admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:52:54 +00:00
parent a624c8d21c
commit 2f8fc28129
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3596 additions and 3596 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

158
2004/0xxx/CVE-2004-0273.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-0273", "ID": "CVE-2004-0273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040210 Directory traversal in RealPlayer allows code execution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107642978524321&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file."
{ }
"name" : "http://service.real.com/help/faq/security/040123_player/EN/", ]
"refsource" : "CONFIRM", },
"url" : "http://service.real.com/help/faq/security/040123_player/EN/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#514734", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/514734" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "9580", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/9580" ]
}, },
{ "references": {
"name" : "realoneplayer-rmp-directory-traversal(15123)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123" "name": "VU#514734",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/514734"
} },
{
"name": "realoneplayer-rmp-directory-traversal(15123)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15123"
},
{
"name": "20040210 Directory traversal in RealPlayer allows code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107642978524321&w=2"
},
{
"name": "9580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9580"
},
{
"name": "http://service.real.com/help/faq/security/040123_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/040123_player/EN/"
}
]
}
} }

318
2004/1xxx/CVE-2004-1068.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1068", "ID": "CVE-2004-1068",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A \"missing serialization\" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/381689" "lang": "eng",
}, "value": "A \"missing serialization\" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition."
{ }
"name" : "DSA-1070", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-1070" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1067", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1067" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1069", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2006/dsa-1069" ]
}, },
{ "references": {
"name" : "DSA-1082", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1082" "name": "20163",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20163"
"name" : "FLSA:2336", },
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2336" "name": "DSA-1082",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1082"
"name" : "MDKSA-2005:022", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022" "name": "MDKSA-2005:022",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:022"
"name" : "RHSA-2004:537", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-537.html" "name": "20041214 [USN-38-1] Linux kernel vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=110306397320336&w=2"
"name" : "20041214 [USN-38-1] Linux kernel vulnerabilities", },
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110306397320336&w=2" "name": "FLSA:2336",
}, "refsource": "FEDORA",
{ "url": "https://bugzilla.fedora.us/show_bug.cgi?id=2336"
"name" : "RHSA-2004:504", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-504.html" "name": "11715",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11715"
"name" : "RHSA-2004:505", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2004-505.html" "name": "SUSE-SA:2004:044",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2004_44_kernel.html"
"name" : "20060402-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U" "name": "19607",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19607"
"name" : "SUSE-SA:2004:044", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2004_44_kernel.html" "name": "DSA-1070",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1070"
"name" : "11715", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11715" "name": "RHSA-2004:537",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-537.html"
"name" : "oval:org.mitre.oval:def:11384", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11384" "name": "20162",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20162"
"name" : "20162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20162" "name": "20041119 Addendum, recent Linux <= 2.4.27 vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/381689"
"name" : "20163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20163" "name": "DSA-1067",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1067"
"name" : "20202", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20202" "name": "DSA-1069",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1069"
"name" : "20338", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20338" "name": "20060402-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U"
"name" : "19607", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19607" "name": "RHSA-2004:505",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2004-505.html"
"name" : "linux-afunix-race-condition(18230)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18230" "name": "20202",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/20202"
} },
{
"name": "oval:org.mitre.oval:def:11384",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11384"
},
{
"name": "RHSA-2004:504",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-504.html"
},
{
"name": "linux-afunix-race-condition(18230)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18230"
},
{
"name": "20338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20338"
}
]
}
} }

148
2004/1xxx/CVE-2004-1539.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1539", "ID": "CVE-2004-1539",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041122 Broadcast client crash in Halo 1.05", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110114770406920&w=2" "lang": "eng",
}, "value": "Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference."
{ }
"name" : "11724", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11724" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13273", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13273" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "halo-long-reply-dos(18196)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18196" ]
} },
] "references": {
} "reference_data": [
{
"name": "11724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11724"
},
{
"name": "halo-long-reply-dos(18196)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18196"
},
{
"name": "13273",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13273"
},
{
"name": "20041122 Broadcast client crash in Halo 1.05",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110114770406920&w=2"
}
]
}
} }

