admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:53:30 +00:00
parent 6ab07d9892
commit 274bef2ee1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 3903 additions and 3903 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2001/0xxx/CVE-2001-0023.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0023",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0023",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter."
"lang": "eng",
"value": "everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20001211 Insecure input validation in everythingform.cgi (remote command execution)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html"
"name": "20001211 Insecure input validation in everythingform.cgi (remote command execution)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0137.html"
},
{
"name" : "2101",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2101"
"name": "2101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2101"
},
{
"name" : "http-cgi-everythingform(5736)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5736"
"name": "http-cgi-everythingform(5736)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5736"
}
]
}

68
2001/0xxx/CVE-2001-0610.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0610",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0610",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp."
"lang": "eng",
"value": "kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010418 Insecure directory handling in KFM file manager ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html"
"name": "kfm-tmpfile-symlink(6428)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6428"
},
{
"name" : "kfm-tmpfile-symlink(6428)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6428"
"refsource": "BUGTRAQ",
"name": "20010418 Insecure directory handling in KFM file manager",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0336.html"
}
]
}

80
2001/0xxx/CVE-2001-0631.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0631",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0631",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users."
"lang": "eng",
"value": "Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010221 FirstClass Internetgateway \"stupidity\"",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html"
"name": "20010226 Re: [Fwd: FirstClass Internetgateway \"stupidity\"]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html"
},
{
"name" : "20010226 Re: [Fwd: FirstClass Internetgateway \"stupidity\"]",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html"
"name": "20010221 FirstClass Internetgateway \"stupidity\"",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html"
},
{
"name" : "centrinity-firstclass-email-spoofing(6192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6192"
"name": "2423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2423"
},
{
"name" : "2423",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2423"
"name": "centrinity-firstclass-email-spoofing(6192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6192"
}
]
}

62
2001/0xxx/CVE-2001-0694.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0694",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0694",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command."
"lang": "eng",
"value": "Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote attacker to view arbitrary files via a dot dot attack in the CD command."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS",
"refsource" : "VULN-DEV",
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html"
"name": "20010525 WFTPD 32-bit (X86) 3.00 R5 Directory Traversal / Buffer Overflow / DoS",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html"
}
]
}

74
2001/0xxx/CVE-2001-0767.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-0767",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0767",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET."
"lang": "eng",
"value": "Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers to list or read arbitrary files and directories via a .. in (1) LS or (2) GET."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption ",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html"
"name": "http://www.nitrolic.com/",
"refsource": "MISC",
"url": "http://www.nitrolic.com/"
},
{
"name" : "http://www.nitrolic.com/",
"refsource" : "MISC",
"url" : "http://www.nitrolic.com/"
"name": "2789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2789"
},
{
"name" : "2789",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2789"
"refsource": "BUGTRAQ",
"name": "20010526 GuildFTPD v0.97 Directory Traversal / Weak password encryption",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html"
}
]
}

80
2001/1xxx/CVE-2001-1459.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1459",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1459",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d."
"lang": "eng",
"value": "OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20010619 pam session",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=99324968918628&w=2"
"name": "2917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2917"
},
{
"name" : "VU#797027",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/797027"
"name": "VU#797027",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/797027"
},
{
"name" : "2917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2917"
"name": "20010619 pam session",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=99324968918628&w=2"
},
{
"name" : "openssh-rsh-bypass-pam(6757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
"name": "openssh-rsh-bypass-pam(6757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6757"
}
]
}

74
2001/1xxx/CVE-2001-1483.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2001-1483",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1483",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist."
"lang": "eng",
"value": "One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20011115 Re: OpenSSH & S/Key information leakage",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu"
"name": "opie-verify-accounts(7572)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
},
{
"name" : "opie-verify-accounts(7572)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7572"
"name": "20011115 Re: OpenSSH & S/Key information leakage",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/20011115221226.7C93E186B0@atlas.dgp.toronto.edu"
},
{
"name" : "3549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3549"
"name": "3549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3549"
}
]
}

140
2006/2xxx/CVE-2006-2452.json
View File

@ -1,126 +1,126 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2452",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-2452",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
"lang": "eng",
"value": "GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the \"face browser\" feature is enabled, allows local users to access the \"Configure Login Manager\" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060608 rPSA-2006-0098-1 gdm",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/436428"
"name": "20532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20532"
},
{
"name" : "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
"name": "SUSE-SR:2006:013",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
},
{
"name" : "GLSA-200606-14",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
"name": "20627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20627"
},
{
"name" : "MDKSA-2006:100",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
"name": "ADV-2006-2239",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2239"
},
{
"name" : "SUSE-SR:2006:013",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jun/0003.html"
"name": "USN-293-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/293-1/"
},
{
"name" : "USN-293-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/293-1/"
"name": "20060608 rPSA-2006-0098-1 gdm",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/436428"
},
{
"name" : "18332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18332"
"name": "http://bugzilla.gnome.org/show_bug.cgi?id=343476",
"refsource": "CONFIRM",
"url": "http://bugzilla.gnome.org/show_bug.cgi?id=343476"
},
{
"name" : "ADV-2006-2239",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2239"
"name": "GLSA-200606-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200606-14.xml"
},
{
"name" : "20552",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20552"
"name": "18332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18332"
},
{
"name" : "20627",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20627"
"name": "20636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20636"
},
{
"name" : "20532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20532"
"name": "gdm-facebrowser-security-bypass(27018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
},
{
"name" : "20636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20636"
"name": "20587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20587"
},
{
"name" : "20587",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20587"
"name": "20552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20552"
},
{
"name" : "gdm-facebrowser-security-bypass(27018)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/27018"
"name": "MDKSA-2006:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:100"
}
]
}

