mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-06-19 17:32:41 +00:00
"-Synchronized-Data."
This commit is contained in:
parent
0bbbbaa743
commit
3ccf9564eb
@ -1,382 +1,382 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0415",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2008-0415",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080209 rPSA-2008-0051-1 firefox",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080212 FLEA-2008-0001-1 firefox",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080229 rPSA-2008-0093-1 thunderbird",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597"
|
||||
},
|
||||
{
|
||||
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
|
||||
},
|
||||
{
|
||||
"name" : "http://browser.netscape.com/releasenotes/",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://browser.netscape.com/releasenotes/"
|
||||
},
|
||||
{
|
||||
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
|
||||
},
|
||||
{
|
||||
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
|
||||
},
|
||||
{
|
||||
"name" : "https://issues.rpath.com/browse/RPL-1995",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://issues.rpath.com/browse/RPL-1995"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1484",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2008/dsa-1484"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1485",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2008/dsa-1485"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1489",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2008/dsa-1489"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1506",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2008/dsa-1506"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-1435",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-1459",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-1535",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-2060",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-2118",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-200805-18",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2008:048",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2008:062",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0103",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0104",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0105",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
|
||||
},
|
||||
{
|
||||
"name" : "SSA:2008-061-01",
|
||||
"refsource" : "SLACKWARE",
|
||||
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
|
||||
},
|
||||
{
|
||||
"name" : "239546",
|
||||
"refsource" : "SUNALERT",
|
||||
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
|
||||
},
|
||||
{
|
||||
"name" : "238492",
|
||||
"refsource" : "SUNALERT",
|
||||
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
|
||||
},
|
||||
{
|
||||
"name" : "SUSE-SA:2008:008",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name" : "USN-576-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/usn-576-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-582-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/usn-582-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-582-2",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/usn-582-2"
|
||||
},
|
||||
{
|
||||
"name" : "27683",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27683"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:9897",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-0453",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/0453/references"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-0454",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/0454/references"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-0627",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/0627/references"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-2091",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/2091/references"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-1793",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/1793/references"
|
||||
},
|
||||
{
|
||||
"name" : "1019327",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1019327"
|
||||
},
|
||||
{
|
||||
"name" : "28818",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28818"
|
||||
},
|
||||
{
|
||||
"name" : "28754",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28754"
|
||||
},
|
||||
{
|
||||
"name" : "28758",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28758"
|
||||
},
|
||||
{
|
||||
"name" : "28766",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28766"
|
||||
},
|
||||
{
|
||||
"name" : "28808",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28808"
|
||||
},
|
||||
{
|
||||
"name" : "28815",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28815"
|
||||
},
|
||||
{
|
||||
"name" : "28839",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28839"
|
||||
},
|
||||
{
|
||||
"name" : "28864",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28864"
|
||||
},
|
||||
{
|
||||
"name" : "28865",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28865"
|
||||
},
|
||||
{
|
||||
"name" : "28877",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28877"
|
||||
},
|
||||
{
|
||||
"name" : "28879",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28879"
|
||||
},
|
||||
{
|
||||
"name" : "28924",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28924"
|
||||
},
|
||||
{
|
||||
"name" : "28939",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28939"
|
||||
},
|
||||
{
|
||||
"name" : "28958",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/28958"
|
||||
},
|
||||
{
|
||||
"name" : "29049",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29049"
|
||||
},
|
||||
{
|
||||
"name" : "29086",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29086"
|
||||
},
|
||||
{
|
||||
"name" : "29167",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29167"
|
||||
},
|
||||
{
|
||||
"name" : "29098",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29098"
|
||||
},
|
||||
{
|
||||
"name" : "29164",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29164"
|
||||
},
|
||||
{
|
||||
"name" : "29211",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29211"
|
||||
},
|
||||
{
|
||||
"name" : "29567",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29567"
|
||||
},
|
||||
{
|
||||
"name" : "30327",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30327"
|
||||
},
|
||||
{
|
||||
"name" : "31043",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31043"
|
||||
},
|
||||
{
|
||||
"name" : "30620",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30620"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load function, aka \"JavaScript privilege escalation bugs.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "RHSA-2008:0104",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0104.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-582-2",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-582-2"
|
||||
},
|
||||
{
|
||||
"name": "USN-576-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-576-1"
|
||||
},
|
||||
{
|
||||
"name": "http://browser.netscape.com/releasenotes/",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://browser.netscape.com/releasenotes/"
|
||||
},
|
||||
{
|
||||
"name": "28939",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28939"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1506",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1506"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2008-061-01",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.445399"
|
||||
},
|
||||
{
|
||||
"name": "https://issues.rpath.com/browse/RPL-1995",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://issues.rpath.com/browse/RPL-1995"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-2118",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00946.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-2060",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00905.html"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0093"
|
||||
},
|
||||
{
|
||||
"name": "28766",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28766"
|
||||
},
|
||||
{
|
||||
"name": "28818",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28818"
|
||||
},
|
||||
{
|
||||
"name": "30620",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30620"
|
||||
},
|
||||
{
|
||||
"name": "28865",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28865"
|
||||
},
|
||||
{
|
||||
"name": "29049",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29049"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-0453",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0453/references"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0103",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0103.html"
|
||||
},
|
||||
{
|
||||
"name": "28877",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28877"
|
||||
},
|
||||
{
|
||||
"name": "28879",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28879"
|
||||
},
|
||||
{
|
||||
"name": "USN-582-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-582-1"
|
||||
},
|
||||
{
|
||||
"name": "29167",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29167"
|
||||
},
|
||||
{
|
||||
"name": "29567",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29567"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0105",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0105.html"
|
||||
},
|
||||
{
|
||||
"name": "28958",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28958"
|
||||
},
|
||||
{
|
||||
"name": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.novell.com/techcenter/psdb/6251b18e050302ebe7fe74294b55c818.html"
|
||||
},
|
||||
{
|
||||
"name": "30327",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30327"
|
||||
},
|
||||
{
|
||||
"name": "238492",
|
||||
"refsource": "SUNALERT",
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-238492-1"
|
||||
},
|
||||
{
|
||||
"name": "20080229 rPSA-2008-0093-1 thunderbird",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488971/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1489",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1489"
|
||||
},
|
||||
{
|
||||
"name": "20080212 FLEA-2008-0001-1 firefox",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488002/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20080209 rPSA-2008-0051-1 firefox",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/487826/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "29086",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29086"
|
||||
},
|
||||
{
|
||||
"name": "28815",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28815"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-0454",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0454/references"
|
||||
},
|
||||
{
|
||||
"name": "239546",
|
||||
"refsource": "SUNALERT",
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239546-1"
|
||||
},
|
||||
{
|
||||
"name": "28864",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28864"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:9897",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9897"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1485",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1485"
|
||||
},
|
||||
{
|
||||
"name": "28924",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28924"
|
||||
},
|
||||
{
|
||||
"name": "27683",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27683"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-1793",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/1793/references"
|
||||
},
|
||||
{
|
||||
"name": "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.mozilla.org/security/announce/2008/mfsa2008-03.html"
|
||||
},
|
||||
{
|
||||
"name": "1019327",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1019327"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0093",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0093"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2091",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2091/references"
|
||||
},
|
||||
{
|
||||
"name": "SUSE-SA:2008:008",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00006.html"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-1459",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00309.html"
|
||||
},
|
||||
{
|
||||
"name": "29164",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29164"
|
||||
},
|
||||
{
|
||||