218
2004/1xxx/CVE-2004-1617.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1617", "ID": "CVE-2004-1617",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041018 Web browsers - a mini-farce", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109811406620511&w=2" "lang": "eng",
}, "value": "Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value."
{ }
"name" : "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/435689/30/4740/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20041018 Web browsers - a mini-farce", "description": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://lcamtuf.coredump.cx/mangleme/gallery/", ]
"refsource" : "MISC", }
"url" : "http://lcamtuf.coredump.cx/mangleme/gallery/" ]
}, },
{ "references": {
"name" : "DSA-1077", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1077" "name": "11443",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/11443"
"name" : "DSA-1076", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1076" "name": "20041018 Web browsers - a mini-farce",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=109811406620511&w=2"
"name" : "DSA-1085", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1085" "name": "DSA-1077",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1077"
"name" : "11443", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11443" "name": "1011809",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1011809"
"name" : "1011809", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1011809" "name": "20060602 Re: [SECURITY] [DSA 1085-1] New lynx-cur packages fix several vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/435689/30/4740/threaded"
"name" : "20383", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20383" "name": "DSA-1076",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1076"
"name" : "lynx-dos(17804)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804" "name": "DSA-1085",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2006/dsa-1085"
} },
{
"name": "20041018 Web browsers - a mini-farce",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027709.html"
},
{
"name": "http://lcamtuf.coredump.cx/mangleme/gallery/",
"refsource": "MISC",
"url": "http://lcamtuf.coredump.cx/mangleme/gallery/"
},
{
"name": "20383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20383"
},
{
"name": "lynx-dos(17804)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17804"
}
]
}
} }

158
2004/1xxx/CVE-2004-1648.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1648", "ID": "CVE-2004-1648",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040830 Password Protect XSS and SQL-Injection vulnerabilities.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109414967003192&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter."
{ }
"name" : "http://www.criolabs.net/advisories/passprotect.txt", ]
"refsource" : "MISC", },
"url" : "http://www.criolabs.net/advisories/passprotect.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11073", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11073" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12407", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12407" ]
}, },
{ "references": {
"name" : "password-protect-showmsg-xss(17187)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17187" "name": "password-protect-showmsg-xss(17187)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17187"
} },
{
"name": "11073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11073"
},
{
"name": "20040830 Password Protect XSS and SQL-Injection vulnerabilities.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=109414967003192&w=2"
},
{
"name": "12407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12407"
},
{
"name": "http://www.criolabs.net/advisories/passprotect.txt",
"refsource": "MISC",
"url": "http://www.criolabs.net/advisories/passprotect.txt"
}
]
}
} }

158
2004/1xxx/CVE-2004-1830.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1830", "ID": "CVE-2004-1830",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040318 [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=107963064317560&w=2" "lang": "eng",
}, "value": "error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message."
{ }
"name" : "9911", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/9911" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4386", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/4386" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11164", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11164" ]
}, },
{ "references": {
"name" : "errormanager-error-path-disclosure(15524)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15524" "name": "errormanager-error-path-disclosure(15524)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15524"
} },
{
"name": "4386",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4386"
},
{
"name": "11164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11164"
},
{
"name": "9911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9911"
},
{
"name": "20040318 [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107963064317560&w=2"
}
]
}
} }

158
2004/1xxx/CVE-2004-1909.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1909", "ID": "CVE-2004-1909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462" "lang": "eng",
}, "value": "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm."
{ }
"name" : "GLSA-200404-07", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200404-07.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "9897", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9897" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "11177", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/11177" ]
}, },
{ "references": {
"name" : "clam-antivirus-rar-dos(15553)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553" "name": "clam-antivirus-rar-dos(15553)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
} },
{
"name": "9897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9897"
},
{
"name": "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462"
},
{
"name": "GLSA-200404-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"name": "11177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11177"
}
]
}
} }

158
2008/2xxx/CVE-2008-2566.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-2566", "ID": "CVE-2008-2566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5739", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5739" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the group parameter to (1) index.php or (2) the default URI."
{ }
"name" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30540", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30540" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phpaddressbook-group-xss(42856)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856" ]
}, },
{ "references": {
"name" : "phpaddressbook-grouppara-xss(99624)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624" "name": "30540",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/30540"
} },
{
"name": "phpaddressbook-group-xss(42856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42856"
},
{
"name": "5739",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5739"
},
{
"name": "phpaddressbook-grouppara-xss(99624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99624"
},
{
"name": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129789/PHP-Address-Book-Cross-Site-Scripting-SQL-Injection.html"
}
]
}
} }

