admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:31:50 +00:00
parent a23f10e7fc
commit 24c9eb7bda
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4168 additions and 4168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2008/0xxx/CVE-2008-0134.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0134",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0134",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080107 [HSC] Snitz Forums Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/485836/100/200/threaded"
"name": "27162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27162"
},
{
"name" : "http://hackerscenter.com/archive/view.asp?id=28145",
"refsource" : "MISC",
"url" : "http://hackerscenter.com/archive/view.asp?id=28145"
"name": "http://hackerscenter.com/archive/view.asp?id=28145",
"refsource": "MISC",
"url": "http://hackerscenter.com/archive/view.asp?id=28145"
},
{
"name" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"
"name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"
},
{
"name" : "27162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27162"
"name": "28284",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28284"
},
{
"name" : "28284",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28284"
"name": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"
}
]
}

98
2008/0xxx/CVE-2008-0167.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0167",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0167",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances."
"lang": "eng",
"value": "The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz",
"refsource" : "CONFIRM",
"url" : "http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz"
"name": "29215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29215"
},
{
"name" : "DSA-1577",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1577"
"name": "30286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30286"
},
{
"name" : "29215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29215"
"name": "http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch8.diff.gz"
},
{
"name" : "ADV-2008-1537",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1537/references"
"name": "ADV-2008-1537",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1537/references"
},
{
"name" : "30088",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30088"
"name": "30088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30088"
},
{
"name" : "30286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30286"
"name": "DSA-1577",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1577"
},
{
"name" : "gforge-unspecified-symlink(42456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42456"
"name": "gforge-unspecified-symlink(42456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42456"
}
]
}

74
2008/0xxx/CVE-2008-0735.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0735",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0735",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter."
"lang": "eng",
"value": "SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5105",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5105"
"name": "5105",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5105"
},
{
"name" : "27764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27764"
"name": "27764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27764"
},
{
"name" : "28950",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28950"
"name": "28950",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28950"
}
]
}

74
2008/0xxx/CVE-2008-0819.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0819",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0819",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080214 PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/488141/100/0/threaded"
"name": "3667",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3667"
},
{
"name" : "27802",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/27802"
"name": "27802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27802"
},
{
"name" : "3667",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3667"
"name": "20080214 PlutoStatus Locator v1.0pre (alpha) local file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488141/100/0/threaded"
}
]
}

74
2008/1xxx/CVE-2008-1341.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1341",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1341",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "SQL injection vulnerability in SearchResults.aspx in LaGarde StoreFront 6 before SP8 allows remote attackers to execute arbitrary SQL commands via the CategoryId parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.storefront.net/Updates/60sp8/default.asp",
"refsource" : "MISC",
"url" : "http://support.storefront.net/Updates/60sp8/default.asp"
"name": "29326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29326"
},
{
"name" : "28234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28234"
"name": "28234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28234"
},
{
"name" : "29326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29326"
"name": "http://support.storefront.net/Updates/60sp8/default.asp",
"refsource": "MISC",
"url": "http://support.storefront.net/Updates/60sp8/default.asp"
}
]
}

86
2008/1xxx/CVE-2008-1692.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1692",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1692",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
"lang": "eng",
"value": "Eterm 0.9.4 opens a terminal window on :0 if -display is not specified and the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: realistic attack scenarios require that the victim enters a command on the wrong machine."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127"
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473127"
},
{
"name" : "GLSA-200805-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200805-03.xml"
"name": "28512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28512"
},
{
"name" : "MDVSA-2008:222",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:222"
"name": "GLSA-200805-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-03.xml"
},
{
"name" : "28512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28512"
"name": "29577",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29577"
},
{
"name" : "29577",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29577"
"name": "MDVSA-2008:222",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:222"
}
]
}

92
2008/1xxx/CVE-2008-1744.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1744",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2008-1744",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
"lang": "eng",
"value": "The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager (CUCM) 4.1 before 4.1(3)SR7, 4.2 before 4.2(3)SR4, and 4.3 before 4.3(2) allows remote attackers to cause a denial of service (service crash) via malformed network traffic, aka Bug ID CSCsk46770."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
"name": "20080514 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080995688.shtml"
},
{
"name" : "29221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29221"
"name": "ADV-2008-1533",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1533"
},
{
"name" : "ADV-2008-1533",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1533"
"name": "29221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29221"
},
{
"name" : "1020022",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020022"
"name": "cucm-capf-dos(42415)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
},
{
"name" : "30238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30238"
"name": "30238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30238"
},
{
"name" : "cucm-capf-dos(42415)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42415"
"name": "1020022",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020022"
}
]
}

80
2008/1xxx/CVE-2008-1867.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1867",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1867",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php."
"lang": "eng",
"value": "SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5382",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5382"
"name": "blogpixelmotion-index-sql-injection(41668)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41668"
},
{
"name" : "28645",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28645"
"name": "28645",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28645"
},
{
"name" : "ADV-2008-1121",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1121/references"
"name": "ADV-2008-1121",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1121/references"
},
{
"name" : "blogpixelmotion-index-sql-injection(41668)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41668"
"name": "5382",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5382"
}
]
}