"name": "29211",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29211"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-1535",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00381.html"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0051",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0051"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:062",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:062"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1484",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1484"
|
||||
},
|
||||
{
|
||||
"name": "28808",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28808"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-0627",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0627/references"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200805-18",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-18.xml"
|
||||
},
|
||||
{
|
||||
"name": "28754",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28754"
|
||||
},
|
||||
{
|
||||
"name": "28758",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28758"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-1435",
|
||||
"refsource": "FEDORA",
|
||||
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00274.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:048",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:048"
|
||||
},
|
||||
{
|
||||
"name": "31043",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31043"
|
||||
},
|
||||
{
|
||||
"name": "29098",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29098"
|
||||
},
|
||||
{
|
||||
"name": "28839",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/28839"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0440",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0440",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "4956",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/4956"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "4956",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/4956"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0644",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0644",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-07.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-07.html"
|
||||
},
|
||||
{
|
||||
"name" : "28205",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/28205"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-0862",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/0862/references"
|
||||
},
|
||||
{
|
||||
"name" : "1019590",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1019590"
|
||||
},
|
||||
{
|
||||
"name" : "29332",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29332"
|
||||
},
|
||||
{
|
||||
"name" : "coldfusion-setencoding-xss(41145)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism for applications via unspecified vectors related to the setEncoding function."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "29332",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29332"
|
||||
},
|
||||
{
|
||||
"name": "http://www.adobe.com/support/security/bulletins/apsb08-07.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.adobe.com/support/security/bulletins/apsb08-07.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-0862",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0862/references"
|
||||
},
|
||||
{
|
||||
"name": "1019590",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1019590"
|
||||
},
|
||||
{
|
||||
"name": "coldfusion-setencoding-xss(41145)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41145"
|
||||
},
|
||||
{
|
||||
"name": "28205",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/28205"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0676",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0676",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "5050",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5050"
|
||||
},
|
||||
{
|
||||
"name" : "27594",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27594"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 allows remote attackers to inject arbitrary web script or HTML via the words parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "5050",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5050"
|
||||
},
|
||||
{
|
||||
"name": "27594",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27594"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-0919",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-0919",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080225 Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488697/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "5171",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5171"
|
||||
},
|
||||
{
|
||||
"name" : "27929",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27929"
|
||||
},
|
||||
{
|
||||
"name" : "42006",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/42006"
|
||||
},
|
||||
{
|
||||
"name" : "29046",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29046"
|
||||
},
|
||||
{
|
||||
"name" : "3689",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/3689"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in session/login.php in Open Source Security Information Management (OSSIM) 0.9.9 rc5 and earlier allows remote attackers to inject arbitrary web script or HTML via the dest parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "3689",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/3689"
|
||||
},
|
||||
{
|
||||
"name": "20080222 Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488617/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20080225 Re: Re: SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488697/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "27929",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27929"
|
||||
},
|
||||
{
|
||||
"name": "5171",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5171"
|
||||
},
|
||||
{
|
||||
"name": "42006",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/42006"
|
||||
},
|
||||
{
|
||||
"name": "20080221 SQL-injection, XSS in OSSIM (Open Source Security Information Management)",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488450/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "29046",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29046"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-1216",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-1216",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080222 IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/488620/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "27925",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/27925"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-0667",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/0667"
|
||||
},
|
||||
{
|
||||
"name" : "29072",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29072"
|
||||
},
|
||||
{
|
||||
"name" : "3721",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/3721"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not properly identify URIs containing cross-site scripting (XSS) attack strings, which allows remote attackers to inject arbitrary web script or HTML via a Calendar OpenDocument action to main.nsf with a Count parameter containing a JavaScript event in a malformed element, as demonstrated by an onload event in an IFRAME element."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "3721",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/3721"
|
||||
},
|
||||
{
|
||||
"name": "27925",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/27925"
|
||||
},
|
||||
{
|
||||
"name": "29072",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29072"
|
||||
},
|
||||
{
|
||||
"name": "20080222 IBM Quickr 8 Calendar Xss Injection (Bypass Quickr 8.0 Xss Filter)",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/488620/100/100/threaded"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-0667",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/0667"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-1576",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-1576",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "APPLE-SA-2008-05-28",
|
||||
"refsource" : "APPLE",
|
||||
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name" : "TA08-150A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
|
||||
},
|
||||
{
|
||||
"name" : "29412",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/29412"
|
||||
},
|
||||
{
|
||||
"name" : "29500",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/29500"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-1697",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/1697"
|
||||
},
|
||||
{
|
||||
"name" : "1020140",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1020140"
|
||||
},
|
||||
{
|
||||
"name" : "30430",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30430"
|
||||
},
|
||||
{
|
||||
"name" : "macosx-mail-code-execution(42723)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42723"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, does not properly initialize memory, which might allow remote attackers to execute arbitrary code or cause a denial of service (application crash), or obtain sensitive information (memory contents) in opportunistic circumstances, by sending an e-mail message."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "macosx-mail-code-execution(42723)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42723"
|
||||
},
|
||||
{
|
||||
"name": "29500",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/29500"
|
||||
},
|
||||
{
|
||||
"name": "TA08-150A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
|
||||
},
|
||||
{
|
||||
"name": "30430",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30430"
|
||||
},
|
||||
{
|
||||
"name": "APPLE-SA-2008-05-28",
|
||||
"refsource": "APPLE",
|
||||
"url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
|
||||
},
|
||||
{
|
||||
"name": "1020140",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1020140"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-1697",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/1697"
|
||||
},
|
||||
{
|
||||
"name": "29412",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/29412"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-1717",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-1717",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/490560/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/490782/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"
|
||||
},
|
||||
{
|
||||
"name" : "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"
|
||||
},
|
||||
{
|
||||
"name" : "28678",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/28678"
|
||||
},
|
||||
{
|
||||
"name" : "29719",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/29719"
|
||||
},
|
||||
{
|
||||
"name" : "wbb-wcf-exception-info-disclosure(41713)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "29719",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/29719"
|
||||
},
|
||||
{
|
||||
"name": "20080412 Re: WoltLab(R) Community Framework WCF 1.0.6",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/490782/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "28678",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/28678"
|
||||
},
|
||||
{
|
||||
"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html"
|
||||
},
|
||||
{
|
||||
"name": "wbb-wcf-exception-info-disclosure(41713)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41713"
|
||||
},
|
||||
{
|
||||
"name": "20080407 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/490560/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "20080408 WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,202 +1,202 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-1801",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-1801",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability",
|
||||
"refsource" : "IDEFENSE",
|
||||
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696"
|
||||
},
|
||||
{
|
||||
"name" : "5561",
|
||||
"refsource" : "EXPLOIT-DB",
|
||||
"url" : "https://www.exploit-db.com/exploits/5561"
|
||||
},
|
||||
{
|
||||
"name" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-1573",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2008/dsa-1573"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-3886",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-3917",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html"
|
||||
},
|
||||
{
|
||||
"name" : "FEDORA-2008-3985",
|
||||
"refsource" : "FEDORA",
|
||||
