"
},
{
"name": "openSUSE-SU-2013:0295",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00009.html"
},
{
"name": "openSUSE-SU-2013:0298",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00011.html"
},
{
"name": "TA13-043A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA13-043A.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-05.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-05.html"
}
]
}
}

140
2013/3xxx/CVE-2013-3032.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644599",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645503",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name" : "inotes-cve20133032-xss(84622)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN986NAA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644599"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21645503"
},
{
"name": "inotes-cve20133032-xss(84622)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84622"
}
]
}
}

120
2013/3xxx/CVE-2013-3055.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.lexmark.com/index?page=content&id=TE530",
"refsource" : "CONFIRM",
"url" : "http://support.lexmark.com/index?page=content&id=TE530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lexmark Markvision Enterprise before 1.8 provides a diagnostic interface on TCP port 9789, which allows remote attackers to execute arbitrary code, change the configuration, or obtain sensitive fleet-management information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.lexmark.com/index?page=content&id=TE530",
"refsource": "CONFIRM",
"url": "http://support.lexmark.com/index?page=content&id=TE530"
}
]
}
}

120
2013/3xxx/CVE-2013-3299.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130702 Real player resource exhaustion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2013/Jul/18"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130702 Real player resource exhaustion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Jul/18"
}
]
}
}

140
2013/3xxx/CVE-2013-3721.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "24893",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/24893"
},
{
"name" : "http://packetstormsecurity.com/files/120976/PsychoStats-3.2.2b-Blind-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/120976/PsychoStats-3.2.2b-Blind-SQL-Injection.html"
},
{
"name" : "91721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/91721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows remote attackers to execute arbitrary SQL commands via the d parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/120976/PsychoStats-3.2.2b-Blind-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120976/PsychoStats-3.2.2b-Blind-SQL-Injection.html"
},
{
"name": "24893",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24893"
},
{
"name": "91721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91721"
}
]
}
}

150
2013/4xxx/CVE-2013-4468.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "29513",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/29513"
},
{
"name" : "[oss-security] 20131023 VICIDIAL 2.7 - SQL Injection, Command Injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/23/10"
},
{
"name" : "[oss-security] 20131024 Re: VICIDIAL 2.7 - SQL Injection, Command Injection",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/10/25/1"
},
{
"name" : "https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an OriginateVDRelogin action to manager_send.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://adamcaudill.com/2013/10/23/vicidial-multiple-vulnerabilities/"
},
{
"name": "[oss-security] 20131023 VICIDIAL 2.7 - SQL Injection, Command Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/23/10"
},
{
"name": "[oss-security] 20131024 Re: VICIDIAL 2.7 - SQL Injection, Command Injection",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/25/1"
},
{
"name": "29513",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/29513"
}
]
}
}

180
2013/4xxx/CVE-2013-4788.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150907 Glibc Pointer guarding weakness",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"name" : "[oss-security] 20130716 Re: CVE-2013-4788 - Eglibc PTR MANGLE bug",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"name" : "http://hmarco.org/bugs/CVE-2013-4788.html",
"refsource" : "MISC",
"url" : "http://hmarco.org/bugs/CVE-2013-4788.html"
},
{
"name" : "GLSA-201503-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-04"
},
{
"name" : "MDVSA-2013:283",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name" : "MDVSA-2013:284",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name" : "61183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61183"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC (EGLIBC) does not initialize the random value for the pointer guard, which makes it easier for context-dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150907 Glibc Pointer guarding weakness",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/23"
},
{
"name": "MDVSA-2013:284",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:284"
},
{
"name": "[oss-security] 20130716 Re: CVE-2013-4788 - Eglibc PTR MANGLE bug",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/07/15/9"
},
{
"name": "61183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61183"
},
{
"name": "GLSA-201503-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-04"
},
{
"name": "MDVSA-2013:283",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:283"
},
{
"name": "http://hmarco.org/bugs/CVE-2013-4788.html",
"refsource": "MISC",
"url": "http://hmarco.org/bugs/CVE-2013-4788.html"
}
]
}
}