98
2008/3xxx/CVE-2008-3286.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3286",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3286",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string."
"lang": "eng",
"value": "SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://aluigi.altervista.org/adv/swat4x-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/swat4x-adv.txt"
"name": "http://aluigi.org/fakep/unrealfp.zip",
"refsource": "MISC",
"url": "http://aluigi.org/fakep/unrealfp.zip"
},
{
"name" : "http://aluigi.org/fakep/unrealfp.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/fakep/unrealfp.zip"
"name": "30299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30299"
},
{
"name" : "30299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30299"
"name": "swat4-gamespyresponse-dos(43902)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43902"
},
{
"name" : "ADV-2008-2149",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2149/references"
"name": "31158",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31158"
},
{
"name" : "31158",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31158"
"name": "swat4-verifycontent-gameconfig-dos(43901)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43901"
},
{
"name" : "swat4-gamespyresponse-dos(43902)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43902"
"name": "http://aluigi.altervista.org/adv/swat4x-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/swat4x-adv.txt"
},
{
"name" : "swat4-verifycontent-gameconfig-dos(43901)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43901"
"name": "ADV-2008-2149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2149/references"
}
]
}

80
2008/4xxx/CVE-2008-4146.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4146",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4146",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field."
"lang": "eng",
"value": "Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve web-site additions via a modified approved field and (2) change the visit-counter value via a modified counter field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6482",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6482"
"name": "ADV-2008-2606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2606"
},
{
"name" : "ADV-2008-2606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2606"
"name": "6482",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6482"
},
{
"name" : "4295",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4295"
"name": "addalink-addlink-security-bypass(45246)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45246"
},
{
"name" : "addalink-addlink-security-bypass(45246)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45246"
"name": "4295",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4295"
}
]
}

80
2008/4xxx/CVE-2008-4341.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4341",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4341",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin."
"lang": "eng",
"value": "add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass authentication and gain administrative access by setting a cookie with admin=yes and login=admin."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6531",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6531"
"name": "ADV-2008-2654",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2654"
},
{
"name" : "31311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31311"
"name": "31311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31311"
},
{
"name" : "ADV-2008-2654",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2654"
"name": "myblog-add-cookie-auth-bypass(45576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45576"
},
{
"name" : "myblog-add-cookie-auth-bypass(45576)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45576"
"name": "6531",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6531"
}
]
}

140
2008/4xxx/CVE-2008-4478.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4478",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4478",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow."
"lang": "eng",
"value": "Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081008 ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497163/100/0/threaded"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-065",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-065"
},
{
"name" : "20081008 ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497165/100/0/threaded"
"name": "4406",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4406"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-063",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-063"
"name": "novell-edirectory-httpcontentlength-dos(45628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45628"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-065",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-065"
"name": "1020989",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020989"
},
{
"name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953"
"name": "ADV-2008-2738",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2738"
},
{
"name" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953"
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html"
},
{
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html"
"name": "32111",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32111"
},
{
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-063",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-063"
},
{
"name" : "ADV-2008-2738",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2738"
"name": "20081008 ZDI-08-063: Novell eDirectory dhost.exe Content-Length Header Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497163/100/0/threaded"
},
{
"name" : "1020990",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020990"
"name": "20081008 ZDI-08-065: Novell eDirectory Core Protocol Opcode 0x0F Heap Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497165/100/0/threaded"
},
{
"name" : "1020989",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020989"
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html"
},
{
"name" : "32111",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32111"
"name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7000087&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953"
},
{
"name" : "4406",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4406"
"name": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7001184&sliceId=1&docTypeID=DT_TID_1_1&dialogID=78066829&stateId=0%200%2078062953"
},
{
"name" : "novell-edirectory-httpcontentlength-dos(45628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45628"
"name": "1020990",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020990"
}
]
}

92
2008/4xxx/CVE-2008-4769.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4769",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4769",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information."
"lang": "eng",
"value": "Directory traversal vulnerability in the get_category_template function in wp-includes/theme.php in WordPress 2.3.3 and earlier, and 2.5, allows remote attackers to include and possibly execute arbitrary PHP files via the cat parameter in index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://trac.wordpress.org/changeset/7586",
"refsource" : "MISC",
"url" : "http://trac.wordpress.org/changeset/7586"
"name": "wordpress-cat-directory-traversal(41920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41920"
},
{
"name" : "http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html",
"refsource" : "MISC",
"url" : "http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html"
"name": "http://trac.wordpress.org/changeset/7586",
"refsource": "MISC",
"url": "http://trac.wordpress.org/changeset/7586"
},
{
"name" : "DSA-1871",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1871"
"name": "28845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28845"
},
{
"name" : "28845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28845"
"name": "DSA-1871",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1871"
},
{
"name" : "29949",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29949"
"name": "29949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29949"
},
{
"name" : "wordpress-cat-directory-traversal(41920)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41920"
"name": "http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html",
"refsource": "MISC",
"url": "http://www.juniper.fi/security/auto/vulnerabilities/vuln28845.html"
}
]
}

80
2008/4xxx/CVE-2008-4774.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4774",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4774",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6853",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6853"
"name": "6853",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6853"
},
{
"name" : "31945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31945"
"name": "4523",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4523"
},
{
"name" : "4523",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4523"
"name": "31945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31945"
},
{
"name" : "questcms-main-xss(46149)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46149"
"name": "questcms-main-xss(46149)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46149"
}
]
}