"url" : "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-200806-04",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://security.gentoo.org/glsa/glsa-200806-04.xml"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2008:101",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0575",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0575.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0576",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0576.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2008:0725",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0725.html"
|
||||
},
|
||||
{
|
||||
"name" : "SSA:2008-148-01",
|
||||
"refsource" : "SLACKWARE",
|
||||
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.395286"
|
||||
},
|
||||
{
|
||||
"name" : "240708",
|
||||
"refsource" : "SUNALERT",
|
||||
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-646-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/usn-646-1"
|
||||
},
|
||||
{
|
||||
"name" : "29097",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/29097"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:11570",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11570"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-1467",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/1467/references"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-2403",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/2403"
|
||||
},
|
||||
{
|
||||
"name" : "1019990",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id?1019990"
|
||||
},
|
||||
{
|
||||
"name" : "30118",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30118"
|
||||
},
|
||||
{
|
||||
"name" : "30248",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30248"
|
||||
},
|
||||
{
|
||||
"name" : "30380",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30380"
|
||||
},
|
||||
{
|
||||
"name" : "30713",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/30713"
|
||||
},
|
||||
{
|
||||
"name" : "31222",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31222"
|
||||
},
|
||||
{
|
||||
"name" : "31224",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31224"
|
||||
},
|
||||
{
|
||||
"name" : "31928",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31928"
|
||||
},
|
||||
{
|
||||
"name" : "rdesktop-isorecvmsg-code-execution(42272)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42272"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer underflow in the iso_recv_msg function (iso.c) in rdesktop 1.5.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Remote Desktop Protocol (RDP) request with a small length field."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "31224",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31224"
|
||||
},
|
||||
{
|
||||
"name": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://rdesktop.cvs.sourceforge.net/rdesktop/rdesktop/iso.c?r1=1.19&r2=1.20&pathrev=HEAD"
|
||||
},
|
||||
{
|
||||
"name": "5561",
|
||||
"refsource": "EXPLOIT-DB",
|
||||
"url": "https://www.exploit-db.com/exploits/5561"
|
||||
},
|
||||
{
|
||||
"name": "30118",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30118"
|
||||
},
|
||||
{
|
||||
"name": "USN-646-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/usn-646-1"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-200806-04",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-200806-04.xml"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-3917",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00270.html"
|
||||
},
|
||||
{
|
||||
"name": "30713",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30713"
|
||||
},
|
||||
{
|
||||
"name": "rdesktop-isorecvmsg-code-execution(42272)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42272"
|
||||
},
|
||||
{
|
||||
"name": "1019990",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id?1019990"
|
||||
},
|
||||
{
|
||||
"name": "SSA:2008-148-01",
|
||||
"refsource": "SLACKWARE",
|
||||
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.395286"
|
||||
},
|
||||
{
|
||||
"name": "DSA-1573",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2008/dsa-1573"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-3886",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00244.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0725",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0725.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2403",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2403"
|
||||
},
|
||||
{
|
||||
"name": "FEDORA-2008-3985",
|
||||
"refsource": "FEDORA",
|
||||
"url": "http://www.redhat.com/archives/fedora-package-announce/2008-May/msg00296.html"
|
||||
},
|
||||
{
|
||||
"name": "29097",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/29097"
|
||||
},
|
||||
{
|
||||
"name": "240708",
|
||||
"refsource": "SUNALERT",
|
||||
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-240708-1"
|
||||
},
|
||||
{
|
||||
"name": "30380",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30380"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-1467",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/1467/references"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:101",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:101"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11570",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11570"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0576",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0576.html"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-360.htm"
|
||||
},
|
||||
{
|
||||
"name": "20080507 Multiple Vendor rdesktop iso_recv_msg() Integer Underflow Vulnerability",
|
||||
"refsource": "IDEFENSE",
|
||||
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=696"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2008:0575",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2008-0575.html"
|
||||
},
|
||||
{
|
||||
"name": "30248",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/30248"
|
||||
},
|
||||
{
|
||||
"name": "31928",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31928"
|
||||
},
|
||||
{
|
||||
"name": "31222",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31222"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-3316",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-3316",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.geeklog.net/article.php/20080719093147449",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.geeklog.net/article.php/20080719093147449"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#60419863",
|
||||
"refsource" : "JVN",
|
||||
"url" : "http://jvn.jp/en/jp/JVN60419863/index.html"
|
||||
},
|
||||
{
|
||||
"name" : "JVNDB-2008-000045",
|
||||
"refsource" : "JVNDB",
|
||||
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html"
|
||||
},
|
||||
{
|
||||
"name" : "30355",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/30355"
|
||||
},
|
||||
{
|
||||
"name" : "31188",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31188"
|
||||
},
|
||||
{
|
||||
"name" : "forum-search-xss(43971)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43971"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "31188",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31188"
|
||||
},
|
||||
{
|
||||
"name": "JVN#60419863",
|
||||
"refsource": "JVN",
|
||||
"url": "http://jvn.jp/en/jp/JVN60419863/index.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.geeklog.net/article.php/20080719093147449",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.geeklog.net/article.php/20080719093147449"
|
||||
},
|
||||
{
|
||||
"name": "30355",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/30355"
|
||||
},
|
||||
{
|
||||
"name": "forum-search-xss(43971)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43971"
|
||||
},
|
||||
{
|
||||
"name": "JVNDB-2008-000045",
|
||||
"refsource": "JVNDB",
|
||||
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000045.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4152",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4152",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://drupal.org/node/309758",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://drupal.org/node/309758"
|
||||
},
|
||||
{
|
||||
"name" : "31236",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31236"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-2615",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/2615"
|
||||
},
|
||||
{
|
||||
"name" : "31908",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/31908"
|
||||
},
|
||||
{
|
||||
"name" : "talk-nodetitle-xss(45222)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45222"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via a node title."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "talk-nodetitle-xss(45222)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45222"
|
||||
},
|
||||
{
|
||||
"name": "31908",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/31908"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2615",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2615"
|
||||
},
|
||||
{
|
||||
"name": "http://drupal.org/node/309758",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://drupal.org/node/309758"
|
||||
},
|
||||
{
|
||||
"name": "31236",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31236"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4166",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4166",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20080912 Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/496301/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "31155",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31155"
|
||||
},
|
||||
{
|
||||
"name" : "4284",
|
||||
"refsource" : "SREASON",
|
||||
"url" : "http://securityreason.com/securityalert/4284"
|
||||
},
|
||||
{
|
||||
"name" : "avantbrowser-javascript-dos(45121)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45121"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "4284",
|
||||
"refsource": "SREASON",
|
||||
"url": "http://securityreason.com/securityalert/4284"
|
||||
},
|
||||
{
|
||||
"name": "avantbrowser-javascript-dos(45121)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45121"
|
||||
},
|
||||
{
|
||||
"name": "31155",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31155"
|
||||
},
|
||||
{
|
||||
"name": "20080912 Avant Browser <= 11.7 Build 9 Integer Denial Of Service Exploit",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/496301/100/0/threaded"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,127 +1,127 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2008-4681",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2008-4681",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20081211 rPSA-2008-0336-1 tshark wireshark",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.wireshark.org/security/wnpa-sec-2008-06.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.wireshark.org/security/wnpa-sec-2008-06.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
|
||||
},
|
||||
{
|
||||
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2008:215",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:215"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2009:0313",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
|
||||
},
|
||||
{
|
||||
"name" : "31838",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/31838"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:11194",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11194"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:14853",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14853"
|
||||
},
|
||||
{
|
||||
"name" : "34144",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/34144"
|
||||
},
|
||||
{
|
||||
"name" : "ADV-2008-2872",
|
||||
"refsource" : "VUPEN",
|
||||
"url" : "http://www.vupen.com/english/advisories/2008/2872"
|
||||
},
|
||||
{
|
||||
"name" : "1021069",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://securitytracker.com/id?1021069"
|
||||
},
|
||||
{
|
||||
"name" : "32355",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/32355"
|
||||
},
|
||||
{
|
||||
"name" : "wireshark-bluetoothrfcomm-dos(46014)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46014"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20081211 rPSA-2008-0336-1 tshark wireshark",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://www.securityfocus.com/archive/1/499154/100/0/threaded"
|
||||
},
|
||||
{
|
||||
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-082.htm"
|
||||
},
|
||||
{
|
||||
