admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:10:26 +00:00
parent e20c557b39
commit 4033c788c5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 3937 additions and 3937 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
2001/0xxx/CVE-2001-0052.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0052", "ID": "CVE-2001-0052",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001205 IBM DB2 SQL DOS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/149207" "lang": "eng",
}, "value": "IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query."
{ }
"name" : "2067", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2067" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-db2-dos(5664)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5664" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-db2-dos(5664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5664"
},
{
"name": "2067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2067"
},
{
"name": "20001205 IBM DB2 SQL DOS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/149207"
}
]
}
} }

138
2001/0xxx/CVE-2001-0127.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0127", "ID": "CVE-2001-0127",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010115 Flash plugin write-overflow", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html" "lang": "eng",
}, "value": "Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag."
{ }
"name" : "VU#451096", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/451096" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "2214", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/2214" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20010115 Flash plugin write-overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html"
},
{
"name": "VU#451096",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/451096"
},
{
"name": "2214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2214"
}
]
}
} }

138
2001/0xxx/CVE-2001-0177.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0177", "ID": "CVE-2001-0177",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010110 Vulnerable: Conference Room Professional-Developer Edititon.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/155388" "lang": "eng",
}, "value": "WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a denial of service via a buddy relationship between the IRC server and a server clone."
{ }
"name" : "2178", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/2178" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "conferenceroom-developer-dos(5909)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5909" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20010110 Vulnerable: Conference Room Professional-Developer Edititon.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/155388"
},
{
"name": "2178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2178"
},
{
"name": "conferenceroom-developer-dos(5909)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5909"
}
]
}
} }

128
2001/0xxx/CVE-2001-0313.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0313", "ID": "CVE-2001-0313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010126 Borderware v6.1.2 ping DoS vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=98053139231392&w=2" "lang": "eng",
}, "value": "Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network."
{ }
"name" : "borderware-ping-dos(6004)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6004" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010126 Borderware v6.1.2 ping DoS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=98053139231392&w=2"
},
{
"name": "borderware-ping-dos(6004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6004"
}
]
}
} }

158
2001/0xxx/CVE-2001-0735.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2001-0735", "ID": "CVE-2001-0735",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20010621 cfingerd local vulnerability (possibly root)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/192844" "lang": "eng",
}, "value": "Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file."
{ }
"name" : "20010711 Another exploit for cfingerd <= 1.4.3-8", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-066", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2001/dsa-066" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "2914", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/2914" ]
}, },
{ "references": {
"name" : "cfingerd-util-bo(6744)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/6744" "name": "2914",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/2914"
} },
{
"name": "DSA-066",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2001/dsa-066"
},
{
"name": "cfingerd-util-bo(6744)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6744"
},
{
"name": "20010711 Another exploit for cfingerd <= 1.4.3-8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/01071120191900.00788@localhost.localdomain"
},
{
"name": "20010621 cfingerd local vulnerability (possibly root)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/192844"
}
]
}
} }

188
2008/0xxx/CVE-2008-0434.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0434", "ID": "CVE-2008-0434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486722/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command."
{ }
"name" : "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit", ]
"refsource" : "FULLDISC", },
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4947", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/4947" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27363", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27363" ]
}, },
{ "references": {
"name" : "ADV-2008-0237", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0237" "name": "3570",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3570"
"name" : "28562", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28562" "name": "27363",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/27363"
"name" : "3570", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3570" "name": "4947",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4947"
"name" : "axigen-aximilter-format-string(39803)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39803" "name": "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/486722/100/0/threaded"
} },
{
"name": "axigen-aximilter-format-string(39803)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39803"
},
{
"name": "20080120 AXIGEN 5.0.x AXIMilter Format String Exploit",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059788.html"
},
{
"name": "28562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28562"
},
{
"name": "ADV-2008-0237",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0237"
}
]
}
} }

138
2008/1xxx/CVE-2008-1485.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1485", "ID": "CVE-2008-1485",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php."
{ }
"name" : "45561", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/45561" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29043", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29043" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "29043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29043"
},
{
"name": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt",
"refsource": "CONFIRM",
"url": "http://punbb.org/download/changelogs/1.2.16_to_1.2.17.txt"
},
{
"name": "45561",
"refsource": "OSVDB",
"url": "http://osvdb.org/45561"
}
]
}
} }