34
2013/6xxx/CVE-2013-6599.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6599",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6599",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/7xxx/CVE-2013-7146.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7146",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7146",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}
}

34
2013/7xxx/CVE-2013-7261.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7261",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7261",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/10xxx/CVE-2017-10300.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Siebel CRM Desktop",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "16.0"
},
{
"version_affected" : "=",
"version_value" : "17.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Siebel CRM Desktop",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "16.0"
},
{
"version_affected": "=",
"version_value": "17.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "101400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Siebel Business Service Issues). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Siebel CRM Desktop accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101400"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}
]
}
}

34
2017/10xxx/CVE-2017-10625.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10625",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10625",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/10xxx/CVE-2017-10805.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/odoo/odoo/issues/17921",
"refsource" : "CONFIRM",
"url" : "https://github.com/odoo/odoo/issues/17921"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuth sessions of other users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/odoo/odoo/issues/17921",
"refsource": "CONFIRM",
"url": "https://github.com/odoo/odoo/issues/17921"
}
]
}
}

132
2017/12xxx/CVE-2017-12116.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00",
"ID" : "CVE-2017-12116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CPP-Ethereum",
"version" : {
"version_data" : [
{
"version_value" : "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authorization bypass"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2017-12116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CPP-Ethereum",
"version": {
"version_data": [
{
"version_value": "Ethereum commit 4e1015743b95821849d001618a7ce82c7c073768"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468"
},
{
"name" : "102475",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authorization bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0468"
},
{
"name": "102475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102475"
}
]
}
}

130
2017/12xxx/CVE-2017-12145.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in_30.html",
"refsource" : "MISC",
"url" : "https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in_30.html"
},
{
"name" : "https://sourceforge.net/p/libquicktime/mailman/message/35888849/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/libquicktime/mailman/message/35888849/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in_30.html",
"refsource": "MISC",
"url": "https://somevulnsofadlab.blogspot.com/2017/07/libquicktimeallocation-failed-in_30.html"
},
{
"name": "https://sourceforge.net/p/libquicktime/mailman/message/35888849/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libquicktime/mailman/message/35888849/"
}
]
}
}

140
2017/13xxx/CVE-2017-13062.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/669",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/669"
},
{
"name" : "GLSA-201711-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201711-07"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the function formatIPTC in coders/meta.c, which allows attackers to cause a denial of service (WriteMETAImage memory consumption) via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "GLSA-201711-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201711-07"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/669",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/669"
}
]
}
}

34
2017/13xxx/CVE-2017-13368.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13368",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13368",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/13xxx/CVE-2017-13980.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13980",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13980",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/17xxx/CVE-2017-17175.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mate 9 Pro",
"version" : {
"version_data" : [
{
"version_value" : "The versions before LON-AL00B 8.0.0.354(C00)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mate 9 Pro",
"version": {
"version_data": [
{
"version_value": "The versions before LON-AL00B 8.0.0.354(C00)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Short Message Service (SMS) module of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.354(C00) has a Denial of Service (DoS) vulnerability. An unauthenticated attacker may set up a pseudo base station, and send special malware text message to the phone, causing the mobile phone to fail to make calls and send and receive text messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180629-01-smartphone-en"
}
]
}
}

34
2017/17xxx/CVE-2017-17367.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17367",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17367",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2017/17xxx/CVE-2017-17512.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20171215 [SECURITY] [DLA 1209-1] sensible-utils security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2017/12/msg00012.html"
},
{
"name" : "http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog",
"refsource" : "MISC",
"url" : "http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog"
},
{
"name" : "https://bugs.debian.org/881767",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/881767"
},
{
"name" : "DSA-4071",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4071"
},
{
"name" : "USN-3584-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3584-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3584-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3584-1/"
},
{
"name": "[debian-lts-announce] 20171215 [SECURITY] [DLA 1209-1] sensible-utils security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/12/msg00012.html"
},
{
"name": "http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog",
"refsource": "MISC",
"url": "http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils/sensible-utils_0.0.11_changelog"
},
{
"name": "https://bugs.debian.org/881767",
"refsource": "MISC",
"url": "https://bugs.debian.org/881767"
},
{
"name": "DSA-4071",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4071"
}
]
}
}