"name": "32355",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/32355"
|
||||
},
|
||||
{
|
||||
"name": "http://wiki.rpath.com/Advisories:rPSA-2008-0336",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://wiki.rpath.com/Advisories:rPSA-2008-0336"
|
||||
},
|
||||
{
|
||||
"name": "http://www.wireshark.org/security/wnpa-sec-2008-06.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.wireshark.org/security/wnpa-sec-2008-06.html"
|
||||
},
|
||||
{
|
||||
"name": "34144",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/34144"
|
||||
},
|
||||
{
|
||||
"name": "31838",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/31838"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:14853",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14853"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2009:0313",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://www.redhat.com/support/errata/RHSA-2009-0313.html"
|
||||
},
|
||||
{
|
||||
"name": "ADV-2008-2872",
|
||||
"refsource": "VUPEN",
|
||||
"url": "http://www.vupen.com/english/advisories/2008/2872"
|
||||
},
|
||||
{
|
||||
"name": "wireshark-bluetoothrfcomm-dos(46014)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46014"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2008:215",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:215"
|
||||
},
|
||||
{
|
||||
"name": "1021069",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://securitytracker.com/id?1021069"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:11194",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11194"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2240",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-2240",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/11"
|
||||
},
|
||||
{
|
||||
"name" : "http://galleryproject.org/gallery_3_0_9",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://galleryproject.org/gallery_3_0_9"
|
||||
},
|
||||
{
|
||||
"name" : "http://sourceforge.net/apps/trac/gallery/ticket/2073",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://sourceforge.net/apps/trac/gallery/ticket/2073"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=981197",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=981197"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability than CVE-2013-2138."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[oss-security] 20130704 Re: CVE Request -- gallery3 (3.0.9): Fixing two security flaws",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/07/04/11"
|
||||
},
|
||||
{
|
||||
"name": "http://galleryproject.org/gallery_3_0_9",
|
||||
"refsource": "MISC",
|
||||
"url": "http://galleryproject.org/gallery_3_0_9"
|
||||
},
|
||||
{
|
||||
"name": "http://sourceforge.net/apps/trac/gallery/ticket/2073",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://sourceforge.net/apps/trac/gallery/ticket/2073"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/gallery/gallery3/commit/c5318bb1a2dd266b50317a2adb74d74338593733"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=981197",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=981197"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2395",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2013-2395",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201308-06",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "http://security.gentoo.org/glsa/glsa-201308-06.xml"
|
||||
},
|
||||
{
|
||||
"name" : "MDVSA-2013:150",
|
||||
"refsource" : "MANDRIVA",
|
||||
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
|
||||
},
|
||||
{
|
||||
"name" : "53372",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/53372"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "53372",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/53372"
|
||||
},
|
||||
{
|
||||
"name": "GLSA-201308-06",
|
||||
"refsource": "GENTOO",
|
||||
"url": "http://security.gentoo.org/glsa/glsa-201308-06.xml"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
|
||||
},
|
||||
{
|
||||
"name": "MDVSA-2013:150",
|
||||
"refsource": "MANDRIVA",
|
||||
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,71 +1,71 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "larry0@me.com",
|
||||
"DATE_ASSIGNED" : "2012-01-02",
|
||||
"ID" : "CVE-2013-2565",
|
||||
"REQUESTER" : "cve-assign@mitre.org",
|
||||
"STATE" : "PUBLIC",
|
||||
"UPDATED" : "2019-02-11T10:41Z"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Mambo CMS",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_affected" : "<=",
|
||||
"version_value" : "4.6.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Mambo"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Mambo CMS vulnerabilities"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "larry0@me.com",
|
||||
"DATE_ASSIGNED": "2012-01-02",
|
||||
"ID": "CVE-2013-2565",
|
||||
"REQUESTER": "cve-assign@mitre.org",
|
||||
"STATE": "PUBLIC",
|
||||
"UPDATED": "2019-02-11T10:41Z"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Mambo CMS",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "<=",
|
||||
"version_value": "4.6.5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Mambo"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://sourceforge.net/projects/mambo/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://sourceforge.net/projects/mambo/"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.vapidlabs.com/advisory.php?v=75",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.vapidlabs.com/advisory.php?v=75"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Mambo CMS vulnerabilities"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://sourceforge.net/projects/mambo/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://sourceforge.net/projects/mambo/"
|
||||
},
|
||||
{
|
||||
"name": "http://www.vapidlabs.com/advisory.php?v=75",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.vapidlabs.com/advisory.php?v=75"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-2913",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@google.com",
|
||||
"ID": "CVE-2013-2913",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=278908",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=278908"
|
||||
},
|
||||
{
|
||||
"name" : "https://src.chromium.org/viewvc/blink?revision=157914&view=revision",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://src.chromium.org/viewvc/blink?revision=157914&view=revision"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2785",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2013/dsa-2785"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2013:1556",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2013:1861",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2014:0065",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:18843",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Use-after-free vulnerability in the XMLDocumentParser::append function in core/xml/parser/XMLDocumentParser.cpp in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving an XML document."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html"
|
||||
},
|
||||
{
|
||||
"name": "https://src.chromium.org/viewvc/blink?revision=157914&view=revision",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://src.chromium.org/viewvc/blink?revision=157914&view=revision"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=278908",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=278908"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2014:0065",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-01/msg00042.html"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2785",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2013/dsa-2785"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:1556",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-10/msg00002.html"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:18843",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18843"
|
||||
},
|
||||
{
|
||||
"name": "openSUSE-SU-2013:1861",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-12/msg00002.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3114",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3119."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2013-3114",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS13-047",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
|
||||
},
|
||||
{
|
||||
"name" : "TA13-168A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-168A"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:16763",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16763"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3119."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "TA13-168A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/ncas/alerts/TA13-168A"
|
||||
},
|
||||
{
|
||||
"name": "MS13-047",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-047"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:16763",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16763"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3534",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-3534",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html"
|
||||
},
|
||||
{
|
||||
"name" : "59266",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/59266"
|
||||
},
|
||||
{
|
||||
"name" : "53050",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/53050"
|
||||
},
|
||||
{
|
||||
"name" : "joomla-aicontactsafe-unspecified-xss(83631)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83631"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "53050",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/53050"
|
||||
},
|
||||
{
|
||||
"name": "59266",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/59266"
|
||||
},
|
||||
{
|
||||
"name": "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.algisinfo.com/en/home-bottom/41-xss-in-aicontactsafe.html"
|
||||
},
|
||||
{
|
||||
"name": "joomla-aicontactsafe-unspecified-xss(83631)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83631"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3755",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2013-3755",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
|
||||
},
|
||||
{
|
||||
"name" : "61212",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/61212"
|
||||
},
|
||||
{
|
||||
"name" : "95272",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/95272"
|
||||
},
|
||||
{
|
||||
"name" : "1028801",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1028801"
|
||||
},
|
||||
{
|
||||
"name" : "54236",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/54236"
|
||||
},
|
||||
{
|
||||
"name" : "oracle-cpujuly2013-cve20133755(85659)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85659"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "61212",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/61212"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
|
||||
},
|
||||
{
|
||||
"name": "oracle-cpujuly2013-cve20133755(85659)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85659"
|
||||
},
|
||||
{
|
||||
"name": "54236",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/54236"
|
||||
},
|
||||
{
|
||||
"name": "1028801",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1028801"
|
||||
},
|
||||
{
|
||||
"name": "95272",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/95272"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3854",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3853."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2013-3854",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS13-072",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
|
||||
},
|
||||
{
|
||||
"name" : "TA13-253A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:19009",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19009"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka \"Word Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3853."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "MS13-072",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-072"
|
||||
},
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:19009",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19009"
|
||||
},
|
||||
{
|
||||
"name": "TA13-253A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3891",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secure@microsoft.com",
|
||||
"ID": "CVE-2013-3891",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "MS13-086",
|
||||
"refsource" : "MS",
|
||||
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
|
||||
},
|
||||
{
|
||||
"name" : "TA13-288A",
|
||||