98
2008/4xxx/CVE-2008-4978.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4978",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4978",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts."
"lang": "eng",
"value": "radiance 3R9+20080530 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/opt.fmt, (b) /tmp/out#####.fmt, (c) /tmp/tf#####.dat, (d) /tmp/gsf#####, (e) /tmp/sc#####.sh, (f) /tmp/il#####.pic, (g) /tmp/tl#####.pic, (h) /tmp/ds#####.pic, (i) /tmp/tfa#####, and (j) /tmp/sed##### temporary files, related to the (1) optics2rad, (2) pdelta, (3) dayfact, and (4) raddepend scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2"
"name": "30953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30953"
},
{
"name" : "http://uvw.ru/report.lenny.txt",
"refsource" : "MISC",
"url" : "http://uvw.ru/report.lenny.txt"
"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
},
{
"name" : "http://bugs.debian.org/496433",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/496433"
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/radiance",
"refsource" : "CONFIRM",
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/radiance"
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770"
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/radiance",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/radiance"
},
{
"name" : "30953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30953"
"name": "radiance-multiple-scripts-symlink(44846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44846"
},
{
"name" : "radiance-multiple-scripts-symlink(44846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44846"
"name": "http://bugs.debian.org/496433",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496433"
}
]
}

22
2013/2xxx/CVE-2013-2108.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2108",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2108",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2013/2xxx/CVE-2013-2179.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2179",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2179",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the \"!\" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode."
"lang": "eng",
"value": "X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by attempting to log into an account whose password field contains invalid characters, as demonstrated using the crypt function from glibc 2.17 and later with (1) the \"!\" character in the salt portion of a password field or (2) a password that has been encrypted using DES or MD5 in FIPS-140 mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130613 Re: CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/13/8"
"name": "openSUSE-SU-2013:1117",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00002.html"
},
{
"name" : "http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117"
"name": "[oss-security] 20130613 Re: CVE request for possible NULL ptr deref in XDM when using crypt() from glibc 2.17+",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/13/8"
},
{
"name" : "https://bugs.mageia.org/show_bug.cgi?id=10682",
"refsource" : "CONFIRM",
"url" : "https://bugs.mageia.org/show_bug.cgi?id=10682"
"name": "https://bugs.mageia.org/show_bug.cgi?id=10682",
"refsource": "CONFIRM",
"url": "https://bugs.mageia.org/show_bug.cgi?id=10682"
},
{
"name" : "openSUSE-SU-2013:1117",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-07/msg00002.html"
"name": "http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/xorg/app/xdm/commit/?id=8d1eb5c74413e4c9a21f689fc106949b121c0117"
}
]
}

68
2013/2xxx/CVE-2013-2181.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2181",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2181",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://bugs.monkey-project.com/ticket/185",
"refsource" : "MISC",
"url" : "http://bugs.monkey-project.com/ticket/185"
"name": "http://bugs.monkey-project.com/ticket/185",
"refsource": "MISC",
"url": "http://bugs.monkey-project.com/ticket/185"
},
{
"name" : "1028670",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028670"
"name": "1028670",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028670"
}
]
}

62
2013/2xxx/CVE-2013-2580.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2580",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2580",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory."
"lang": "eng",
"value": "Unrestricted file upload vulnerability in cgi-bin/uploadfile in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6, allows remote attackers to upload arbitrary files, then accessing it via a direct request to the file in the mnt/mtd directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"
"name": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras",
"refsource": "MISC",
"url": "http://www.coresecurity.com/advisories/multiple-vulnerabilities-tp-link-tl-sc3171-ip-cameras"
}
]
}

74
2013/3xxx/CVE-2013-3161.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3161",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2013-3161",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3143."
"lang": "eng",
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3143."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS13-055",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
"name": "oval:org.mitre.oval:def:17301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17301"
},
{
"name" : "TA13-190A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A"
"name": "MS13-055",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055"
},
{
"name" : "oval:org.mitre.oval:def:17301",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17301"
"name": "TA13-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-190A"
}
]
}

122
2013/3xxx/CVE-2013-3228.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3228",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3228",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."
"lang": "eng",
"value": "The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[linux-kernel] 20130414 Linux 3.9-rc7",
"refsource" : "MLIST",
"url" : "https://lkml.org/lkml/2013/4/14/107"
"name": "openSUSE-SU-2013:1187",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
},
{
"name" : "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/14/3"
"name": "FEDORA-2013-6537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ae94c0d2f0bed41d6718be743985d61b7f5c47d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ae94c0d2f0bed41d6718be743985d61b7f5c47d"
"name": "MDVSA-2013:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
},
{
"name" : "https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d"
"name": "FEDORA-2013-6999",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
},
{
"name" : "FEDORA-2013-6537",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/103750.html"
"name": "USN-1837-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1837-1"
},
{
"name" : "FEDORA-2013-6999",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104480.html"
"name": "[linux-kernel] 20130414 Linux 3.9-rc7",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2013/4/14/107"
},
{
"name" : "MDVSA-2013:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"
"name": "[oss-security] 20130414 Linux kernel: more net info leak fixes for v3.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/14/3"
},
{
"name" : "openSUSE-SU-2013:1187",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00018.html"
"name": "openSUSE-SU-2013:1971",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
},
{
"name" : "openSUSE-SU-2013:1971",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"name": "https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/5ae94c0d2f0bed41d6718be743985d61b7f5c47d"
},
{
"name" : "SUSE-SU-2013:1182",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
"name": "SUSE-SU-2013:1182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00016.html"
},
{
"name" : "USN-1837-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1837-1"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ae94c0d2f0bed41d6718be743985d61b7f5c47d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=5ae94c0d2f0bed41d6718be743985d61b7f5c47d"
}
]
}