120
2017/17xxx/CVE-2017-17911.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.openbugbounty.org/reports/278503/",
"refsource" : "MISC",
"url" : "https://www.openbugbounty.org/reports/278503/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.openbugbounty.org/reports/278503/",
"refsource": "MISC",
"url": "https://www.openbugbounty.org/reports/278503/"
}
]
}
}

34
2017/17xxx/CVE-2017-17922.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17922",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17922",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2017/17xxx/CVE-2017-17926.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Professional-Service-Script.md"
}
]
}
}

122
2018/18xxx/CVE-2018-18090.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2019-03-12T00:00:00",
"ID" : "CVE-2018-18090",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel(R) Graphics Driver for Windows",
"version" : {
"version_data" : [
{
"version_value" : "Multiple versions."
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2019-03-12T00:00:00",
"ID": "CVE-2018-18090",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel(R) Graphics Driver for Windows",
"version": {
"version_data": [
{
"version_value": "Multiple versions."
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bounds read in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00189.html"
}
]
}
}

34
2018/18xxx/CVE-2018-18108.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18108",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18108",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/18xxx/CVE-2018-18750.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18750",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18750",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/19xxx/CVE-2018-19318.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/martinzhou2015/SRCMS-dev/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/martinzhou2015/SRCMS-dev/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SRCMS 3.0.0 allows CSRF via admin.php?m=Admin&c=manager&a=update to change the username and password of the super administrator account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/martinzhou2015/SRCMS-dev/issues/1",
"refsource": "MISC",
"url": "https://github.com/martinzhou2015/SRCMS-dev/issues/1"
}
]
}
}

34
2018/19xxx/CVE-2018-19880.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19880",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19880",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/19xxx/CVE-2018-19900.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19900",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19900",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/19xxx/CVE-2018-19962.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://xenbits.xen.org/xsa/advisory-275.html",
"refsource" : "MISC",
"url" : "https://xenbits.xen.org/xsa/advisory-275.html"
},
{
"name" : "https://support.citrix.com/article/CTX239432",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX239432"
},
{
"name" : "DSA-4369",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4369"
},
{
"name" : "106182",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106182"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.11.x on AMD x86 platforms, possibly allowing guest OS users to gain host OS privileges because small IOMMU mappings are unsafely combined into larger ones."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.citrix.com/article/CTX239432",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX239432"
},
{
"name": "DSA-4369",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4369"
},
{
"name": "106182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106182"
},
{
"name": "https://xenbits.xen.org/xsa/advisory-275.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-275.html"
}
]
}
}

34
2018/1xxx/CVE-2018-1693.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1693",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1693",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2018/1xxx/CVE-2018-1794.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2018-1794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WebSphere Application Server",
"version" : {
"version_data" : [
{
"version_value" : "7.0"
},
{
"version_value" : "8.0"
},
{
"version_value" : "8.5"
},
{
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "N",
"S" : "C",
"SCORE" : "6.100",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2018-1794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebSphere Application Server",
"version": {
"version_data": [
{
"version_value": "7.0"
},
{
"version_value": "8.0"
},
{
"version_value": "8.5"
},
{
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10729571",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10729571"
},
{
"name" : "1041802",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041802"
},
{
"name" : "ibm-websphere-cve20181794-xss(148949)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/148949"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 using OAuth ear is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 148949."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "N",
"S": "C",
"SCORE": "6.100",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181794-xss(148949)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/148949"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10729571",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10729571"
},
{
"name": "1041802",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041802"
}
]
}
}