328
2008/3xxx/CVE-2008-3137.json
View File

@ -1,167 +1,167 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3137", "ID": "CVE-2008-3137",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080703 rPSA-2008-0212-1 tshark wireshark", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493882/100/0/threaded" "lang": "eng",
}, "value": "The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors."
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-03.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212", ]
"refsource" : "CONFIRM", }
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212" ]
}, },
{ "references": {
"name" : "DSA-1673", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1673" "name": "30886",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30886"
"name" : "FEDORA-2008-6440", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html" "name": "SUSE-SR:2008:017",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
"name" : "GLSA-200808-04", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200808-04.xml" "name": "30942",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30942"
"name" : "RHSA-2008:0890", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0890.html" "name": "FEDORA-2008-6440",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00544.html"
"name" : "SUSE-SR:2008:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html" "name": "RHSA-2008:0890",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0890.html"
"name" : "30020", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30020" "name": "ADV-2008-1982",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1982/references"
"name" : "oval:org.mitre.oval:def:10860", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860" "name": "oval:org.mitre.oval:def:10860",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10860"
"name" : "oval:org.mitre.oval:def:15068", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068" "name": "31687",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31687"
"name" : "1020404", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020404" "name": "http://www.wireshark.org/security/wnpa-sec-2008-03.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2008-03.html"
"name" : "30886", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30886" "name": "GLSA-200808-04",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200808-04.xml"
"name" : "30942", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30942" "name": "oval:org.mitre.oval:def:15068",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15068"
"name" : "31085", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31085" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-392.htm"
"name" : "ADV-2008-1982", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1982/references" "name": "32091",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32091"
"name" : "ADV-2008-2773", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2773" "name": "20080703 rPSA-2008-0212-1 tshark wireshark",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493882/100/0/threaded"
"name" : "31378", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31378" "name": "ADV-2008-2773",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2773"
"name" : "31687", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31687" "name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212",
}, "refsource": "CONFIRM",
{ "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0212"
"name" : "32091", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32091" "name": "32944",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32944"
"name" : "32944", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32944" "name": "30020",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30020"
} },
{
"name": "31378",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31378"
},
{
"name": "1020404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020404"
},
{
"name": "DSA-1673",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1673"
},
{
"name": "31085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31085"
}
]
}
} }

128
2008/3xxx/CVE-2008-3299.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3299", "ID": "CVE-2008-3299",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "30332", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30332" "lang": "eng",
}, "value": "eSyndiCat 1.6 allows remote attackers to bypass authentication and gain administrative access by setting the admin_lng cookie value to 1. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "esyndicat-adminlng-authentication-bypass(43972)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43972" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "esyndicat-adminlng-authentication-bypass(43972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43972"
},
{
"name": "30332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30332"
}
]
}
} }

148
2008/3xxx/CVE-2008-3786.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3786", "ID": "CVE-2008-3786",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka \"Gallery or event name\" field) in a search action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080822 Photo Cart 3.9 index.php \"search\" XSS", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO Photo Cart 3.9 allows remote attackers to inject arbitrary web script or HTML via the qtitle parameter (aka \"Gallery or event name\" field) in a search action."
{ }
"name" : "30798", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31589", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31589" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "photocart-gallery-xss(44614)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44614" ]
} },
] "references": {
} "reference_data": [
{
"name": "30798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30798"
},
{
"name": "photocart-gallery-xss(44614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44614"
},
{
"name": "20080822 Photo Cart 3.9 index.php \"search\" XSS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-August/064046.html"
},
{
"name": "31589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31589"
}
]
}
} }

168
2008/4xxx/CVE-2008-4095.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4095", "ID": "CVE-2008-4095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV before 2.2.1 have unknown impact and attack vectors, different vulnerabilities than CVE-2007-6713."
{ }
"name" : "31505", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31505" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2710", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2710" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020956", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020956" ]
}, },
{ "references": {
"name" : "31925", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31925" "name": "flip4mac-multiple-unspecified(45187)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45187"
"name" : "flip4mac-multiple-unspecified(45187)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45187" "name": "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf",
} "refsource": "CONFIRM",
] "url": "http://www.flip4mac.com/downloads/wmv_components/flip4mac-wmv-release-notes.pdf"
} },
{
"name": "31505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31505"
},
{
"name": "31925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31925"
},
{
"name": "1020956",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020956"
},
{
"name": "ADV-2008-2710",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2710"
}
]
}
} }

138
2008/4xxx/CVE-2008-4911.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4911", "ID": "CVE-2008-4911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080415 remote file include", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-04/0196.html" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter."
{ }
"name" : "28797", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28797" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "istantreplay-read-file-include(41844)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41844" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20080415 remote file include",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-04/0196.html"
},
{
"name": "28797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28797"
},
{
"name": "istantreplay-read-file-include(41844)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41844"
}
]
}
} }