62
2013/3xxx/CVE-2013-3832.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3832",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3832",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System Management."
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel Server Remote component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to File System Management."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
]
}

62
2013/3xxx/CVE-2013-3958.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3958",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-3958",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request."
"lang": "eng",
"value": "The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-345843.pdf"
}
]
}

86
2013/3xxx/CVE-2013-3979.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3979",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-3979",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\\Content\\Help\\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\\Content\\Help\\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21643067",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21643067"
"name": "1028829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028829"
},
{
"name" : "61419",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/61419"
"name": "cognoscc-cve20133979-xss(84904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84904"
},
{
"name" : "1028829",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028829"
"name": "61419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/61419"
},
{
"name" : "54286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54286"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21643067",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21643067"
},
{
"name" : "cognoscc-cve20133979-xss(84904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84904"
"name": "54286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54286"
}
]
}

74
2013/4xxx/CVE-2013-4524.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4524",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4524",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path."
"lang": "eng",
"value": "Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20131125 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/11/25/1"
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807"
"name": "[oss-security] 20131125 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/11/25/1"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=244481",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=244481"
"name": "https://moodle.org/mod/forum/discuss.php?d=244481",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=244481"
}
]
}

62
2013/4xxx/CVE-2013-4889.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4889",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4889",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html",
"refsource" : "MISC",
"url" : "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html"
"name": "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html"
}
]
}

22
2013/6xxx/CVE-2013-6405.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6405",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6405",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281. Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281. Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, CVE-2013-7281. Reason: This candidate is a duplicate of CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and CVE-2013-7281. Notes: All CVE users should reference CVE-2013-7263, CVE-2013-7264, CVE-2013-7265, and/or CVE-2013-7281 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

22
2013/6xxx/CVE-2013-6529.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6529",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6529",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6531.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6531",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6531",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6577.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6577",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6577",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

80
2013/6xxx/CVE-2013-6729.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6729",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-6729",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667388",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21667388"
"name": "ibm-quickfile-cve20136729-xss(89284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89284"
},
{
"name" : "IC98112",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98112"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21667388",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21667388"
},
{
"name" : "66246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/66246"
"name": "IC98112",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC98112"
},
{
"name" : "ibm-quickfile-cve20136729-xss(89284)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89284"
"name": "66246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66246"
}
]
}

22
2013/7xxx/CVE-2013-7164.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7164",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-7164",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

76
2017/10xxx/CVE-2017-10338.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10338",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10338",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PeopleSoft Enterprise PRTL Interaction Hub",
"version" : {
"version_data" : [
"product_name": "PeopleSoft Enterprise PRTL Interaction Hub",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "9.1.00"
"version_affected": "=",
"version_value": "9.1.00"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Enterprise Portal). The supported version that is affected is 9.1.00. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "1039598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039598"
},
{
"name" : "101464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101464"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039598",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039598"
"name": "101464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101464"
}
]
}

80
2017/10xxx/CVE-2017-10369.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10369",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10369",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Oracle Virtual Directory",
"version" : {
"version_data" : [
"product_name": "Oracle Virtual Directory",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "11.1.1.7.0"
"version_affected": "=",
"version_value": "11.1.1.7.0"
},
{
"version_affected" : "=",
"version_value" : "11.1.1.9.0"
"version_affected": "=",
"version_value": "11.1.1.9.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Virtual Directory component of Oracle Fusion Middleware (subcomponent: Virtual Directory Server). Supported versions that are affected are 11.1.1.7.0 and 11.1.1.9.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Virtual Directory. Successful attacks of this vulnerability can result in takeover of Oracle Virtual Directory."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "1039602",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039602"
},
{
"name" : "101301",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101301"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "1039602",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039602"
"name": "101301",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101301"
}
]
}

22
2017/10xxx/CVE-2017-10513.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10513",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10513",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

88
2017/10xxx/CVE-2017-10829.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10829",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10829",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Remote Support Tool (Enkaku Support Tool)",
"version" : {
"version_data" : [
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value" : "All versions distributed through the website till 2017 August 10"
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
},
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Remote Support Tool (Enkaku Support Tool)",
"version" : {
"version_data" : [
"product_name": "Remote Support Tool (Enkaku Support Tool)",
"version": {
"version_data": [
{
"version_value" : "All versions distributed through the website till 2017 August 10"
"version_value": "All versions distributed through the website till 2017 August 10"
}
]
}
}
]
},
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
"lang": "eng",
"value": "Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://flets.com/osa/remote/pc_tool.html",
"refsource" : "MISC",
"url" : "https://flets.com/osa/remote/pc_tool.html"
"name": "JVN#26115441",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26115441/index.html"
},
{
"name" : "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource" : "CONFIRM",
"url" : "http://flets-w.com/topics/remote_support_vulnerability/"
"name": "http://flets-w.com/topics/remote_support_vulnerability/",
"refsource": "CONFIRM",
"url": "http://flets-w.com/topics/remote_support_vulnerability/"
},
{
"name" : "JVN#26115441",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN26115441/index.html"
"name": "https://flets.com/osa/remote/pc_tool.html",
"refsource": "MISC",
"url": "https://flets.com/osa/remote/pc_tool.html"
}
]
}