110
2006/2xxx/CVE-2006-2746.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2746",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2746",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple \"p-themes\" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435283/100/0/threaded"
"name": "20060528 Advisory: F@cile Interactive Web <= 0.8x Multiple RemoteVulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435283/100/0/threaded"
},
{
"name" : "http://www.nukedx.com/?getxpl=35",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?getxpl=35"
"name": "http://www.nukedx.com/?viewdoc=35",
"refsource": "MISC",
"url": "http://www.nukedx.com/?viewdoc=35"
},
{
"name" : "http://www.nukedx.com/?viewdoc=35",
"refsource" : "MISC",
"url" : "http://www.nukedx.com/?viewdoc=35"
"name": "ADV-2006-2036",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2036"
},
{
"name" : "18151",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18151"
"name": "26105",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26105"
},
{
"name" : "ADV-2006-2036",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2036"
"name": "http://www.nukedx.com/?getxpl=35",
"refsource": "MISC",
"url": "http://www.nukedx.com/?getxpl=35"
},
{
"name" : "26104",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26104"
"name": "18151",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18151"
},
{
"name" : "26105",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/26105"
"name": "26104",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26104"
},
{
"name" : "20358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20358"
"name": "20358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20358"
},
{
"name" : "1010",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1010"
"name": "1010",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1010"
}
]
}

104
2006/2xxx/CVE-2006-2767.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2767",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2767",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php."
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "1854",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/1854"
"name": "18208",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18208"
},
{
"name" : "18208",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18208"
"name": "20399",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20399"
},
{
"name" : "ADV-2006-2073",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2073"
"name": "ADV-2006-2073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2073"
},
{
"name" : "25918",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25918"
"name": "1854",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/1854"
},
{
"name" : "25917",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25917"
"name": "25916",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25916"
},
{
"name" : "25916",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/25916"
"name": "25917",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25917"
},
{
"name" : "20399",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20399"
"name": "25918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25918"
},
{
"name" : "ottoman-defaultpath-file-include(26894)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26894"
"name": "ottoman-defaultpath-file-include(26894)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26894"
}
]
}

92
2006/2xxx/CVE-2006-2867.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2006-2867",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2867",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter."
"lang": "eng",
"value": "SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20060603 Critical SQL Injection in CoolForum",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/435862/100/0/threaded"
"name": "coolforum-editpost-sql-injection(26920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26920"
},
{
"name" : "http://mgsdl.free.fr/advisories/coolforum083ba.txt",
"refsource" : "MISC",
"url" : "http://mgsdl.free.fr/advisories/coolforum083ba.txt"
"name": "20060603 Critical SQL Injection in CoolForum",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/435862/100/0/threaded"
},
{
"name" : "18268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18268"
"name": "18268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18268"
},
{
"name" : "1016218",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1016218"
"name": "http://mgsdl.free.fr/advisories/coolforum083ba.txt",
"refsource": "MISC",
"url": "http://mgsdl.free.fr/advisories/coolforum083ba.txt"
},
{
"name" : "1052",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/1052"
"name": "1016218",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016218"
},
{
"name" : "coolforum-editpost-sql-injection(26920)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/26920"
"name": "1052",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1052"
}
]
}

92
2008/5xxx/CVE-2008-5194.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5194",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5194",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5964",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5964"
"name": "30004",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30004"
},
{
"name" : "30004",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30004"
"name": "5964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5964"
},
{
"name" : "30842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30842"
"name": "30842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30842"
},
{
"name" : "4622",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4622"
"name": "ADV-2008-1976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1976/references"
},
{
"name" : "ADV-2008-1976",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1976/references"
"name": "4622",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4622"
},
{
"name" : "onlinebooking-checkavail-sql-injection(43448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448"
"name": "onlinebooking-checkavail-sql-injection(43448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448"
}
]
}

80
2008/5xxx/CVE-2008-5201.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5201",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5201",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in OTManager CMS 24a allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conteudo parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5957",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5957"
"name": "4644",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4644"
},
{
"name" : "29992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29992"
"name": "29992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29992"
},
{
"name" : "4644",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4644"
"name": "otmanager-conteudo-file-include(43459)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43459"
},
{
"name" : "otmanager-conteudo-file-include(43459)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43459"
"name": "5957",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5957"
}
]
}