138
2008/4xxx/CVE-2008-4930.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4930", "ID": "CVE-2008-4930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" "lang": "eng",
}, "value": "MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded file with a nonstandard file type that contains HTML sequences, which allows remote attackers to cause that file to be processed as HTML by Internet Explorer's content inspection, aka \"Incomplete protection against MIME-sniffing.\" NOTE: this could be leveraged for XSS and other attacks."
{ }
"name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/11/01/2" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html"
},
{
"name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html"
},
{
"name": "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/2"
}
]
}
} }

168
2008/6xxx/CVE-2008-6181.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6181", "ID": "CVE-2008-6181",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6724", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6724" "lang": "eng",
}, "value": "SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php."
{ }
"name" : "http://www.mad4media.de/mad4joomla-mailforms-faq.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mad4media.de/mad4joomla-mailforms-faq.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mad4media.de/mad4joomla-mailforms.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mad4media.de/mad4joomla-mailforms.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31712", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31712" ]
}, },
{ "references": {
"name" : "32239", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32239" "name": "http://www.mad4media.de/mad4joomla-mailforms.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mad4media.de/mad4joomla-mailforms.html"
"name" : "mad4joomla-index-sql-injection(45815)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45815" "name": "32239",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32239"
} },
{
"name": "6724",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6724"
},
{
"name": "http://www.mad4media.de/mad4joomla-mailforms-faq.html",
"refsource": "CONFIRM",
"url": "http://www.mad4media.de/mad4joomla-mailforms-faq.html"
},
{
"name": "mad4joomla-index-sql-injection(45815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45815"
},
{
"name": "31712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31712"
}
]
}
} }

138
2008/6xxx/CVE-2008-6374.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6374", "ID": "CVE-2008-6374",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7325", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7325" "lang": "eng",
}, "value": "CodefixerSoftware MailingListPro Free Edition stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to db/MailingList.mdb."
{ }
"name" : "33000", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33000" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "mailinglistpro-mailinglist-info-disclosure(47018)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47018" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "mailinglistpro-mailinglist-info-disclosure(47018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47018"
},
{
"name": "33000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33000"
},
{
"name": "7325",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7325"
}
]
}
} }

32
2008/6xxx/CVE-2008-6426.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-6426", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-6426",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

148
2008/6xxx/CVE-2008-6429.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6429", "ID": "CVE-2008-6429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5708", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5708" "lang": "eng",
}, "value": "SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php."
{ }
"name" : "45856", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/45856" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30493", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30493" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "prayercenter-index2-sql-injection(42772)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42772" ]
} },
] "references": {
} "reference_data": [
{
"name": "prayercenter-index2-sql-injection(42772)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42772"
},
{
"name": "5708",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5708"
},
{
"name": "45856",
"refsource": "OSVDB",
"url": "http://osvdb.org/45856"
},
{
"name": "30493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30493"
}
]
}
} }

138
2008/6xxx/CVE-2008-6966.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6966", "ID": "CVE-2008-6966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7087", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7087" "lang": "eng",
}, "value": "AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php."
{ }
"name" : "32243", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32243" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ajauction-admin-authentication-bypass(46528)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46528" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ajauction-admin-authentication-bypass(46528)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46528"
},
{
"name": "7087",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7087"
},
{
"name": "32243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32243"
}
]
}
} }

32
2013/2xxx/CVE-2013-2255.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2255", "ID": "CVE-2013-2255",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2013/2xxx/CVE-2013-2340.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2013-2340", "ID": "CVE-2013-2340",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBHF02888", "description_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" "lang": "eng",
}, "value": "Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors."
{ }
"name" : "SSRT100917", ]
"refsource" : "HP", },
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100917",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969"
},
{
"name": "HPSBHF02888",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03808969"
}
]
}
} }

178
2013/2xxx/CVE-2013-2467.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2467", "ID": "CVE-2013-2467",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBUX02907", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "TA13-169A", ]
"refsource" : "CERT", }
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:17014", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17014" "name": "oval:org.mitre.oval:def:17014",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17014"
"name" : "oval:org.mitre.oval:def:19512", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19512" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
"name" : "54154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54154" "name": "HPSBUX02907",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
} },
{
"name": "54154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54154"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
},
{
"name": "TA13-169A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
},
{
"name": "oval:org.mitre.oval:def:19512",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19512"
}
]
}
} }