62
2017/10xxx/CVE-2017-10839.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10839",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10839",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "SEO Panel",
"version" : {
"version_data" : [
"product_name": "SEO Panel",
"version": {
"version_data": [
{
"version_value" : "prior to version 3.11.0"
"version_value": "prior to version 3.11.0"
}
]
}
}
]
},
"vendor_name" : "SEO Panel"
"vendor_name": "SEO Panel"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
"lang": "eng",
"value": "SQL injection vulnerability in the SEO Panel prior to version 3.11.0 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "SQL Injection"
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "JVN#39628662",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN39628662/index.html"
"name": "JVN#39628662",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN39628662/index.html"
}
]
}

80
2017/10xxx/CVE-2017-10896.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10896",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10896",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "BBR-4HG",
"version" : {
"version_data" : [
"product_name": "BBR-4HG",
"version": {
"version_data": [
{
"version_value" : "firmware 1.00 to 1.48"
"version_value": "firmware 1.00 to 1.48"
},
{
"version_value" : "firmware 2.00 to 2.07"
"version_value": "firmware 2.00 to 2.07"
}
]
}
},
{
"product_name" : "BBR-4MG",
"version" : {
"version_data" : [
"product_name": "BBR-4MG",
"version": {
"version_data": [
{
"version_value" : "firmware 1.00 to 1.48"
"version_value": "firmware 1.00 to 1.48"
},
{
"version_value" : "firmware 2.00 to 2.07"
"version_value": "firmware 2.00 to 2.07"
}
]
}
}
]
},
"vendor_name" : "BUFFALO INC."
"vendor_name": "BUFFALO INC."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG broadband routers with firmware 1.00 to 1.48 and 2.00 to 2.07 allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-site scripting"
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://buffalo.jp/support_s/s20171201.html",
"refsource" : "CONFIRM",
"url" : "http://buffalo.jp/support_s/s20171201.html"
"name": "JVN#65994435",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN65994435/index.html"
},
{
"name" : "JVN#65994435",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN65994435/index.html"
"name": "http://buffalo.jp/support_s/s20171201.html",
"refsource": "CONFIRM",
"url": "http://buffalo.jp/support_s/s20171201.html"
}
]
}

98
2017/13xxx/CVE-2017-13012.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13012",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13012",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print()."
"lang": "eng",
"value": "The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in print-icmp.c:icmp_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b"
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/8509ef02eceb2bbb479cea10fe4a7ec6395f1a8b"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}

128
2017/13xxx/CVE-2017-13098.json
View File

@ -1,108 +1,108 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cert@cert.org",
"DATE_PUBLIC" : "2017-12-12T00:00:00.000Z",
"ID" : "CVE-2017-13098",
"STATE" : "PUBLIC",
"TITLE" : "BouncyCastle JCE TLS Bleichenbacher/ROBOT"
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2017-12-12T00:00:00.000Z",
"ID": "CVE-2017-13098",
"STATE": "PUBLIC",
"TITLE": "BouncyCastle JCE TLS Bleichenbacher/ROBOT"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "BouncyCastle TLS",
"version" : {
"version_data" : [
"product_name": "BouncyCastle TLS",
"version": {
"version_data": [
{
"platform" : "all",
"version_value" : "<1.0.3"
"platform": "all",
"version_value": "<1.0.3"
}
]
}
}
]
},
"vendor_name" : "Legion of the Bouncy Castle"
"vendor_name": "Legion of the Bouncy Castle"
}
]
}
},
"credit" : [
"credit": [
""
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\""
"lang": "eng",
"value": "BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\""
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-203"
"lang": "eng",
"value": "CWE-203"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://robotattack.org/",
"refsource" : "MISC",
"url" : "https://robotattack.org/"
"name": "https://robotattack.org/",
"refsource": "MISC",
"url": "https://robotattack.org/"
},
{
"name" : "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
"name": "102195",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102195"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20171222-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20171222-0001/"
"name": "VU#144389",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/144389"
},
{
"name" : "DSA-4072",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4072"
"name": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c",
"refsource": "CONFIRM",
"url": "https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c"
},
{
"name" : "VU#144389",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/144389"
"name": "https://security.netapp.com/advisory/ntap-20171222-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171222-0001/"
},
{
"name" : "102195",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102195"
"name": "DSA-4072",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4072"
}
]
}

72
2017/13xxx/CVE-2017-13265.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-13265",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-13265",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "7.1.1"
"version_value": "7.1.1"
},
{
"version_value" : "7.1.2"
"version_value": "7.1.2"
},
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.1"
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423."
"lang": "eng",
"value": "A elevation of privilege vulnerability in the Android system (OTA updates). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-36232423."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of privilege"
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01"
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}

68
2017/13xxx/CVE-2017-13729.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13729",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13729",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack."
"lang": "eng",
"value": "There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484276",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1484276"
"name": "GLSA-201804-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-13"
},
{
"name" : "GLSA-201804-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-13"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1484276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1484276"
}
]
}