80
2008/5xxx/CVE-2008-5219.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5219",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5219",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters."
"lang": "eng",
"value": "The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and earlier does not check for administrative authentication and does not require knowledge of the original password, which allows remote attackers to change the admin account password via modified npass and npass1 parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7149",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7149"
"name": "49885",
"refsource": "OSVDB",
"url": "http://osvdb.org/49885"
},
{
"name" : "49885",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49885"
"name": "32718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32718"
},
{
"name" : "32718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32718"
"name": "7149",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7149"
},
{
"name" : "4634",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4634"
"name": "4634",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4634"
}
]
}

86
2008/5xxx/CVE-2008-5273.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5273",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5273",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter."
"lang": "eng",
"value": "SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5781",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5781"
"name": "5781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5781"
},
{
"name" : "29638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29638"
"name": "aspnewsmanagement-viewnews-sql-injection(42964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42964"
},
{
"name" : "30593",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30593"
"name": "4658",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4658"
},
{
"name" : "4658",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4658"
"name": "29638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29638"
},
{
"name" : "aspnewsmanagement-viewnews-sql-injection(42964)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42964"
"name": "30593",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30593"
}
]
}

80
2008/5xxx/CVE-2008-5525.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-5525",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5525",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
"lang": "eng",
"value": "ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka \"EXE info\") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
"name": "multiple-antivirus-mzheader-code-execution(47435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
},
{
"name" : "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
"name": "4723",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4723"
},
{
"name" : "4723",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4723"
"name": "20081209 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass -Update-",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499043/100/0/threaded"
},
{
"name" : "multiple-antivirus-mzheader-code-execution(47435)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47435"
"name": "20081208 Multiple Vendor Anti-Virus Software Malicious WebPage Detection Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498995/100/0/threaded"
}
]
}

22
2011/2xxx/CVE-2011-2207.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2207",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-2207",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2011/2xxx/CVE-2011-2562.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2562",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-2562",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256."
"lang": "eng",
"value": "Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (service outage) via a SIP INVITE message, aka Bug ID CSCth43256."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml"
"name": "20110824 Cisco Unified Communications Manager Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b8f531.shtml"
}
]
}

22
2011/2xxx/CVE-2011-2810.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2810",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2011-2810",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-0253. Reason: This candidate is a reservation duplicate of CVE-2011-0253. Notes: All CVE users should reference CVE-2011-0253 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

86
2011/2xxx/CVE-2011-2861.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-2861",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2011-2861",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation."
"lang": "eng",
"value": "Google Chrome before 14.0.835.163 does not properly handle strings in PDF documents, which allows remote attackers to have an unspecified impact via a crafted document that triggers an incorrect read operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=93596",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=93596"
"name": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html"
},
{
"name" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html"
"name": "oval:org.mitre.oval:def:14677",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677"
},
{
"name" : "75563",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/75563"
"name": "75563",
"refsource": "OSVDB",
"url": "http://osvdb.org/75563"
},
{
"name" : "oval:org.mitre.oval:def:14677",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14677"
"name": "chrome-string-code-execution(69888)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/69888"
},
{
"name" : "chrome-string-code-execution(69888)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/69888"
"name": "http://code.google.com/p/chromium/issues/detail?id=93596",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=93596"
}
]
}

62
2011/3xxx/CVE-2011-3569.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3569",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2011-3569",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html"
}
]
}

92
2011/3xxx/CVE-2011-3991.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2011-3991",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2011-3991",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions."
"lang": "eng",
"value": "Untrusted search path vulnerability in FFFTP 1.98a and earlier allows local users to execute arbitrary code via unspecified functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.jp/projects/ffftp/wiki/Security",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.jp/projects/ffftp/wiki/Security"
"name": "ffftp-code-execution(71020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71020"
},
{
"name" : "JVN#62336482",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN62336482/index.html"
"name": "http://sourceforge.jp/projects/ffftp/wiki/Security",
"refsource": "CONFIRM",
"url": "http://sourceforge.jp/projects/ffftp/wiki/Security"
},
{
"name" : "JVNDB-2011-000091",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html"
"name": "46649",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46649"
},
{
"name" : "50412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/50412"
"name": "JVN#62336482",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN62336482/index.html"
},
{
"name" : "46649",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/46649"
"name": "JVNDB-2011-000091",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html"
},
{
"name" : "ffftp-code-execution(71020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/71020"
"name": "50412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50412"
}
]
}