"refsource" : "CERT",
|
||||
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-288A"
|
||||
},
|
||||
{
|
||||
"name" : "oval:org.mitre.oval:def:18643",
|
||||
"refsource" : "OVAL",
|
||||
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18643"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka \"Memory Corruption Vulnerability.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "oval:org.mitre.oval:def:18643",
|
||||
"refsource": "OVAL",
|
||||
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18643"
|
||||
},
|
||||
{
|
||||
"name": "MS13-086",
|
||||
"refsource": "MS",
|
||||
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-086"
|
||||
},
|
||||
{
|
||||
"name": "TA13-288A",
|
||||
"refsource": "CERT",
|
||||
"url": "http://www.us-cert.gov/ncas/alerts/TA13-288A"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-3926",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a \"symmetric backdoor.\" NOTE: as of 20130704, the vendor could not reproduce the issue, stating \"We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-3926",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to execute arbitrary commands via unspecified vectors related to a \"symmetric backdoor.\" NOTE: as of 20130704, the vendor could not reproduce the issue, stating \"We've been unable to substantiate the existence of [CVE-2013-3926]. The author of the article has not contacted Atlassian and has provided no detail, making it difficult to validate the claim... If we can confirm that there is a vulnerability, a patch will be issued.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.commandfive.com/papers/C5_TA_2013_3925_AtlassianCrowd.pdf"
|
||||
},
|
||||
{
|
||||
"name": "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd",
|
||||
"refsource": "MISC",
|
||||
"url": "http://it.slashdot.org/story/13/07/01/0011217/backdoor-discovered-in-atlassian-crowd"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,142 +1,142 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-4387",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-4387",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2013/09/29/1"
|
||||
},
|
||||
{
|
||||
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2013:1490",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2013:1645",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2014:0284",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2041-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2041-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2045-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2045-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2049-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2049-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2019-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2019-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2021-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2021-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2022-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2022-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2024-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2024-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2038-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2038-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2039-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2039-1"
|
||||
},
|
||||
{
|
||||
"name" : "USN-2050-1",
|
||||
"refsource" : "UBUNTU",
|
||||
"url" : "http://www.ubuntu.com/usn/USN-2050-1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not properly determine the need for UDP Fragmentation Offload (UFO) processing of small packets after the UFO queueing of a large packet, which allows remote attackers to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via network traffic that triggers a large response packet."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "USN-2024-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2024-1"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011927"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/2811ebac2521ceac84f2bdae402455baa6a7fb47"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:1490",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-2039-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2039-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2022-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2022-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2013:1645",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2013-1645.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-2038-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2038-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2021-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2021-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2019-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2019-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2049-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2049-1"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0284",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
|
||||
},
|
||||
{
|
||||
"name": "USN-2045-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2045-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2050-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2050-1"
|
||||
},
|
||||
{
|
||||
"name": "USN-2041-1",
|
||||
"refsource": "UBUNTU",
|
||||
"url": "http://www.ubuntu.com/usn/USN-2041-1"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=2811ebac2521ceac84f2bdae402455baa6a7fb47"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20130928 Re: linux kernel memory corruption with ipv6 udp offloading",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/09/29/1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-4426",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-4426",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20131015 Re: Re: CVE request: pyxtrlock",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://seclists.org/oss-sec/2013/q4/109"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/leonnnn/pyxtrlock/issues/8",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/leonnnn/pyxtrlock/issues/8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "[oss-security] 20131015 Re: Re: CVE request: pyxtrlock",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://seclists.org/oss-sec/2013/q4/109"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/leonnnn/pyxtrlock/blob/master/CHANGELOG"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/leonnnn/pyxtrlock/issues/8",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/leonnnn/pyxtrlock/issues/8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,97 +1,97 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-4483",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert@redhat.com",
|
||||
"ID": "CVE-2013-4483",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "[oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races",
|
||||
"refsource" : "MLIST",
|
||||
"url" : "http://www.openwall.com/lists/oss-security/2013/10/30/4"
|
||||
},
|
||||
{
|
||||
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
|
||||
},
|
||||
{
|
||||
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024854",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1024854"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2014:0285",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html"
|
||||
},
|
||||
{
|
||||
"name" : "RHSA-2015:0284",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
|
||||
},
|
||||
{
|
||||
"name" : "openSUSE-SU-2014:0247",
|
||||
"refsource" : "SUSE",
|
||||
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "openSUSE-SU-2014:0247",
|
||||
"refsource": "SUSE",
|
||||
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00045.html"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2014:0285",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html"
|
||||
},
|
||||
{
|
||||
"name": "[oss-security] 20131030 Re: CVE Request -- Linux kernel: ipc: ipc_rcu_putref refcount races",
|
||||
"refsource": "MLIST",
|
||||
"url": "http://www.openwall.com/lists/oss-security/2013/10/30/4"
|
||||
},
|
||||
{
|
||||
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.10.bz2"
|
||||
},
|
||||
{
|
||||
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
|
||||
},
|
||||
{
|
||||
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1024854",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1024854"
|
||||
},
|
||||
{
|
||||
"name": "RHSA-2015:0284",
|
||||
"refsource": "REDHAT",
|
||||
"url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/torvalds/linux/commit/6062a8dc0517bce23e3c2f7d2fea5e22411269a3"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6267",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-6267",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/124200",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/124200"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.htbridge.com/advisory/HTB23179",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.htbridge.com/advisory/HTB23179"
|
||||
},
|
||||
{
|
||||
"name" : "http://forum.claroline.net/viewtopic.php?f=88&t=26413",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://forum.claroline.net/viewtopic.php?f=88&t=26413"
|
||||
},
|
||||
{
|
||||
"name" : "1029435",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1029435"
|
||||
},
|
||||
{
|
||||
"name" : "55753",
|
||||
"refsource" : "SECUNIA",
|
||||
"url" : "http://secunia.com/advisories/55753"
|
||||
},
|
||||
{
|
||||
"name" : "claroline-cve20136267-xss(89264)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cidToEdit parameter to (2) adminregisteruser.php or (3) admin_user_course_settings.php in admin/, (4) module_id parameter to admin/module/module.php, or (5) offset parameter to admin/right/profile_list.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.htbridge.com/advisory/HTB23179",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.htbridge.com/advisory/HTB23179"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/124200",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/124200"
|
||||
},
|
||||
{
|
||||
"name": "55753",
|
||||
"refsource": "SECUNIA",
|
||||
"url": "http://secunia.com/advisories/55753"
|
||||
},
|
||||
{
|
||||
"name": "claroline-cve20136267-xss(89264)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89264"
|
||||
},
|
||||
{
|
||||
"name": "1029435",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1029435"
|
||||
},
|
||||
{
|
||||
"name": "http://forum.claroline.net/viewtopic.php?f=88&t=26413",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://forum.claroline.net/viewtopic.php?f=88&t=26413"
|
||||
},
|
||||
{
|
||||
"name": "20131127 Multiple Cross-Site Scripting (XSS) in Claroline",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0139.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6333",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@us.ibm.com",
|
||||
"ID": "CVE-2013-6333",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21666110"
|
||||
},
|
||||
{
|
||||
"name" : "ibm-algo-one-cve20136333-xss(89024)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89024"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "ibm-algo-one-cve20136333-xss(89024)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89024"
|
||||
},
|
||||
{
|
||||
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21666110"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6665",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-6665",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
|
||||
},
|
||||
{
|
||||
"name" : "https://code.google.com/p/chromium/issues/detail?id=337882",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://code.google.com/p/chromium/issues/detail?id=337882"
|
||||
},
|
||||
{
|
||||
"name" : "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-2883",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2014/dsa-2883"
|
||||
},
|
||||
{
|
||||
"name" : "65930",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/65930"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "65930",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/65930"
|
||||
},
|
||||
{
|
||||
"name": "https://code.google.com/p/chromium/issues/detail?id=337882",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://code.google.com/p/chromium/issues/detail?id=337882"
|
||||
},
|
||||
{
|
||||
"name": "DSA-2883",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2014/dsa-2883"
|
||||
},
|
||||
{
|
||||
"name": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html"