218
2008/1xxx/CVE-2008-1584.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1584", "ID": "CVE-2008-1584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080610 ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/493247/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted Indeo video codec content in a movie file."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-037/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-037/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT1991", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT1991" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2008-06-09", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html" ]
}, },
{ "references": {
"name" : "TA08-162C", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-162C.html" "name": "20080610 ZDI-08-037: Apple QuickTime Indeo Video Buffer Overflow Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/493247/100/0/threaded"
"name" : "29619", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29619" "name": "TA08-162C",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-162C.html"
"name" : "29652", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/29652" "name": "1020216",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020216"
"name" : "ADV-2008-1776", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1776/references" "name": "quicktime-indeo-video-bo(42947)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42947"
"name" : "1020216", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020216" "name": "APPLE-SA-2008-06-09",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Jun/msg00000.html"
"name" : "29293", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29293" "name": "29293",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29293"
"name" : "quicktime-indeo-video-bo(42947)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42947" "name": "29652",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/29652"
} },
{
"name": "ADV-2008-1776",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1776/references"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-037/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-037/"
},
{
"name": "29619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29619"
},
{
"name": "http://support.apple.com/kb/HT1991",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT1991"
}
]
}
} }

158
2008/1xxx/CVE-2008-1905.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1905", "ID": "CVE-2008-1905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://aluigi.altervista.org/adv/neromedia-adv.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/neromedia-adv.txt" "lang": "eng",
}, "value": "NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322."
{ }
"name" : "28775", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28775" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-1216", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1216/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29808", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29808" ]
}, },
{ "references": {
"name" : "nero-nmmediaserver-dos(41795)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41795" "name": "http://aluigi.altervista.org/adv/neromedia-adv.txt",
} "refsource": "MISC",
] "url": "http://aluigi.altervista.org/adv/neromedia-adv.txt"
} },
{
"name": "ADV-2008-1216",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1216/references"
},
{
"name": "28775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28775"
},
{
"name": "29808",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29808"
},
{
"name": "nero-nmmediaserver-dos(41795)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41795"
}
]
}
} }

218
2008/5xxx/CVE-2008-5256.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5256", "ID": "CVE-2008-5256",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149" "lang": "eng",
}, "value": "The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek VirtualBox before 2.0.6 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/.vbox-$USER-ipc/lock temporary file."
{ }
"name" : "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810", ]
"refsource" : "CONFIRM", },
"url" : "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.virtualbox.org/wiki/Changelog", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.virtualbox.org/wiki/Changelog" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MDVSA-2009:011", ]
"refsource" : "MANDRIVA", }
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:011" ]
}, },
{ "references": {
"name" : "247326", "reference_data": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1" "name": "247326",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-247326-1"
"name" : "SUSE-SR:2009:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" "name": "http://www.virtualbox.org/wiki/Changelog",
}, "refsource": "CONFIRM",
{ "url": "http://www.virtualbox.org/wiki/Changelog"
"name" : "32444", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32444" "name": "32851",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32851"
"name" : "1021384", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021384" "name": "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810",
}, "refsource": "CONFIRM",
{ "url": "http://www.virtualbox.org/changeset?new=trunk%2Fsrc%2Flibs%2Fxpcom18a4%2Fipc%2Fipcd%2Fdaemon%2Fsrc%2FipcdUnix.cpp%4013810"
"name" : "ADV-2008-3410", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3410" "name": "ADV-2008-3410",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3410"
"name" : "32851", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32851" "name": "1021384",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021384"
"name" : "sun-virtualbox-ipcdunix-symlink(46826)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46826" "name": "SUSE-SR:2009:004",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
} },
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504149"
},
{
"name": "sun-virtualbox-ipcdunix-symlink(46826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46826"
},
{
"name": "32444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32444"
},
{
"name": "MDVSA-2009:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:011"
}
]
}
} }

148
2008/5xxx/CVE-2008-5593.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5593", "ID": "CVE-2008-5593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7375", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7375" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in index.php in Mini CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) page and (2) admin parameters."
{ }
"name" : "32680", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32680" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33024", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33024" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4750", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4750" ]
} },
] "references": {
} "reference_data": [
{
"name": "7375",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7375"
},
{
"name": "4750",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4750"
},
{
"name": "32680",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32680"
},
{
"name": "33024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33024"
}
]
}
} }