128
2013/0xxx/CVE-2013-0211.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0211",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-0211",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow."
"lang": "eng",
"value": "Integer signedness error in the archive_write_zip_data function in archive_write_set_format_zip.c in libarchive 3.1.2 and earlier, when running on 64-bit machines, allows context-dependent attackers to cause a denial of service (crash) via unspecified vectors, which triggers an improper conversion between unsigned and signed types, leading to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=902998",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=902998"
"name": "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4",
"refsource": "CONFIRM",
"url": "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4"
},
{
"name" : "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4",
"refsource" : "CONFIRM",
"url" : "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4"
"name": "FreeBSD-SA-16:23",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc"
},
{
"name" : "FEDORA-2013-4522",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html"
"name": "MDVSA-2013:147",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:147"
},
{
"name" : "FEDORA-2013-4537",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html"
"name": "openSUSE-SU-2015:0568",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html"
},
{
"name" : "FEDORA-2013-4576",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html"
"name": "FEDORA-2013-4522",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101876.html"
},
{
"name" : "FEDORA-2013-4592",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html"
"name": "58926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58926"
},
{
"name" : "FreeBSD-SA-16:23",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-16:23.libarchive.asc"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=902998",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=902998"
},
{
"name" : "MDVSA-2013:147",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:147"
"name": "1035995",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035995"
},
{
"name" : "openSUSE-SU-2015:0568",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00065.html"
"name": "USN-2549-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2549-1"
},
{
"name" : "USN-2549-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2549-1"
"name": "FEDORA-2013-4592",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101687.html"
},
{
"name" : "58926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/58926"
"name": "FEDORA-2013-4537",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101872.html"
},
{
"name" : "1035995",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035995"
"name": "FEDORA-2013-4576",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101700.html"
}
]
}

74
2013/0xxx/CVE-2013-0406.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0406",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-0406",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
"name": "oval:org.mitre.oval:def:19224",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19224"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
},
{
"name" : "oval:org.mitre.oval:def:19224",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19224"
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}

22
2013/0xxx/CVE-2013-0517.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0517",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-0517",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2013/0xxx/CVE-2013-0873.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-0873",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2013-0873",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to \"freeing invalid addresses.\""
"lang": "eng",
"value": "The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to \"freeing invalid addresses.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25"
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25"
},
{
"name" : "http://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.ffmpeg.org/security.html"
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name" : "GLSA-201603-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-06"
"name": "GLSA-201603-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-06"
}
]
}

68
2013/1xxx/CVE-2013-1027.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1027",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-1027",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package."
"lang": "eng",
"value": "Installer in Apple Mac OS X before 10.8.5 provides an option to continue a package's installation after encountering a revoked certificate, which might allow user-assisted remote attackers to execute arbitrary code via a crafted package."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT5880",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5880"
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name" : "APPLE-SA-2013-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}

62
2013/1xxx/CVE-2013-1056.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1056",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2013-1056",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files."
"lang": "eng",
"value": "X.org X server 1.13.3 and earlier, when not run as root, allows local users to cause a denial of service (crash) or possibly gain privileges via vectors involving cached xkb files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "USN-1990-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1990-1"
"name": "USN-1990-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1990-1"
}
]
}

62
2013/1xxx/CVE-2013-1161.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1161",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-1161",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383."
"lang": "eng",
"value": "The XML parser in the Cisco Jabber IM application for Android allows remote authenticated users to cause a denial of service (blocked connection) by leveraging an entry on a Buddy list and sending a crafted XMPP presence update message, aka Bug ID CSCue38383."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20130319 Cisco Jabber IM for Android Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161"
"name": "20130319 Cisco Jabber IM for Android Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1161"
}
]
}

134
2013/1xxx/CVE-2013-1728.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1728",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2013-1728",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors."
"lang": "eng",
"value": "The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it easier for remote attackers to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html"
"name": "oval:org.mitre.oval:def:18902",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883686",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=883686"
"name": "openSUSE-SU-2013:1491",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html"
},
{
"name" : "FEDORA-2013-16992",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html"
"name": "62468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/62468"
},
{
"name" : "FEDORA-2013-17047",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html"
"name": "FEDORA-2013-16992",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/115907.html"
},
{
"name" : "FEDORA-2013-17074",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html"
"name": "FEDORA-2013-17074",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/116610.html"
},
{
"name" : "openSUSE-SU-2013:1491",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00055.html"
"name": "USN-1952-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1952-1"
},
{
"name" : "openSUSE-SU-2013:1493",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html"
"name": "USN-1951-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1951-1"
},
{
"name" : "openSUSE-SU-2013:1495",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html"
"name": "FEDORA-2013-17047",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-September/117526.html"
},
{
"name" : "openSUSE-SU-2013:1499",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html"
"name": "openSUSE-SU-2013:1493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00057.html"
},
{
"name" : "USN-1951-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1951-1"
"name": "openSUSE-SU-2013:1499",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00061.html"
},
{
"name" : "USN-1952-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1952-1"
"name": "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2013/mfsa2013-85.html"
},
{
"name" : "62468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/62468"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=883686",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=883686"
},
{
"name" : "oval:org.mitre.oval:def:18902",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18902"
"name": "openSUSE-SU-2013:1495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-09/msg00059.html"
}
]
}