|
||||
},
|
||||
{
|
||||
"name": "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://src.chromium.org/viewvc/chrome?revision=250870&view=revision"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-6751",
|
||||
"STATE" : "REJECT"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"data_type": "CVE",
|
||||
"data_format": "MITRE",
|
||||
"data_version": "4.0",
|
||||
"CVE_data_meta": {
|
||||
"ID": "CVE-2013-6751",
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"STATE": "REJECT"
|
||||
},
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,87 +1,87 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-7326",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-7326",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting",
|
||||
"refsource" : "BUGTRAQ",
|
||||
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/124402",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/124402"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05"
|
||||
},
|
||||
{
|
||||
"name" : "64236",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/64236"
|
||||
},
|
||||
{
|
||||
"name" : "100897",
|
||||
"refsource" : "OSVDB",
|
||||
"url" : "http://osvdb.org/100897"
|
||||
},
|
||||
{
|
||||
"name" : "vtiger-multiple-xss(89662)",
|
||||
"refsource" : "XF",
|
||||
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "vtiger-multiple-xss(89662)",
|
||||
"refsource": "XF",
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/124402",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/124402"
|
||||
},
|
||||
{
|
||||
"name": "100897",
|
||||
"refsource": "OSVDB",
|
||||
"url": "http://osvdb.org/100897"
|
||||
},
|
||||
{
|
||||
"name": "20131211 [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting",
|
||||
"refsource": "BUGTRAQ",
|
||||
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
|
||||
},
|
||||
{
|
||||
"name": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.enkomio.com/Advisory/SOJOBO-ADV-13-05"
|
||||
},
|
||||
{
|
||||
"name": "64236",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/64236"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2013-7418",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2013-7418",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name" : "http://sourceforge.net/p/ipcop/bugs/807/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://sourceforge.net/p/ipcop/bugs/807/"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by leveraging a separate cross-site scripting (XSS) vulnerability."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://www.asafety.fr/vuln-exploit-poc/xss-rce-ipcop-2-1-4-remote-command-execution/"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/129697/IPCop-2.1.4-Cross-Site-Request-Forgery-Cross-Site-Scripting.html"
|
||||
},
|
||||
{
|
||||
"name": "http://sourceforge.net/p/ipcop/bugs/807/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://sourceforge.net/p/ipcop/bugs/807/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "secalert_us@oracle.com",
|
||||
"ID" : "CVE-2017-10166",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Security Service",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_affected" : "=",
|
||||
"version_value" : "FMW: 11.1.1.9.0"
|
||||
},
|
||||
{
|
||||
"version_affected" : "=",
|
||||
"version_value" : "12.1.3.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data."
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "secalert_us@oracle.com",
|
||||
"ID": "CVE-2017-10166",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Security Service",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "FMW: 11.1.1.9.0"
|
||||
},
|
||||
{
|
||||
"version_affected": "=",
|
||||
"version_value": "12.1.3.0.0"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Oracle Corporation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name" : "101412",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101412"
|
||||
},
|
||||
{
|
||||
"name" : "1039602",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1039602"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Vulnerability in the Oracle Security Service component of Oracle Fusion Middleware (subcomponent: C Oracle SSL API). Supported versions that are affected are FMW: 11.1.1.9.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Security Service accessible data."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "1039602",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1039602"
|
||||
},
|
||||
{
|
||||
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
|
||||
},
|
||||
{
|
||||
"name": "101412",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101412"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-10524",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-10524",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-10731",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-10731",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.irfanview.com/plugins.htm",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.irfanview.com/plugins.htm"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80.\""
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10731"
|
||||
},
|
||||
{
|
||||
"name": "http://www.irfanview.com/plugins.htm",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.irfanview.com/plugins.htm"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "vultures@jpcert.or.jp",
|
||||
"ID" : "CVE-2017-10864",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Installer of HIBUN Confidential File Viewer",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "prior to 11.20.0001"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Hitachi Solutions, Ltd."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Untrusted search path vulnerability"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2017-10864",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Installer of HIBUN Confidential File Viewer",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "prior to 11.20.0001"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Hitachi Solutions, Ltd."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#94056834",
|
||||
"refsource" : "JVN",
|
||||
"url" : "https://jvn.jp/en/jp/JVN94056834/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Untrusted search path vulnerability in Installer of HIBUN Confidential File Viewer prior to 11.20.0001 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Untrusted search path vulnerability"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.hitachi-solutions.co.jp/hibun/sp/support/importance/20170929.html"
|
||||
},
|
||||
{
|
||||
"name": "JVN#94056834",
|
||||
"refsource": "JVN",
|
||||
"url": "https://jvn.jp/en/jp/JVN94056834/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,92 +1,92 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-13001",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh()."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-13001",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.tcpdump.org/tcpdump-changes.txt",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.tcpdump.org/tcpdump-changes.txt"
|
||||
},
|
||||
{
|
||||
"name" : "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123"
|
||||
},
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208221",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT208221"
|
||||
},
|
||||
{
|
||||
"name" : "DSA-3971",
|
||||
"refsource" : "DEBIAN",
|
||||
"url" : "http://www.debian.org/security/2017/dsa-3971"
|
||||
},
|
||||
{
|
||||
"name" : "GLSA-201709-23",
|
||||
"refsource" : "GENTOO",
|
||||
"url" : "https://security.gentoo.org/glsa/201709-23"
|
||||
},
|
||||
{
|
||||
"name" : "RHEA-2018:0705",
|
||||
"refsource" : "REDHAT",
|
||||
"url" : "https://access.redhat.com/errata/RHEA-2018:0705"
|
||||
},
|
||||
{
|
||||
"name" : "1039307",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1039307"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:nfs_printfh()."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "GLSA-201709-23",
|
||||
"refsource": "GENTOO",
|
||||
"url": "https://security.gentoo.org/glsa/201709-23"
|
||||
},
|
||||
{
|
||||
"name": "https://support.apple.com/HT208221",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT208221"
|
||||
},
|
||||
{
|
||||
"name": "DSA-3971",
|
||||
"refsource": "DEBIAN",
|
||||
"url": "http://www.debian.org/security/2017/dsa-3971"
|
||||
},
|
||||
{
|
||||
"name": "1039307",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1039307"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://github.com/the-tcpdump-group/tcpdump/commit/7a923447fd49a069a0fd3b6c3547438ab5ee2123"
|
||||
},
|
||||
{
|
||||
"name": "http://www.tcpdump.org/tcpdump-changes.txt",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.tcpdump.org/tcpdump-changes.txt"
|
||||
},
|
||||
{
|
||||
"name": "RHEA-2018:0705",
|
||||
"refsource": "REDHAT",
|
||||
"url": "https://access.redhat.com/errata/RHEA-2018:0705"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,81 +1,81 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "security@google.com",
|
||||
"DATE_PUBLIC" : "2018-04-02T00:00:00",
|
||||
"ID" : "CVE-2017-13285",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Android",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "6.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "6.0.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "7.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "7.1.1"
|
||||
},
|
||||
{
|
||||
"version_value" : "7.1.2"
|
||||
},
|
||||
{
|
||||
"version_value" : "8.0"
|
||||
},
|
||||
{
|
||||
"version_value" : "8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Google Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Remote code execution"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "security@android.com",
|
||||
"DATE_PUBLIC": "2018-04-02T00:00:00",
|
||||
"ID": "CVE-2017-13285",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Android",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "6.0"
|
||||
},
|
||||
{
|
||||
"version_value": "6.0.1"
|
||||
},
|
||||
{
|
||||
"version_value": "7.0"
|
||||
},
|
||||
{
|
||||
"version_value": "7.1.1"
|
||||
},
|
||||
{
|
||||
"version_value": "7.1.2"
|
||||
},
|
||||
{
|
||||
"version_value": "8.0"
|
||||
},
|
||||
{
|
||||
"version_value": "8.1"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Google Inc."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://source.android.com/security/bulletin/2018-04-01",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://source.android.com/security/bulletin/2018-04-01"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-69177126."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Remote code execution"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://source.android.com/security/bulletin/2018-04-01",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://source.android.com/security/bulletin/2018-04-01"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,72 +1,72 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "product-security@apple.com",
|
||||
"ID" : "CVE-2017-13858",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "product-security@apple.com",
|
||||
"ID": "CVE-2017-13858",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://support.apple.com/HT208331",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://support.apple.com/HT208331"
|
||||
},
|
||||
{
|
||||
"name" : "102099",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/102099"
|
||||
},
|
||||
{
|
||||
"name" : "1039966",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1039966"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the \"IOKit\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://support.apple.com/HT208331",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://support.apple.com/HT208331"
|
||||
},
|
||||
{
|
||||
"name": "1039966",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1039966"
|
||||
},
|
||||
{
|
||||
"name": "102099",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/102099"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-17036",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-17036",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,68 +1,68 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "psirt@huawei.com",
|
||||
"ID" : "CVE-2017-17323",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "iBMC",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "V200R002C10"
|
||||
},
|
||||
{
|
||||
"version_value" : "V200R002C20"
|
||||
},
|
||||
{
|
||||
"version_value" : "V200R002C30"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Huawei Technologies Co., Ltd."