198
2013/2xxx/CVE-2013-2476.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2476", "ID": "CVE-2013-2476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778" "lang": "eng",
}, "value": "The dissect_hartip function in epan/dissectors/packet-hartip.c in the HART/IP dissector in Wireshark 1.8.x before 1.8.6 allows remote attackers to cause a denial of service (infinite loop) via a packet with a header that is too short."
{ }
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778", ]
"refsource" : "CONFIRM", },
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.wireshark.org/security/wnpa-sec-2013-11.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.wireshark.org/security/wnpa-sec-2013-11.html" ]
}, },
{ "references": {
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360" "name": "openSUSE-SU-2013:0494",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html"
"name" : "openSUSE-SU-2013:0494", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00065.html" "name": "http://www.wireshark.org/security/wnpa-sec-2013-11.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/security/wnpa-sec-2013-11.html"
"name" : "openSUSE-SU-2013:0506", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html" "name": "52471",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/52471"
"name" : "oval:org.mitre.oval:def:15838", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15838" "name": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.wireshark.org/docs/relnotes/wireshark-1.8.6.html"
"name" : "52471", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/52471" "name": "openSUSE-SU-2013:0506",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00077.html"
} },
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk-1.8/epan/dissectors/packet-hartip.c?r1=47778&r2=47777&pathrev=47778"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=47778"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360"
},
{
"name": "oval:org.mitre.oval:def:15838",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15838"
}
]
}
} }

32
2013/2xxx/CVE-2013-2971.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-2971", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-2971",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
} }
] ]
} }
} }

118
2013/6xxx/CVE-2013-6662.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6662", "ID": "CVE-2013-6662",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome caches TLS sessions before certificate validation occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.chromium.org/p/chromium/issues/detail?id=305220", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.chromium.org/p/chromium/issues/detail?id=305220" "lang": "eng",
} "value": "Google Chrome caches TLS sessions before certificate validation occurs."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/chromium/issues/detail?id=305220",
"refsource": "CONFIRM",
"url": "https://bugs.chromium.org/p/chromium/issues/detail?id=305220"
}
]
}
} }

118
2017/11xxx/CVE-2017-11326.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11326", "ID": "CVE-2017-11326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/", "description_data": [
"refsource" : "MISC", {
"url" : "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/" "lang": "eng",
} "value": "An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "https://backbox.org/membership/sharing-board/tilde-cms-v1-01-multiple-vulnerabilities/"
}
]
}
} }

148
2017/11xxx/CVE-2017-11462.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11462", "ID": "CVE-2017-11462",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598" "lang": "eng",
}, "value": "Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1488873", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1488873" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2017-10c74147f9", ]
"refsource" : "FEDORA", }
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf",
"refsource": "CONFIRM",
"url": "https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf"
},
{
"name": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598",
"refsource": "CONFIRM",
"url": "http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598"
},
{
"name": "FEDORA-2017-10c74147f9",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FPRUP4YVOEBGEROUYWZFEQ64HTMGNED/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1488873"
}
]
}
} }

118
2017/11xxx/CVE-2017-11480.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@elastic.co", "ASSIGNER": "security@elastic.co",
"ID" : "CVE-2017-11480", "ID": "CVE-2017-11480",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Packetbeat", "product_name": "Packetbeat",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 5.6.4" "version_value": "before 5.6.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Elastic" "vendor_name": "Elastic"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-404: Improper Resource Shutdown or Release"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739" "lang": "eng",
} "value": "Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-404: Improper Resource Shutdown or Release"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/beats-5-6-4-security-update/106739"
}
]
}
} }

128
2017/14xxx/CVE-2017-14120.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14120", "ID": "CVE-2017-14120",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.openwall.com/lists/oss-security/2017/08/20/1", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.openwall.com/lists/oss-security/2017/08/20/1" "lang": "eng",
}, "value": "unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory traversal vulnerability for RAR v2 archives: pathnames of the form ../[filename] are unpacked into the upper directory."
{ }
"name" : "https://bugs.debian.org/874059", ]
"refsource" : "MISC", },
"url" : "https://bugs.debian.org/874059" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/874059",
"refsource": "MISC",
"url": "https://bugs.debian.org/874059"
},
{
"name": "http://www.openwall.com/lists/oss-security/2017/08/20/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/08/20/1"
}
]
}
} }

32
2017/14xxx/CVE-2017-14255.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14255", "ID": "CVE-2017-14255",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