92
2013/1xxx/CVE-2013-1827.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1827",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1827",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call."
"lang": "eng",
"value": "net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/03/07/2"
"name": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.5.4"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=919164",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=919164"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=919164",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=919164"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
},
{
"name" : "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/276bdb82dedb290511467a5a4fdbe9f0b52dce6f"
"name": "RHSA-2013:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
},
{
"name" : "RHSA-2013:0744",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0744.html"
"name": "[oss-security] 20130307 Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/07/2"
}
]
}

68
2013/1xxx/CVE-2013-1947.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-1947",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1947",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb."
"lang": "eng",
"value": "kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/10/3"
"name": "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/12/2"
},
{
"name" : "[oss-security] 20130412 Re: Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/04/12/2"
"name": "[oss-security] 20130410 Remote command injection in Ruby Gem kelredd-pruview 0.3.8",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/04/10/3"
}
]
}

68
2013/4xxx/CVE-2013-4055.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4055",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2013-4055",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-4051."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
"name": "domino-webadmin-cve20134055-xss(86544)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
},
{
"name" : "domino-webadmin-cve20134055-xss(86544)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/86544"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21652988"
}
]
}

188
2013/4xxx/CVE-2013-4164.json
View File

@ -1,166 +1,166 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4164",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4164",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse."
"lang": "eng",
"value": "Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a string that is converted to a floating point value, as demonstrated using (1) the to_f method or (2) JSON.parse."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
"name": "https://puppet.com/security/cve/cve-2013-4164",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2013-4164"
},
{
"name" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
"name": "APPLE-SA-2014-10-16-3",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
},
{
"name" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
"name": "openSUSE-SU-2013:1835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
},
{
"name" : "https://support.apple.com/kb/HT6536",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT6536"
"name": "USN-2035-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2035-1"
},
{
"name" : "https://puppet.com/security/cve/cve-2013-4164",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2013-4164"
"name": "APPLE-SA-2014-04-22-1",
"refsource": "APPLE",
"url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
},
{
"name" : "APPLE-SA-2014-04-22-1",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
"name": "RHSA-2014:0215",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
},
{
"name" : "APPLE-SA-2014-10-16-3",
"refsource" : "APPLE",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
"name": "SUSE-SU-2013:1897",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html"
},
{
"name" : "DSA-2810",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2810"
"name": "RHSA-2013:1763",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1763.html"
},
{
"name" : "DSA-2809",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2809"
"name": "RHSA-2013:1764",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1764.html"
},
{
"name" : "RHSA-2013:1763",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1763.html"
"name": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-2-0-0-p353-is-released"
},
{
"name" : "RHSA-2013:1764",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1764.html"
"name": "63873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63873"
},
{
"name" : "RHSA-2013:1767",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1767.html"
"name": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164"
},
{
"name" : "RHSA-2014:0011",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0011.html"
"name": "RHSA-2013:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1767.html"
},
{
"name" : "RHSA-2014:0215",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0215.html"
"name": "RHSA-2014:0011",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0011.html"
},
{
"name" : "openSUSE-SU-2013:1834",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
"name": "openSUSE-SU-2013:1834",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00027.html"
},
{
"name" : "openSUSE-SU-2013:1835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00028.html"
"name": "https://support.apple.com/kb/HT6536",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT6536"
},
{
"name" : "SUSE-SU-2013:1897",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00009.html"
"name": "100113",
"refsource": "OSVDB",
"url": "http://osvdb.org/100113"
},
{
"name" : "USN-2035-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2035-1"
"name": "DSA-2810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2810"
},
{
"name" : "63873",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63873"
"name": "57376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57376"
},
{
"name" : "100113",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100113"
"name": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2013/11/22/ruby-1-9-3-p484-is-released"
},
{
"name" : "55787",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55787"
"name": "DSA-2809",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2809"
},
{
"name" : "57376",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57376"
"name": "55787",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55787"
}
]
}

122
2013/4xxx/CVE-2013-4296.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4296",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-4296",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call."
"lang": "eng",
"value": "The remoteDispatchDomainMemoryStats function in daemon/remote.c in libvirt 0.9.1 through 0.10.1.x, 0.10.2.x before 0.10.2.8, 1.0.x before 1.0.5.6, and 1.1.x before 1.1.2 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a crafted RPC call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0",
"refsource" : "CONFIRM",
"url" : "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0"
"name": "60895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60895"
},
{
"name" : "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource" : "CONFIRM",
"url" : "http://wiki.libvirt.org/page/Maintenance_Releases"
"name": "GLSA-201412-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-04.xml"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006173",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
"name": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0",
"refsource": "CONFIRM",
"url": "http://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f400a110e2e3673b96518170bfea0855dd82c0"
},
{
"name" : "DSA-2764",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2764"
"name": "DSA-2764",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2764"
},
{
"name" : "GLSA-201412-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-04.xml"
"name": "USN-1954-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1954-1"
},
{
"name" : "RHSA-2013:1272",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
"name": "http://wiki.libvirt.org/page/Maintenance_Releases",
"refsource": "CONFIRM",
"url": "http://wiki.libvirt.org/page/Maintenance_Releases"
},
{
"name" : "RHSA-2013:1460",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
"name": "RHSA-2013:1272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1272.html"
},
{
"name" : "openSUSE-SU-2013:1549",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1006173"
},
{
"name" : "openSUSE-SU-2013:1550",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
"name": "RHSA-2013:1460",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1460.html"
},
{
"name" : "USN-1954-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1954-1"
"name": "openSUSE-SU-2013:1550",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00024.html"
},
{
"name" : "60895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/60895"
"name": "openSUSE-SU-2013:1549",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-10/msg00023.html"
}
]
}