62
2017/17xxx/CVE-2017-17162.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17162",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17162",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Secospace USG6600, Secospace USG6600, Secospace USG6600, USG9500, USG9500, USG9500",
"version" : {
"version_data" : [
"product_name": "Secospace USG6600, Secospace USG6600, Secospace USG6600, USG9500, USG9500, USG9500",
"version": {
"version_data": [
{
"version_value" : "Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300"
"version_value": "Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions."
"lang": "eng",
"value": "Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 V500R001C30SPC200, Secospace USG6600 V500R001C30SPC300, USG9500 V500R001C30SPC100, USG9500 V500R001C30SPC200, USG9500 V500R001C30SPC300 have a memory leak vulnerability due to memory don't be released when an local authenticated attacker execute special commands many times. An attacker could exploit it to cause memory leak, which may further lead to system exceptions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "memory leak"
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171213-02-firewall-en"
}
]
}

94
2017/17xxx/CVE-2017-17170.json
View File

@ -1,109 +1,109 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17170",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17170",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "DP300",
"version" : {
"version_data" : [
"product_name": "DP300",
"version": {
"version_data": [
{
"version_value" : "V500R002C00"
"version_value": "V500R002C00"
},
{
"version_value" : "V500R002C00B010"
"version_value": "V500R002C00B010"
},
{
"version_value" : "V500R002C00B011"
"version_value": "V500R002C00B011"
},
{
"version_value" : "V500R002C00B012"
"version_value": "V500R002C00B012"
},
{
"version_value" : "V500R002C00B013"
"version_value": "V500R002C00B013"
},
{
"version_value" : "V500R002C00B014"
"version_value": "V500R002C00B014"
},
{
"version_value" : "V500R002C00B017"
"version_value": "V500R002C00B017"
},
{
"version_value" : "V500R002C00B018"
"version_value": "V500R002C00B018"
},
{
"version_value" : "V500R002C00SPC100"
"version_value": "V500R002C00SPC100"
},
{
"version_value" : "V500R002C00SPC200"
"version_value": "V500R002C00SPC200"
},
{
"version_value" : "V500R002C00SPC300"
"version_value": "V500R002C00SPC300"
},
{
"version_value" : "V500R002C00SPC400"
"version_value": "V500R002C00SPC400"
},
{
"version_value" : "V500R002C00SPC500"
"version_value": "V500R002C00SPC500"
},
{
"version_value" : "V500R002C00SPC600"
"version_value": "V500R002C00SPC600"
},
{
"version_value" : "V500R002C00SPC800"
"version_value": "V500R002C00SPC800"
},
{
"version_value" : "V500R002C00SPC900"
"version_value": "V500R002C00SPC900"
},
{
"version_value" : "V500R002C00SPCa00"
"version_value": "V500R002C00SPCa00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
"lang": "eng",
"value": "The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; V500R002C00B012; V500R002C00B013; V500R002C00B014; V500R002C00B017; V500R002C00B018; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00 has an input validation vulnerability due to insufficient validation of specific messages when the protocol is implemented. An authenticated remote attacker could send a malicious message to a target system. Successful exploit could allow the attacker to tamper with business and make the system abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "input validation"
"lang": "eng",
"value": "input validation"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171220-02-cidam-en"
}
]
}

62
2017/17xxx/CVE-2017-17329.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-17329",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-17329",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ViewPoint 8660",
"version" : {
"version_data" : [
"product_name": "ViewPoint 8660",
"version": {
"version_data": [
{
"version_value" : "V100R008C03"
"version_value": "V100R008C03"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory."
"lang": "eng",
"value": "Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. The software does not release allocated memory properly when parse XML Schema data. An authenticated attacker could upload a crafted XML file, successful exploit could cause the system service abnormal since run out of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "memory leak"
"lang": "eng",
"value": "memory leak"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en"
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-03-xml-en"
}
]
}

62
2017/17xxx/CVE-2017-17950.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17950",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17950",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter."
"lang": "eng",
"value": "Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md",
"refsource" : "MISC",
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md"
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/cell.md"
}
]
}

62
2017/9xxx/CVE-2017-9219.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9219",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9219",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file."
"lang": "eng",
"value": "The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 (FAAD2) 2.7 allows remote attackers to cause a denial of service (memory allocation error and application crash) via a crafted mp4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://seclists.org/fulldisclosure/2017/Jun/32",
"refsource" : "MISC",
"url" : "http://seclists.org/fulldisclosure/2017/Jun/32"
"name": "http://seclists.org/fulldisclosure/2017/Jun/32",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jun/32"
}
]
}

62
2017/9xxx/CVE-2017-9415.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9415",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9415",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view."
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "42117",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42117/"
"name": "42117",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42117/"
}
]
}

62
2017/9xxx/CVE-2017-9594.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9594",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9594",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The \"SVB Mobile\" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The \"SVB Mobile\" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}

74
2017/9xxx/CVE-2017-9990.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9990",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9990",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
"lang": "eng",
"value": "Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466"
"name": "https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879"
},
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879",
"refsource" : "MISC",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879"
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1466"
},
{
"name" : "99313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99313"
"name": "99313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99313"
}
]
}