308
2017/14xxx/CVE-2017-14492.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14492", "ID": "CVE-2017-14492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42942", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42942/" "lang": "eng",
}, "value": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request."
{ }
"name" : "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", ]
"refsource" : "MLIST", },
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "description": [
"refsource" : "MLIST", {
"url" : "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", ]
"refsource" : "MISC", }
"url" : "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ]
}, },
{ "references": {
"name" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://thekelleys.org.uk/dnsmasq/CHANGELOG" "name": "1039474",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1039474"
"name" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10", },
"refsource" : "CONFIRM", {
"url" : "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10" "name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq",
}, "refsource": "CONFIRM",
{ "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"
"name" : "https://access.redhat.com/security/vulnerabilities/3199382", },
"refsource" : "CONFIRM", {
"url" : "https://access.redhat.com/security/vulnerabilities/3199382" "name": "DSA-3989",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-3989"
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", },
"refsource" : "CONFIRM", {
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4561" "name": "https://access.redhat.com/security/vulnerabilities/3199382",
}, "refsource": "CONFIRM",
{ "url": "https://access.redhat.com/security/vulnerabilities/3199382"
"name" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", },
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq" "name": "101085",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101085"
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", },
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt" "name": "USN-3430-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3430-1"
"name" : "DSA-3989", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3989" "name": "VU#973527",
}, "refsource": "CERT-VN",
{ "url": "https://www.kb.cert.org/vuls/id/973527"
"name" : "GLSA-201710-27", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201710-27" "name": "GLSA-201710-27",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201710-27"
"name" : "RHSA-2017:2836", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2836" "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10",
}, "refsource": "CONFIRM",
{ "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10"
"name" : "RHSA-2017:2837", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:2837" "name": "USN-3430-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-3430-2"
"name" : "openSUSE-SU-2017:2633", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html" "name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.",
}, "refsource": "MLIST",
{ "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
"name" : "USN-3430-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3430-1" "name": "42942",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/42942/"
"name" : "USN-3430-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-3430-2" "name": "RHSA-2017:2836",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:2836"
"name" : "VU#973527", },
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/973527" "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561",
}, "refsource": "CONFIRM",
{ "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
"name" : "101085", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101085" "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"
"name" : "1039474", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039474" "name": "RHSA-2017:2837",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2017:2837"
} },
{
"name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "openSUSE-SU-2017:2633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html",
"refsource": "MISC",
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.",
"refsource": "MLIST",
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
}
]
}
} }

118
2017/14xxx/CVE-2017-14558.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14558", "ID": "CVE-2017-14558",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558" "lang": "eng",
} "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a \"User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2.\""
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14558"
}
]
}
} }

32
2017/14xxx/CVE-2017-14665.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-14665", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-14665",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

32
2017/15xxx/CVE-2017-15158.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15158", "ID": "CVE-2017-15158",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2017/15xxx/CVE-2017-15188.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15188", "ID": "CVE-2017-15188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS" "lang": "eng",
} "value": "A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS",
"refsource": "MISC",
"url": "https://github.com/jsj730sos/cve/blob/master/Eonweb_module_admin_device_index%20stored%20XSS"
}
]
}
} }

120
2017/15xxx/CVE-2017-15308.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-20T00:00:00", "DATE_PUBLIC": "2017-11-20T00:00:00",
"ID" : "CVE-2017-15308", "ID": "CVE-2017-15308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "iReader", "product_name": "iReader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 8.0.2.301" "version_value": "before 8.0.2.301"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "input validation"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en" "lang": "eng",
} "value": "Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webpages would be loaded and run."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20171120-01-hwreader-en"
}
]
}
} }

118
2017/9xxx/CVE-2017-9192.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9192", "ID": "CVE-2017-9192",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/" "lang": "eng",
} "value": "libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-tga.c:528:7."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/"
}
]
}
} }

120
2017/9xxx/CVE-2017-9722.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00", "DATE_PUBLIC": "2017-12-04T00:00:00",
"ID" : "CVE-2017-9722", "ID": "CVE-2017-9722",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in Display"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2017-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" "lang": "eng",
} "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, when updating custom EDID (hdmi_tx_sysfs_wta_edid), if edid_size, which is controlled by userspace, is too large, a buffer overflow occurs."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in Display"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-12-01"
}
]
}
} }

140
2017/9xxx/CVE-2017-9801.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2017-08-01T00:00:00", "DATE_PUBLIC": "2017-08-01T00:00:00",
"ID" : "CVE-2017-9801", "ID": "CVE-2017-9801",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Commons Email", "product_name": "Apache Commons Email",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0 to 1.4" "version_value": "1.0 to 1.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SMTP header injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3E" "lang": "eng",
}, "value": "When a call-site passes a subject for an email that contains line-breaks in Apache Commons Email 1.0 through 1.4, the caller can add arbitrary SMTP headers."
{ }
"name" : "100082", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100082" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1039043", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039043" "lang": "eng",
} "value": "SMTP header injection"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "[announce@apache.org] 20170801 CVE-2017-9801: Apache Commons Email SMTP header injection vulnerabilty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7ef903a772a2ff08605df1be819044fb15df2815eb3d63878b3fbbb5@%3Cannounce.apache.org%3E"
},
{
"name": "1039043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039043"
},
{
"name": "100082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100082"
}
]
}
} }