226
2018/1xxx/CVE-2018-1823.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2019-03-08T00:00:00",
"ID" : "CVE-2018-1823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Rational Quality Manager",
"version" : {
"version_data" : [
{
"version_value" : "5.0"
},
{
"version_value" : "5.0.1"
},
{
"version_value" : "5.0.2"
},
{
"version_value" : "6.0"
},
{
"version_value" : "6.0.1"
},
{
"version_value" : "6.0.2"
},
{
"version_value" : "6.0.3"
},
{
"version_value" : "6.0.4"
},
{
"version_value" : "6.0.5"
},
{
"version_value" : "6.0.6"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2019-03-08T00:00:00",
"ID": "CVE-2018-1823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Rational Quality Manager",
"version": {
"version_data": [
{
"version_value": "5.0"
},
{
"version_value": "5.0.1"
},
{
"version_value": "5.0.2"
},
{
"version_value": "6.0"
},
{
"version_value": "6.0.1"
},
{
"version_value": "6.0.2"
},
{
"version_value": "6.0.3"
},
{
"version_value": "6.0.4"
},
{
"version_value": "6.0.5"
},
{
"version_value": "6.0.6"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
},
{
"name" : "ibm-rqm-cve20181823-xss(150426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Rational Quality Manager 5.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150426."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10875318",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10875318"
},
{
"name": "ibm-rqm-cve20181823-xss(150426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150426"
}
]
}
}

188
2018/1xxx/CVE-2018-1889.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-12-13T00:00:00",
"ID" : "CVE-2018-1889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Security Guardium",
"version" : {
"version_data" : [
{
"version_value" : "10"
},
{
"version_value" : "10.5"
}
]
}
}
]
},
"vendor_name" : "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-12-13T00:00:00",
"ID": "CVE-2018-1889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Security Guardium",
"version": {
"version_data": [
{
"version_value": "10"
},
{
"version_value": "10.5"
}
]
}
}
]
},
"vendor_name": "IBM"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10743371",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10743371"
},
{
"name" : "106231",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106231"
},
{
"name" : "ibm-guardium-cve20181889-xss(152080)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/152080"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 152080."
}
]
},
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106231",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106231"
},
{
"name": "ibm-guardium-cve20181889-xss(152080)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/152080"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10743371",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10743371"
}
]
}
}

152
2018/5xxx/CVE-2018-5165.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@mozilla.org",
"ID" : "CVE-2018-5165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Firefox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "60"
}
]
}
}
]
},
"vendor_name" : "Mozilla"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In 32-bit versions of Firefox, the Adobe Flash plugin setting for \"Enable Adobe Flash protected mode\" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2018-5165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "60"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1451452",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1451452"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-11/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-11/"
},
{
"name" : "104139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104139"
},
{
"name" : "1040896",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040896"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In 32-bit versions of Firefox, the Adobe Flash plugin setting for \"Enable Adobe Flash protected mode\" is unchecked by default even though the Adobe Flash sandbox is actually enabled. The displayed state is the reverse of the true setting, resulting in user confusion. This could cause users to select this setting intending to activate it and inadvertently turn protections off. This vulnerability affects Firefox < 60."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Checkbox for enabling Flash protected mode is inverted in 32-bit Firefox"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1451452",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1451452"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2018-11/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2018-11/"
},
{
"name": "1040896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040896"
},
{
"name": "104139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104139"
}
]
}
}