22
2013/4xxx/CVE-2013-4692.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-4692",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-4692",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2013/5xxx/CVE-2013-5109.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5109",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-5109",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2013/5xxx/CVE-2013-5837.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-5837",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-5837",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos."
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Cognos."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
"name": "63081",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63081"
},
{
"name" : "63081",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/63081"
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html"
}
]
}

66
2017/1000xxx/CVE-2017-1000140.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2017-08-22T17:29:33.351746",
"ID" : "CVE-2017-1000140",
"REQUESTER" : "info@mahara.org",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.351746",
"ID": "CVE-2017-1000140",
"REQUESTER": "info@mahara.org",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Mahara",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "<1.8.7, <1.9.5, <1.10.3, <15.04.0"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Mahara"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file."
"lang": "eng",
"value": "Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1404117",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/mahara/+bug/1404117"
"name": "https://bugs.launchpad.net/mahara/+bug/1404117",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/mahara/+bug/1404117"
}
]
}

22
2017/12xxx/CVE-2017-12241.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12241",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12241",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

80
2017/12xxx/CVE-2017-12598.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12598",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12598",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case."
"lang": "eng",
"value": "OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds read error in the cv::RBaseStream::readBlock function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 8-opencv-invalid-read-fread test case."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
"name": "[debian-lts-announce] 20180722 [SECURITY] [DLA 1438-1] opencv security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00030.html"
},
{
"name" : "https://github.com/opencv/opencv/issues/9309",
"refsource" : "MISC",
"url" : "https://github.com/opencv/opencv/issues/9309"
"name": "GLSA-201712-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-02"
},
{
"name" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
"name": "https://github.com/xiaoqx/pocs/blob/master/opencv.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/opencv.md"
},
{
"name" : "GLSA-201712-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201712-02"
"name": "https://github.com/opencv/opencv/issues/9309",
"refsource": "MISC",
"url": "https://github.com/opencv/opencv/issues/9309"
}
]
}

98
2017/12xxx/CVE-2017-12991.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-12991",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12991",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()."
"lang": "eng",
"value": "The BGP parser in tcpdump before 4.9.2 has a buffer over-read in print-bgp.c:bgp_attr_print()."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
"name": "GLSA-201709-23",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-23"
},
{
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7",
"refsource" : "CONFIRM",
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7"
"name": "https://support.apple.com/HT208221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208221"
},
{
"name" : "https://support.apple.com/HT208221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208221"
"name": "DSA-3971",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3971"
},
{
"name" : "DSA-3971",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3971"
"name": "1039307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039307"
},
{
"name" : "GLSA-201709-23",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201709-23"
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7",
"refsource": "CONFIRM",
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/50a44b6b8e4f7c127440dbd4239cf571945cc1e7"
},
{
"name" : "RHEA-2018:0705",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
"refsource": "CONFIRM",
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
},
{
"name" : "1039307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039307"
"name": "RHEA-2018:0705",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
}
]
}

76
2017/13xxx/CVE-2017-13264.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"DATE_PUBLIC" : "2018-03-05T00:00:00",
"ID" : "CVE-2017-13264",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-03-05T00:00:00",
"ID": "CVE-2017-13264",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Android",
"version" : {
"version_data" : [
"product_name": "Android",
"version": {
"version_data": [
{
"version_value" : "6.0"
"version_value": "6.0"
},
{
"version_value" : "6.0.1"
"version_value": "6.0.1"
},
{
"version_value" : "7.0"
"version_value": "7.0"
},
{
"version_value" : "7.1.1"
"version_value": "7.1.1"
},
{
"version_value" : "7.1.2"
"version_value": "7.1.2"
},
{
"version_value" : "8.0"
"version_value": "8.0"
},
{
"version_value" : "8.1"
"version_value": "8.1"
}
]
}
}
]
},
"vendor_name" : "Google Inc."
"vendor_name": "Google Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343."
"lang": "eng",
"value": "A other vulnerability in the Android media framework (Avcdec). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70294343."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Other"
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-03-01"
"name": "https://source.android.com/security/bulletin/pixel/2018-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-03-01"
}
]
}