118
2017/9xxx/CVE-2017-9819.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9819", "ID": "CVE-2017-9819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf" "lang": "eng",
} "value": "The National Payments Corporation of India BHIM application 1.3 for Android does not properly restrict use of the OTP feature, which makes it easier for attackers to bypass authentication."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf",
"refsource": "MISC",
"url": "https://github.com/magicj3lly/appexploits/blob/master/BHIM-App-PreliminaryReport.pdf"
}
]
}
} }

148
2017/9xxx/CVE-2017-9992.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9992", "ID": "CVE-2017-9992",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345", "description_data": [
"refsource" : "MISC", {
"url" : "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345" "lang": "eng",
}, "value": "Heap-based buffer overflow in the decode_dds1 function in libavcodec/dfa.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x before 3.1.8, 3.2.x before 3.2.5, and 3.3.x before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file."
{ }
"name" : "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360", ]
"refsource" : "MISC", },
"url" : "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4012", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-4012" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "99319", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/99319" ]
} },
] "references": {
} "reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360",
"refsource": "MISC",
"url": "https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360"
},
{
"name": "99319",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99319"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1345"
},
{
"name": "DSA-4012",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4012"
}
]
}
} }

138
2018/0xxx/CVE-2018-0097.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0097", "ID": "CVE-2018-0097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Infrastructure", "product_name": "Cisco Prime Infrastructure",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Prime Infrastructure" "version_value": "Cisco Prime Infrastructure"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-601"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure" "lang": "eng",
}, "value": "A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646."
{ }
"name" : "102724", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102724" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040243", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040243" "lang": "eng",
} "value": "CWE-601"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-prime-infrastructure"
},
{
"name": "102724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102724"
},
{
"name": "1040243",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040243"
}
]
}
} }

162
2018/1000xxx/CVE-2018-1000060.json
View File

@ -1,84 +1,84 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2/6/2018 17:07:21", "DATE_ASSIGNED": "2/6/2018 17:07:21",
"ID" : "CVE-2018-1000060", "ID": "CVE-2018-1000060",
"REQUESTER" : "justin@sensu.io", "REQUESTER": "justin@sensu.io",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Sensu Core", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Sensu, Inc." "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sensu/sensu/issues/1804", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/sensu/sensu/issues/1804" "lang": "eng",
}, "value": "Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in clear-text. This attack appear to be exploitable via victims with configuration matching a specific pattern will observe sensitive data outputted in their service log files. This vulnerability appears to have been fixed in 1.2.1 and later, after commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b."
{ }
"name" : "https://github.com/sensu/sensu/pull/1810", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/sensu/sensu/pull/1810" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:0616", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0616" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2018:1112", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:1112" ]
}, },
{ "references": {
"name" : "RHSA-2018:1606", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1606" "name": "https://github.com/sensu/sensu/pull/1810",
} "refsource": "CONFIRM",
] "url": "https://github.com/sensu/sensu/pull/1810"
} },
{
"name": "RHSA-2018:0616",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0616"
},
{
"name": "https://github.com/sensu/sensu/issues/1804",
"refsource": "CONFIRM",
"url": "https://github.com/sensu/sensu/issues/1804"
},
{
"name": "RHSA-2018:1606",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1606"
},
{
"name": "RHSA-2018:1112",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1112"
}
]
}
} }

124
2018/1000xxx/CVE-2018-1000511.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-23T11:22:33.012591", "DATE_ASSIGNED": "2018-06-23T11:22:33.012591",
"DATE_REQUESTED" : "2018-06-07T20:50:47", "DATE_REQUESTED": "2018-06-07T20:50:47",
"ID" : "CVE-2018-1000511", "ID": "CVE-2018-1000511",
"REQUESTER" : "tom@dxw.com", "REQUESTER": "tom@dxw.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WP ULike", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.8.1,3.1" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "WP ULike" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/", "description_data": [
"refsource" : "MISC", {
"url" : "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/" "lang": "eng",
} "value": "WP ULike version 2.8.1, 3.1 contains a Incorrect Access Control vulnerability in AJAX that can result in allows anybody to delete any row in certain tables. This attack appear to be exploitable via Attacker must make AJAX request. This vulnerability appears to have been fixed in 3.2."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/",
"refsource": "MISC",
"url": "https://advisories.dxw.com/advisories/wp-ulike-delete-rows/"
}
]
}
} }