140
2018/0xxx/CVE-2018-0666.json
View File

@ -1,150 +1,150 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0666",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0666",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Yamaha Broadband VoIP Router RT57i",
"version" : {
"version_data" : [
"product_name": "Yamaha Broadband VoIP Router RT57i",
"version": {
"version_data": [
{
"version_value" : "Rev.8.00.95 and earlier"
"version_value": "Rev.8.00.95 and earlier"
}
]
}
},
{
"product_name" : "Yamaha Broadband VoIP Router RT58i",
"version" : {
"version_data" : [
"product_name": "Yamaha Broadband VoIP Router RT58i",
"version": {
"version_data": [
{
"version_value" : "Rev.9.01.51 and earlier"
"version_value": "Rev.9.01.51 and earlier"
}
]
}
},
{
"product_name" : "Yamaha Broadband VoIP Router NVR500",
"version" : {
"version_data" : [
"product_name": "Yamaha Broadband VoIP Router NVR500",
"version": {
"version_data": [
{
"version_value" : "Rev.11.00.36 and earlier"
"version_value": "Rev.11.00.36 and earlier"
}
]
}
},
{
"product_name" : "Yamaha Gigabit VPN Router RTX810",
"version" : {
"version_data" : [
"product_name": "Yamaha Gigabit VPN Router RTX810",
"version": {
"version_data": [
{
"version_value" : "Rev.11.01.31 and earlier"
"version_value": "Rev.11.01.31 and earlier"
}
]
}
},
{
"product_name" : "Yamaha Firewall FWX120",
"version" : {
"version_data" : [
"product_name": "Yamaha Firewall FWX120",
"version": {
"version_data": [
{
"version_value" : "Rev.11.03.25 and earlier"
"version_value": "Rev.11.03.25 and earlier"
}
]
}
}
]
},
"vendor_name" : "Yamaha Corporation"
"vendor_name": "Yamaha Corporation"
},
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Biz Box Router N58i, N500, NVR500, and RTX810",
"version" : {
"version_data" : [
"product_name": "Biz Box Router N58i, N500, NVR500, and RTX810",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION"
},
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Biz Box Router N58i, and N500",
"version" : {
"version_data" : [
"product_name": "Biz Box Router N58i, and N500",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
"vendor_name": "NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665."
"lang": "eng",
"value": "Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be executed on another administrative user's web browser. This is a different vulnerability from CVE-2018-0665."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Script Injection"
"lang": "eng",
"value": "Script Injection"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource" : "MISC",
"url" : "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
"name": "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource": "MISC",
"url": "https://flets-w.com/solution/kiki_info/info/180829.html"
},
{
"name" : "https://flets-w.com/solution/kiki_info/info/180829.html",
"refsource" : "MISC",
"url" : "https://flets-w.com/solution/kiki_info/info/180829.html"
"name": "JVN#69967692",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN69967692/index.html"
},
{
"name" : "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource" : "MISC",
"url" : "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
"name": "https://web116.jp/ced/support/news/contents/2018/20180829b.html",
"refsource": "MISC",
"url": "https://web116.jp/ced/support/news/contents/2018/20180829b.html"
},
{
"name" : "JVN#69967692",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN69967692/index.html"
"name": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html",
"refsource": "MISC",
"url": "http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVN69967692.html"
}
]
}

76
2018/0xxx/CVE-2018-0768.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00",
"ID" : "CVE-2018-0768",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-03T00:00:00",
"ID": "CVE-2018-0768",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Windows 10 1709"
"version_value": "Windows 10 1709"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
"lang": "eng",
"value": "Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0768"
},
{
"name" : "102395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102395"
"name": "1040100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040100"
},
{
"name" : "1040100",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040100"
"name": "102395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102395"
}
]
}

76
2018/0xxx/CVE-2018-0799.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-09T00:00:00",
"ID" : "CVE-2018-0799",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-09T00:00:00",
"ID": "CVE-2018-0799",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Access",
"version" : {
"version_data" : [
"product_name": "Microsoft Access",
"version": {
"version_data": [
{
"version_value" : "Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016"
"version_value": "Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka \"Microsoft Access Tampering Vulnerability\"."
"lang": "eng",
"value": "Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and Microsoft SharePoint Enterprise Server 2016 allows a cross-site-scripting (XSS) vulnerability due to the way image field values are handled, aka \"Microsoft Access Tampering Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Tampering"
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0799"
},
{
"name" : "102411",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102411"
"name": "102411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102411"
},
{
"name" : "1040157",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040157"
"name": "1040157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040157"
}
]
}

76
2018/0xxx/CVE-2018-0814.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0814",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0814",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows kernel",
"version" : {
"version_data" : [
"product_name": "Windows kernel",
"version": {
"version_data": [
{
"version_value" : "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709"
"version_value": "Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926."
"lang": "eng",
"value": "The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka \"Windows Kernel Information Disclosure Vulnerability\". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814"
"name": "103251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103251"
},
{
"name" : "103251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103251"
"name": "1040517",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040517"
},
{
"name" : "1040517",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040517"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814"
}
]
}