220
2018/5xxx/CVE-2018-5560.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@rapid7.com",
"DATE_PUBLIC" : "2018-12-27T14:05:00.000Z",
"ID" : "CVE-2018-5560",
"STATE" : "PUBLIC",
"TITLE" : "Guardzilla All-In-One Video Security System Hard-Coded Credential"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Guardzilla All-In-One Video Security System",
"version" : {
"version_data" : [
{
"version_name" : "2018",
"version_value" : "2018"
}
]
}
}
]
},
"vendor_name" : "Practecol, LLC"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Discovered by Nick McClendon, Andrew Mirghassemi, Charles Dardaman, INIT_6, and Chris."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 10,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-798"
},
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
}
"CVE_data_meta": {
"ASSIGNER": "cve@rapid7.com",
"DATE_PUBLIC": "2018-12-27T14:05:00.000Z",
"ID": "CVE-2018-5560",
"STATE": "PUBLIC",
"TITLE": "Guardzilla All-In-One Video Security System Hard-Coded Credential"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Guardzilla All-In-One Video Security System",
"version": {
"version_data": [
{
"version_name": "2018",
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Practecol, LLC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/",
"refsource" : "MISC",
"url" : "https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/"
},
{
"name" : "https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/",
"refsource" : "MISC",
"url" : "https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "There is no vendor-provided fix available, see work_around."
}
],
"source" : {
"advisory" : "R7-2018-52",
"discovery" : "EXTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Users concerned with video privacy should disable the cloud storage functionality provided by the vendor."
}
]
}
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered by Nick McClendon, Andrew Mirghassemi, Charles Dardaman, INIT_6, and Chris."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 10,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-798"
},
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/",
"refsource": "MISC",
"url": "https://www.0dayallday.org/guardzilla-video-camera-hard-coded-aws-credentials/"
},
{
"name": "https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/",
"refsource": "MISC",
"url": "https://blog.rapid7.com/2018/12/27/r7-2018-52-guardzilla-iot-video-camera-hard-coded-credential-cve-2018-5560/"
}
]
},
"solution": [
{
"lang": "eng",
"value": "There is no vendor-provided fix available, see work_around."
}
],
"source": {
"advisory": "R7-2018-52",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Users concerned with video privacy should disable the cloud storage functionality provided by the vendor."
}
]
}

120
2018/5xxx/CVE-2018-5698.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/WizardMac/ReadStat/issues/108",
"refsource" : "CONFIRM",
"url" : "https://github.com/WizardMac/ReadStat/issues/108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer over-read via an unterminated string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/WizardMac/ReadStat/issues/108",
"refsource": "CONFIRM",
"url": "https://github.com/WizardMac/ReadStat/issues/108"
}
]
}
}

190
2018/5xxx/CVE-2018-5730.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869",
"refsource" : "CONFIRM",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1551082",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1551082"
},
{
"name" : "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"refsource" : "CONFIRM",
"url" : "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1"
},
{
"name" : "FEDORA-2018-391a1f3e61",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/"
},
{
"name" : "FEDORA-2018-f97cb1c9b0",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"
},
{
"name" : "RHSA-2018:3071",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3071"
},
{
"name" : "1042071",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MIT krb5 1.6 or later allows an authenticated kadmin with permission to add principals to an LDAP Kerberos database to circumvent a DN containership check by supplying both a \"linkdn\" and \"containerdn\" database argument, or by supplying a DN string which is a left extension of a container DN string but is not hierarchically within the container DN."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042071"
},
{
"name": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1"
},
{
"name": "RHSA-2018:3071",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3071"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551082"
},
{
"name": "FEDORA-2018-f97cb1c9b0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIFUL3CPM4S5TOXTTOCQ3CUZN6XCXUTR/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891869"
},
{
"name": "FEDORA-2018-391a1f3e61",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GK5T6JPMBHBPKS7HNGHYUUF4KKRMNSNU/"
},
{
"name": "[debian-lts-announce] 20190125 [SECURITY] [DLA 1643-1] krb5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html"
}
]
}
}

34
2018/5xxx/CVE-2018-5928.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5928",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5928",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/5xxx/CVE-2018-5980.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44128",
"refsource" : "EXPLOIT-DB",
"url" : "https://exploit-db.com/exploits/44128"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the Solidres 2.5.1 component for Joomla! via the direction parameter in a hub.search action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44128",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44128"
}
]
}
}