32
2018/12xxx/CVE-2018-12012.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12012", "ID": "CVE-2018-12012",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/12xxx/CVE-2018-12298.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12298", "ID": "CVE-2018-12298",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/16xxx/CVE-2018-16053.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16053", "ID": "CVE-2018-16053",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/16xxx/CVE-2018-16146.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16146", "ID": "CVE-2018-16146",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "https://seclists.org/fulldisclosure/2018/Sep/3" "lang": "eng",
}, "value": "The web management console of Opsview Monitor 5.4.x before 5.4.2 provides functionality accessible by an authenticated administrator to test notifications that are triggered under certain configurable events. The value parameter is not properly sanitized, leading to arbitrary command injection with the privileges of the nagios user account."
{ }
"name" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities", ]
"refsource" : "MISC", },
"url" : "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://knowledge.opsview.com/v5.4/docs/whats-new", "description": [
"refsource" : "CONFIRM", {
"url" : "https://knowledge.opsview.com/v5.4/docs/whats-new" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://knowledge.opsview.com/v5.4/docs/whats-new",
"refsource": "CONFIRM",
"url": "https://knowledge.opsview.com/v5.4/docs/whats-new"
},
{
"name": "20180904 [CORE-2018-0008] - Opsview Monitor Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/3"
},
{
"name": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/opsview-monitor-multiple-vulnerabilities"
}
]
}
} }

128
2018/16xxx/CVE-2018-16165.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16165", "ID": "CVE-2018-16165",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LogonTracer", "product_name": "LogonTracer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.2.0 and earlier" "version_value": "1.2.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "JPCERT Coordination Center" "vendor_name": "JPCERT Coordination Center"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in LogonTracer 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "https://jvn.jp/en/vu/JVNVU98026636/index.html", ]
"refsource" : "MISC", },
"url" : "https://jvn.jp/en/vu/JVNVU98026636/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1",
"refsource": "MISC",
"url": "https://github.com/JPCERTCC/LogonTracer/releases/tag/v1.2.1"
},
{
"name": "https://jvn.jp/en/vu/JVNVU98026636/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU98026636/index.html"
}
]
}
} }

128
2018/16xxx/CVE-2018-16471.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-16471", "ID": "CVE-2018-16471",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Rack", "product_name": "Rack",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0.6, 1.6.11" "version_value": "2.0.6, 1.6.11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Rack" "vendor_name": "Rack"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html" "lang": "eng",
}, "value": "There is a possible XSS vulnerability in Rack before 2.0.6 and 1.6.11. Carefully crafted requests can impact the data returned by the `scheme` method on `Rack::Request`. Applications that expect the scheme to be limited to 'http' or 'https' and do not escape the return value could be vulnerable to an XSS attack. Note that applications using the normal escaping mechanisms provided by Rails may not impacted, but applications that bypass the escaping mechanisms, or do not use them may be vulnerable."
{ }
"name" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag", ]
"refsource" : "MISC", },
"url" : "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/rubyonrails-security/GKsAFT924Ag"
},
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1585-1] ruby-rack security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00022.html"
}
]
}
} }

32
2018/16xxx/CVE-2018-16592.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16592", "ID": "CVE-2018-16592",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4259.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4259", "ID": "CVE-2018-4259",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4319.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4319", "ID": "CVE-2018-4319",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4364.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4364", "ID": "CVE-2018-4364",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/4xxx/CVE-2018-4748.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4748", "ID": "CVE-2018-4748",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/4xxx/CVE-2018-4930.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4930", "ID": "CVE-2018-4930",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Experience Manager AEM 6.3 and earlier", "product_name": "Adobe Experience Manager AEM 6.3 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Experience Manager AEM 6.3 and earlier" "version_value": "Adobe Experience Manager AEM 6.3 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" "lang": "eng",
}, "value": "Adobe Experience Manager versions 6.3 and earlier have an exploitable Cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
{ }
"name" : "103706", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103706" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103706",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103706"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html"
}
]
}
} }

128
2018/4xxx/CVE-2018-4931.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4931", "ID": "CVE-2018-4931",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Experience Manager AEM 6.1 and earlier", "product_name": "Adobe Experience Manager AEM 6.1 and earlier",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Experience Manager AEM 6.1 and earlier" "version_value": "Adobe Experience Manager AEM 6.1 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stored cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html" "lang": "eng",
}, "value": "Adobe Experience Manager versions 6.1 and earlier have an exploitable stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
{ }
"name" : "103709", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103709" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Stored cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103709",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103709"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-10.html"
}
]
}
} }