22
2017/13xxx/CVE-2017-13537.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-13537",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-13537",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2017/16xxx/CVE-2017-16029.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2017-16029",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2017-16029",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "hostr node module",
"version" : {
"version_data" : [
"product_name": "hostr node module",
"version": {
"version_data": [
{
"version_value" : "<=2.3.5"
"version_value": "<=2.3.5"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
"vendor_name": "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests."
"lang": "eng",
"value": "hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/henrytseng/hostr/issues/8",
"refsource" : "MISC",
"url" : "https://github.com/henrytseng/hostr/issues/8"
"name": "https://github.com/henrytseng/hostr/issues/8",
"refsource": "MISC",
"url": "https://github.com/henrytseng/hostr/issues/8"
},
{
"name" : "https://nodesecurity.io/advisories/303",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/303"
"name": "https://nodesecurity.io/advisories/303",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/303"
}
]
}

68
2017/16xxx/CVE-2017-16355.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16355",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16355",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml."
"lang": "eng",
"value": "In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed in Passenger Open Source 5.1.11 and Passenger Enterprise 5.1.10), if Passenger is running as root, it is possible to list the contents of arbitrary files on a system by symlinking a file named REVISION from the application root folder to a file of choice and querying passenger-status --show=xml."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/",
"refsource" : "CONFIRM",
"url" : "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
"name": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/",
"refsource": "CONFIRM",
"url": "https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/"
},
{
"name" : "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf",
"refsource" : "CONFIRM",
"url" : "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
"name": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf",
"refsource": "CONFIRM",
"url": "https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf"
}
]
}

74
2017/16xxx/CVE-2017-16362.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2017-16362",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2017-16362",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
"version_value": "Adobe Acrobat Reader 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, 11.0.22 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack."
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is an instance of an out of bounds read vulnerability in the MakeAccesible plugin, when handling font data. It causes an out of bounds memory access, which sometimes triggers an access violation exception. Attackers can exploit the vulnerability by using the out of bounds access for unintended reads, writes, or frees, potentially leading to code corruption, control-flow hijack, or an information leak attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Out-of-bounds Read"
"lang": "eng",
"value": "Out-of-bounds Read"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
"name": "1039791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039791"
},
{
"name" : "102140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102140"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb17-36.html"
},
{
"name" : "1039791",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039791"
"name": "102140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102140"
}
]
}

22
2017/16xxx/CVE-2017-16445.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16445",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-16445",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

74
2017/16xxx/CVE-2017-16827.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-16827",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-16827",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file."
"lang": "eng",
"value": "The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22306",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22306"
"name": "GLSA-201811-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419",
"refsource" : "CONFIRM",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419"
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22306"
},
{
"name" : "GLSA-201811-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-17"
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419",
"refsource": "CONFIRM",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419"
}
]
}

22
2017/4xxx/CVE-2017-4047.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4047",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4047",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/4xxx/CVE-2017-4493.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4493",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4493",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

22
2017/4xxx/CVE-2017-4614.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-4614",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-4614",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}

64
2018/18xxx/CVE-2018-18392.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"DATE_PUBLIC" : "2018-10-18T00:00:00",
"ID" : "CVE-2018-18392",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-18392",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ThingsPro IIoT Gateway and Device Management Software Solutions",
"version" : {
"version_data" : [
"product_name": "ThingsPro IIoT Gateway and Device Management Software Solutions",
"version": {
"version_data": [
{
"version_value" : "2.1"
"version_value": "2.1"
}
]
}
}
]
},
"vendor_name" : "Moxa"
"vendor_name": "Moxa"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1."
"lang": "eng",
"value": "Privilege Escalation via Broken Access Control in Moxa ThingsPro IIoT Gateway and Device Management Software Solutions version 2.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Privilege Escalation via Broken Access Control"
"lang": "eng",
"value": "Privilege Escalation via Broken Access Control"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/"
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/10/18/klcert-18-020-moxa-thingspro-iiot-gateway-and-device-management-software-solutions-broken-access-control/"
}
]
}

22
2018/18xxx/CVE-2018-18697.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18697",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18697",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/18xxx/CVE-2018-18788.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18788",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18788",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)"
"lang": "eng",
"value": "An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)"
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md",
"refsource" : "MISC",
"url" : "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md"
"name": "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md",
"refsource": "MISC",
"url": "https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md"
}
]
}

22
2018/18xxx/CVE-2018-18895.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-18895",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-18895",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3004. Reason: This candidate is a duplicate of CVE-2014-3004. Notes: All CVE users should reference CVE-2014-3004 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

22
2018/5xxx/CVE-2018-5179.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5179",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5179",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