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "improper authorization"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@huawei.com",
|
||||
"ID": "CVE-2017-17323",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "iBMC",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "V200R002C10"
|
||||
},
|
||||
{
|
||||
"version_value": "V200R002C20"
|
||||
},
|
||||
{
|
||||
"version_value": "V200R002C30"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Huawei Technologies Co., Ltd."
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper authorization vulnerability. The software incorrectly performs an authorization check when a normal user attempts to access certain information which is supposed to be accessed only by admin user. Successful exploit could cause information disclosure."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "improper authorization"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.huawei.com/en/psirt/security-advisories/2018/huawei-sa-20180131-01-ibmc-en"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,82 +1,82 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-17713",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-17713",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.youtube.com/watch?v=RWw1UTeZee8",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.youtube.com/watch?v=RWw1UTeZee8"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.youtube.com/watch?v=Txp6IwR24jY",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.youtube.com/watch?v=Txp6IwR24jY"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.youtube.com/watch?v=efmvL235S-8",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.youtube.com/watch?v=efmvL235S-8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.youtube.com/watch?v=Txp6IwR24jY",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.youtube.com/watch?v=Txp6IwR24jY"
|
||||
},
|
||||
{
|
||||
"name": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3",
|
||||
"refsource": "MISC",
|
||||
"url": "https://github.com/boxug/trape/commit/628149159ba25adbfc29a3ae1d4b10c7eb936dd3"
|
||||
},
|
||||
{
|
||||
"name": "https://www.youtube.com/watch?v=RWw1UTeZee8",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.youtube.com/watch?v=RWw1UTeZee8"
|
||||
},
|
||||
{
|
||||
"name": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.seekurity.com/blog/general/cve-2017-17713-and-cve-2017-17714-multiple-sql-injections-and-xss-vulnerabilities-found-in-the-hackers-tracking-tool-trape-boxug/"
|
||||
},
|
||||
{
|
||||
"name": "https://www.youtube.com/watch?v=efmvL235S-8",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.youtube.com/watch?v=efmvL235S-8"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-17731",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-17731",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "http://0day5.com/archives/1346/",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://0day5.com/archives/1346/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "http://0day5.com/archives/1346/",
|
||||
"refsource": "MISC",
|
||||
"url": "http://0day5.com/archives/1346/"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-17761",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "An issue was discovered on Ichano AtHome IP Camera devices. The device runs the \"noodles\" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the \"system\" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-17761",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://blogs.securiteam.com/index.php/archives/3576",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://blogs.securiteam.com/index.php/archives/3576"
|
||||
},
|
||||
{
|
||||
"name" : "102974",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/102974"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "An issue was discovered on Ichano AtHome IP Camera devices. The device runs the \"noodles\" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the \"system\" XML element for specifying the command. For example, a <system>id</system> command results in a <system_ack>ok</system_ack> response."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "102974",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/102974"
|
||||
},
|
||||
{
|
||||
"name": "https://blogs.securiteam.com/index.php/archives/3576",
|
||||
"refsource": "MISC",
|
||||
"url": "https://blogs.securiteam.com/index.php/archives/3576"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9213",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9213",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,77 +1,77 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9377",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9377",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://www.contextis.com/resources/advisories/cve-2017-9377",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://www.contextis.com/resources/advisories/cve-2017-9377"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.barco.com/en/Support/software/R33050037",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.barco.com/en/Support/software/R33050037"
|
||||
},
|
||||
{
|
||||
"name" : "https://www.barco.com/en/support/software/R33050020",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://www.barco.com/en/support/software/R33050020"
|
||||
},
|
||||
{
|
||||
"name" : "101617",
|
||||
"refsource" : "BID",
|
||||
"url" : "http://www.securityfocus.com/bid/101617"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://www.barco.com/en/support/software/R33050020",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.barco.com/en/support/software/R33050020"
|
||||
},
|
||||
{
|
||||
"name": "https://www.barco.com/en/Support/software/R33050037",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://www.barco.com/en/Support/software/R33050037"
|
||||
},
|
||||
{
|
||||
"name": "https://www.contextis.com/resources/advisories/cve-2017-9377",
|
||||
"refsource": "MISC",
|
||||
"url": "https://www.contextis.com/resources/advisories/cve-2017-9377"
|
||||
},
|
||||
{
|
||||
"name": "101617",
|
||||
"refsource": "BID",
|
||||
"url": "http://www.securityfocus.com/bid/101617"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9575",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The \"FVB Mobile Banking\" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9575",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The \"FVB Mobile Banking\" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
|
||||
"refsource": "MISC",
|
||||
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2017-9587",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "The \"PCSB BANK Mobile\" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2017-9587",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "The \"PCSB BANK Mobile\" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
|
||||
"refsource": "MISC",
|
||||
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "psirt@cisco.com",
|
||||
"ID" : "CVE-2018-0303",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Cisco FXOS and NX-OS unknown",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "Cisco FXOS and NX-OS unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-20"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "psirt@cisco.com",
|
||||
"ID": "CVE-2018-0303",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Cisco FXOS and NX-OS unknown",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "Cisco FXOS and NX-OS unknown"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"
|
||||
},
|
||||
{
|
||||
"name" : "1041169",
|
||||
"refsource" : "SECTRACK",
|
||||
"url" : "http://www.securitytracker.com/id/1041169"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "A vulnerability in the Cisco Discovery Protocol component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2 adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device. This vulnerability affects the following if configured to use Cisco Discovery Protocol: Firepower 4100 Series Next-Generation Firewalls, Firepower 9300 Security Appliance, MDS 9000 Series Multilayer Switches, Nexus 1000V Series Switches, Nexus 1100 Series Cloud Services Platforms, Nexus 2000 Series Fabric Extenders, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCvc22202, CSCvc22205, CSCvc22208, CSCvc88078, CSCvc88150, CSCvc88159, CSCvc88162, CSCvc88167."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-20"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-fxnxos-dos"
|
||||
},
|
||||
{
|
||||
"name": "1041169",
|
||||
"refsource": "SECTRACK",
|
||||
"url": "http://www.securitytracker.com/id/1041169"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "vultures@jpcert.or.jp",
|
||||
"ID" : "CVE-2018-0660",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "AttacheCase",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "HiBARA Software"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "Directory traversal"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "vultures@jpcert.or.jp",