74
2018/1000xxx/CVE-2018-1000615.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-08T15:52:41.193067",
"DATE_REQUESTED" : "2018-06-28T02:58:34",
"ID" : "CVE-2018-1000615",
"REQUESTER" : "f3i@t00ls.net",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-08T15:52:41.193067",
"DATE_REQUESTED": "2018-06-28T02:58:34",
"ID": "CVE-2018-1000615",
"REQUESTER": "f3i@t00ls.net",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ONOS Controller",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "1.13.1 and earlier"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "ONOS"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.."
"lang": "eng",
"value": "ONOS ONOS Controller version 1.13.1 and earlier contains a Denial of Service (Service crash) vulnerability in OVSDB component in ONOS that can result in An adversary can remotely crash OVSDB service ONOS controller via a normal switch.. This attack appear to be exploitable via the attacker should be able to control or forge a switch in the network.."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service (Service crash)"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://gms.cl0udz.com/OVSDB_DOS.pdf",
"refsource" : "MISC",
"url" : "http://gms.cl0udz.com/OVSDB_DOS.pdf"
"name": "http://gms.cl0udz.com/OVSDB_DOS.pdf",
"refsource": "MISC",
"url": "http://gms.cl0udz.com/OVSDB_DOS.pdf"
},
{
"name" : "https://gerrit.onosproject.org/#/c/18926/",
"refsource" : "CONFIRM",
"url" : "https://gerrit.onosproject.org/#/c/18926/"
"name": "https://gerrit.onosproject.org/#/c/18926/",
"refsource": "CONFIRM",
"url": "https://gerrit.onosproject.org/#/c/18926/"
}
]
}

74
2018/18xxx/CVE-2018-18309.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18309",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18309",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking."
"lang": "eng",
"value": "An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service, as demonstrated by objdump, because of missing _bfd_clear_contents bounds checking."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23770",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=23770"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=23770",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=23770"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f",
"refsource" : "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f"
"name": "105692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105692"
},
{
"name" : "105692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105692"
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0930cb3021b8078b34cf216e79eb8608d017864f"
}
]
}

22
2018/18xxx/CVE-2018-18670.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18670",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18670",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/19xxx/CVE-2018-19185.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19185",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19185",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector."
"lang": "eng",
"value": "An issue has been found in libIEC61850 v1.3. It is a heap-based buffer overflow in BerEncoder_encodeOctetString in mms/asn1/ber_encoder.c. This is exploitable even after CVE-2018-18834 has been patched, with a different dataSetValue sequence than the CVE-2018-18834 attack vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring",
"refsource" : "MISC",
"url" : "https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring"
"name": "https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring",
"refsource": "MISC",
"url": "https://github.com/fouzhe/security/tree/master/libiec61850#another-heap-buffer-overflow-in-function-berencoder_encodeoctetstring"
},
{
"name" : "https://github.com/mz-automation/libiec61850/issues/87",
"refsource" : "MISC",
"url" : "https://github.com/mz-automation/libiec61850/issues/87"
"name": "https://github.com/mz-automation/libiec61850/issues/87",
"refsource": "MISC",
"url": "https://github.com/mz-automation/libiec61850/issues/87"
}
]
}

22
2018/19xxx/CVE-2018-19387.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19387",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-19387",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}

22
2018/19xxx/CVE-2018-19462.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19462",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19462",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/19xxx/CVE-2018-19464.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19464",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19464",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\\default\\common\\footer.htm mishandles statcode field from third-party stats code."
"lang": "eng",
"value": "Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\\default\\common\\footer.htm mishandles statcode field from third-party stats code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/novysodope/Discuz-X3.4/blob/master/XSS",
"refsource" : "MISC",
"url" : "https://github.com/novysodope/Discuz-X3.4/blob/master/XSS"
"name": "https://github.com/novysodope/Discuz-X3.4/blob/master/XSS",
"refsource": "MISC",
"url": "https://github.com/novysodope/Discuz-X3.4/blob/master/XSS"
}
]
}

76
2018/1xxx/CVE-2018-1290.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-04-19T00:00:00",
"ID" : "CVE-2018-1290",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-04-19T00:00:00",
"ID": "CVE-2018-1290",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache Fineract",
"version" : {
"version_data" : [
"product_name": "Apache Fineract",
"version": {
"version_data": [
{
"version_value" : "1.0.0"
"version_value": "1.0.0"
},
{
"version_value" : "0.6.0-incubating"
"version_value": "0.6.0-incubating"
},
{
"version_value" : "0.5.0-incubating"
"version_value": "0.5.0-incubating"
},
{
"version_value" : "0.4.0-incubating"
"version_value": "0.4.0-incubating"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class."
"lang": "eng",
"value": "In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, 0.4.0-incubating, Using a single quotation escape with two continuous SQL parameters can cause a SQL injection. This could be done in Methods like retrieveAuditEntries of AuditsApiResource Class and retrieveCommands of MakercheckersApiResource Class."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[dev] 20180419 [SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/69cc2b54b32f0936f40dc9be41f41fe1566710a75edbe2eb0a948ae4@%3Cdev.fineract.apache.org%3E"
"name": "[dev] 20180419 [SECURITY] CVE-2018-1290: Apache Fineract SQL Injection Vulnerability - Single quotation escape caused by two continuous SQL parameters",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/69cc2b54b32f0936f40dc9be41f41fe1566710a75edbe2eb0a948ae4@%3Cdev.fineract.apache.org%3E"
},
{
"name" : "103975",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103975"
"name": "103975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103975"
}
]
}

22
2018/1xxx/CVE-2018-1328.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1328",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1328",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/1xxx/CVE-2018-1894.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1894",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1894",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}