128
2018/5xxx/CVE-2018-5432.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@tibco.com",
"DATE_PUBLIC" : "2018-06-12T16:00:00.000Z",
"ID" : "CVE-2018-5432",
"STATE" : "PUBLIC",
"TITLE" : "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability"
"CVE_data_meta": {
"ASSIGNER": "security@tibco.com",
"DATE_PUBLIC": "2018-06-12T16:00:00.000Z",
"ID": "CVE-2018-5432",
"STATE": "PUBLIC",
"TITLE": "TIBCO Administrator - Enterprise Edition Cross-Site Scripting Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "TIBCO Administrator - Enterprise Edition",
"version" : {
"version_data" : [
"product_name": "TIBCO Administrator - Enterprise Edition",
"version": {
"version_data": [
{
"affected" : "<=",
"version_value" : "5.10.0"
"affected": "<=",
"version_value": "5.10.0"
}
]
}
},
{
"product_name" : "TIBCO Administrator - Enterprise Edition for z/Linux",
"version" : {
"version_data" : [
"product_name": "TIBCO Administrator - Enterprise Edition for z/Linux",
"version": {
"version_data": [
{
"affected" : "<=",
"version_value" : "5.9.1"
"affected": "<=",
"version_value": "5.9.1"
}
]
}
}
]
},
"vendor_name" : "TIBCO Software Inc."
"vendor_name": "TIBCO Software Inc."
}
]
}
},
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
"lang": "eng",
"value": "TIBCO would like to extend its appreciation to Baker Hamilton at Bishop Fox for discovery of this vulnerability."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."
"lang": "eng",
"value": "The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. Affected releases are TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition: versions up to and including 5.10.0, and TIBCO Administrator - Enterprise Edition for z/Linux: versions up to and including 5.9.1."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")"
"lang": "eng",
"value": "The impact of the vulnerability includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user. The impact also theoretically includes access to all administrative information, including deployment variable settings (\"global variables\")"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432",
"refsource" : "CONFIRM",
"url" : "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"
"name": "104458",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104458"
},
{
"name" : "104458",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104458"
"name": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/06/security-advisory-june-12-2018-tibco-administrator-enterprise-edition-2018-5432"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher\n"
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nFor each affected system, update to the corresponding software versions:\nTIBCO Administrator - Enterprise Edition versions 5.10.0 and below update to version 5.10.1 or higher\nTIBCO Administrator - Enterprise Edition for z/Linux versions 5.9.1 and below update to version 5.10.1 or higher\n"
}
],
"source" : {
"discovery" : "EXTERNAL"
"source": {
"discovery": "EXTERNAL"
}
}

70
2018/5xxx/CVE-2018-5531.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-07-24T00:00:00",
"ID" : "CVE-2018-5531",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-07-24T00:00:00",
"ID": "CVE-2018-5531",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : {
"version_data" : [
"product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version": {
"version_data": [
{
"version_value" : "13.0.0-13.1.0.7"
"version_value": "13.0.0-13.1.0.7"
},
{
"version_value" : "12.1.0-12.1.3.5"
"version_value": "12.1.0-12.1.3.5"
},
{
"version_value" : "11.6.0-11.6.3.1"
"version_value": "11.6.0-11.6.3.1"
},
{
"version_value" : "11.2.1-11.5.6"
"version_value": "11.2.1-11.5.6"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
"vendor_name": "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2)."
"lang": "eng",
"value": "Through undisclosed methods, on F5 BIG-IP 13.0.0-13.1.0.7, 12.1.0-12.1.3.5, 11.6.0-11.6.3.1, or 11.2.1-11.5.6, adjacent network attackers can cause a denial of service for VCMP guest and host systems. Attack must be sourced from adjacent network (layer 2)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "DoS"
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.f5.com/csp/article/K64721111",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K64721111"
"name": "https://support.f5.com/csp/article/K64721111",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K64721111"
}
]
}

98
2018/5xxx/CVE-2018-5764.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5764",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5764",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism."
"lang": "eng",
"value": "The parse_arguments function in options.c in rsyncd in rsync before 3.1.3 does not prevent multiple --protect-args uses, which allows remote attackers to bypass an argument-sanitization protection mechanism."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180119 [SECURITY] [DLA 1247-1] rsync security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html"
"name": "[debian-lts-announce] 20180119 [SECURITY] [DLA 1247-1] rsync security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00021.html"
},
{
"name" : "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS",
"refsource" : "CONFIRM",
"url" : "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS"
"name": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07",
"refsource": "CONFIRM",
"url": "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07"
},
{
"name" : "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07",
"refsource" : "CONFIRM",
"url" : "https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07"
"name": "1040276",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040276"
},
{
"name" : "GLSA-201805-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-04"
"name": "USN-3543-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3543-1/"
},
{
"name" : "USN-3543-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3543-1/"
"name": "GLSA-201805-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-04"
},
{
"name" : "102803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102803"
"name": "102803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102803"
},
{
"name" : "1040276",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040276"
"name": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS",
"refsource": "CONFIRM",
"url": "https://download.samba.org/pub/rsync/src-previews/rsync-3.1.3pre1-NEWS"
}
]
}

22
2018/5xxx/CVE-2018-5901.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-5901",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5901",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}