|
||||
"ID": "CVE-2018-0660",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "AttacheCase",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "HiBARA Software"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://hibara.org/software/attachecase/?lang=en",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "https://hibara.org/software/attachecase/?lang=en"
|
||||
},
|
||||
{
|
||||
"name" : "JVN#62121133",
|
||||
"refsource" : "JVN",
|
||||
"url" : "http://jvn.jp/en/jp/JVN62121133/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal vulnerability in ver.2.8.4.0 and earlier and ver.3.3.0.0 and earlier allows an attacker to create arbitrary files via specially crafted ATC file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "Directory traversal"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://hibara.org/software/attachecase/?lang=en",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "https://hibara.org/software/attachecase/?lang=en"
|
||||
},
|
||||
{
|
||||
"name": "JVN#62121133",
|
||||
"refsource": "JVN",
|
||||
"url": "http://jvn.jp/en/jp/JVN62121133/index.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-18123",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-18123",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-18179",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-18179",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-18885",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-18885",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19105",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19105",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://code610.blogspot.com/2018/11/crashing-librecad-213.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://code610.blogspot.com/2018/11/crashing-librecad-213.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "LibreCAD 2.1.3 allows remote attackers to cause a denial of service (0x89C04589 write access violation and application crash) or possibly have unspecified other impact via a crafted file."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://code610.blogspot.com/2018/11/crashing-librecad-213.html",
|
||||
"refsource": "MISC",
|
||||
"url": "https://code610.blogspot.com/2018/11/crashing-librecad-213.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19290",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "n/a",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the \"!calc 5 x 5\" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "n/a"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19290",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "n/a",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "20181116 Budabot !calc Denial of Service",
|
||||
"refsource" : "FULLDISC",
|
||||
"url" : "http://seclists.org/fulldisclosure/2018/Nov/44"
|
||||
},
|
||||
{
|
||||
"name" : "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html",
|
||||
"refsource" : "MISC",
|
||||
"url" : "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the \"!calc 5 x 5\" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "n/a"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "20181116 Budabot !calc Denial of Service",
|
||||
"refsource": "FULLDISC",
|
||||
"url": "http://seclists.org/fulldisclosure/2018/Nov/44"
|
||||
},
|
||||
{
|
||||
"name": "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html",
|
||||
"refsource": "MISC",
|
||||
"url": "http://packetstormsecurity.com/files/150391/Budabot-4.0-Denial-Of-Service.html"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19356",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19356",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-19667",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-19667",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,62 +1,62 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
|
||||
"ID" : "CVE-2018-1163",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "Quest NetVault Backup",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "11.2.0.13"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "Quest"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-287-Improper Authentication"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2018-1163",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "Quest NetVault Backup",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "11.2.0.13"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "Quest"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-006",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-006"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Quest NetVault Backup 11.2.0.13. The specific flaw exists within JSON RPC Request handling. By setting the checksession parameter to a specific value, it is possible to bypass authentication to critical functions. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-4752."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-287-Improper Authentication"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://zerodayinitiative.com/advisories/ZDI-18-006",
|
||||
"refsource": "MISC",
|
||||
"url": "https://zerodayinitiative.com/advisories/ZDI-18-006"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,67 +1,67 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
|
||||
"ID" : "CVE-2018-1172",
|
||||
"STATE" : "PUBLIC"
|
||||
},
|
||||
"affects" : {
|
||||
"vendor" : {
|
||||
"vendor_data" : [
|
||||
{
|
||||
"product" : {
|
||||
"product_data" : [
|
||||
{
|
||||
"product_name" : "The Squid Software Foundation Squid",
|
||||
"version" : {
|
||||
"version_data" : [
|
||||
{
|
||||
"version_value" : "3.5.27-20180318"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name" : "The Squid Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype" : {
|
||||
"problemtype_data" : [
|
||||
{
|
||||
"description" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "CWE-476-NULL Pointer Dereference"
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "zdi-disclosures@trendmicro.com",
|
||||
"ID": "CVE-2018-1172",
|
||||
"STATE": "PUBLIC"
|
||||
},
|
||||
"affects": {
|
||||
"vendor": {
|
||||
"vendor_data": [
|
||||
{
|
||||
"product": {
|
||||
"product_data": [
|
||||
{
|
||||
"product_name": "The Squid Software Foundation Squid",
|
||||
"version": {
|
||||
"version_data": [
|
||||
{
|
||||
"version_value": "3.5.27-20180318"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
},
|
||||
"vendor_name": "The Squid Software Foundation"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references" : {
|
||||
"reference_data" : [
|
||||
{
|
||||
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-309",
|
||||
"refsource" : "MISC",
|
||||
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-309"
|
||||
},
|
||||
{
|
||||
"name" : "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt",
|
||||
"refsource" : "CONFIRM",
|
||||
"url" : "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "This vulnerability allows remote attackers to deny service on vulnerable installations of The Squid Software Foundation Squid 3.5.27-20180318. Authentication is not required to exploit this vulnerability. The specific flaw exists within ClientRequestContext::sslBumpAccessCheck(). A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the system. Was ZDI-CAN-6088."
|
||||
}
|
||||
]
|
||||
},
|
||||
"problemtype": {
|
||||
"problemtype_data": [
|
||||
{
|
||||
"description": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "CWE-476-NULL Pointer Dereference"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": {
|
||||
"reference_data": [
|
||||
{
|
||||
"name": "https://zerodayinitiative.com/advisories/ZDI-18-309",
|
||||
"refsource": "MISC",
|
||||
"url": "https://zerodayinitiative.com/advisories/ZDI-18-309"
|
||||
},
|
||||
{
|
||||
"name": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt",
|
||||
"refsource": "CONFIRM",
|
||||
"url": "http://www.squid-cache.org/Advisories/SQUID-2018_3.txt"
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
@ -1,18 +1,18 @@
|
||||
{
|
||||
"CVE_data_meta" : {
|
||||
"ASSIGNER" : "cve@mitre.org",
|
||||
"ID" : "CVE-2018-1746",
|
||||
"STATE" : "RESERVED"
|
||||
},
|
||||
"data_format" : "MITRE",
|
||||
"data_type" : "CVE",
|
||||
"data_version" : "4.0",
|
||||
"description" : {
|
||||
"description_data" : [
|
||||
{
|
||||
"lang" : "eng",
|
||||
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
"CVE_data_meta": {
|
||||
"ASSIGNER": "cve@mitre.org",
|
||||
"ID": "CVE-2018-1746",
|
||||
"STATE": "RESERVED"
|
||||
},
|
||||
"data_format": "MITRE",
|
||||
"data_type": "CVE",
|
||||
"data_version": "4.0",
|
||||
"description": {
|
||||
"description_data": [
|
||||
{
|
||||
"lang": "eng",
|
||||
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
Loading…
x
Reference in New Issue
Block a user