148
2008/5xxx/CVE-2008-5812.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5812", "ID": "CVE-2008-5812",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors."
{ }
"name" : "33061", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33061" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33307", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33307" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "spip-multiple-unspecified(47695)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695" ]
} },
] "references": {
} "reference_data": [
{
"name": "33307",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33307"
},
{
"name": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2",
"refsource": "CONFIRM",
"url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
},
{
"name": "spip-multiple-unspecified(47695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
},
{
"name": "33061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33061"
}
]
}
} }

158
2008/5xxx/CVE-2008-5818.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5818", "ID": "CVE-2008-5818",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7604", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7604" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in eDreamers eDContainer 2.22, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lg parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "33026", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33026" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33335", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33335" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4861", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4861" ]
}, },
{ "references": {
"name" : "edcontainer-index-file-include(47609)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47609" "name": "4861",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4861"
} },
{
"name": "33026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33026"
},
{
"name": "7604",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7604"
},
{
"name": "edcontainer-index-file-include(47609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47609"
},
{
"name": "33335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33335"
}
]
}
} }

148
2008/5xxx/CVE-2008-5877.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-5877", "ID": "CVE-2008-5877",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7515", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7515" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444."
{ }
"name" : "32915", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32915" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33211", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33211" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4881", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4881" ]
} },
] "references": {
} "reference_data": [
{
"name": "4881",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4881"
},
{
"name": "7515",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7515"
},
{
"name": "33211",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33211"
},
{
"name": "32915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32915"
}
]
}
} }

158
2013/0xxx/CVE-2013-0246.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-0246", "ID": "CVE-2013-0246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Jan/120" "lang": "eng",
}, "value": "The Image module in Drupal 7.x before 7.19, when a private file system is used, does not properly restrict access to derivative images, which allows remote attackers to read derivative images of otherwise restricted images via unspecified vectors."
{ }
"name" : "[oss-security] 20130130 Re: CVE", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2013/q1/211" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://drupal.org/SA-CORE-2013-001", ]
"refsource" : "CONFIRM", }
"url" : "https://drupal.org/SA-CORE-2013-001" ]
}, },
{ "references": {
"name" : "51717", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/51717" "name": "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html",
} "refsource": "MISC",
] "url": "http://packetstormsecurity.com/files/119598/Drupal-Core-6.x-7.x-Cross-Site-Scripting-Access-Bypass.html"
} },
{
"name": "[oss-security] 20130130 Re: CVE",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/211"
},
{
"name": "20130116 [Security-news] SA-CORE-2013-001 - Drupal core - Multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jan/120"
},
{
"name": "https://drupal.org/SA-CORE-2013-001",
"refsource": "CONFIRM",
"url": "https://drupal.org/SA-CORE-2013-001"
},
{
"name": "51717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51717"
}
]
}
} }

128
2013/0xxx/CVE-2013-0534.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-0534", "ID": "CVE-2013-0534",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635218", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21635218" "lang": "eng",
}, "value": "The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and 8.5.2.1, as used in the Lotus Notes client and separately, might allow local users to obtain sensitive information by leveraging the persistence of cleartext password strings within process memory."
{ }
"name" : "notes-cve20130534-info-disclosure(82656)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82656" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21635218",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21635218"
},
{
"name": "notes-cve20130534-info-disclosure(82656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82656"
}
]
}
} }

32
2013/0xxx/CVE-2013-0725.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-0725", "ID": "CVE-2013-0725",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2013/3xxx/CVE-2013-3174.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3174", "ID": "CVE-2013-3174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka \"DirectShow Arbitrary Memory Overwrite Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-056", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056" "lang": "eng",
}, "value": "DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka \"DirectShow Arbitrary Memory Overwrite Vulnerability.\""
{ }
"name" : "TA13-190A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-190A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:16883", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-056",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-056"
},
{
"name": "TA13-190A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-190A"
},
{
"name": "oval:org.mitre.oval:def:16883",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16883"
}
]
}
} }

138
2013/3xxx/CVE-2013-3201.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3201", "ID": "CVE-2013-3201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-069", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209."
{ }
"name" : "TA13-253A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18651", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18651" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
},
{
"name": "oval:org.mitre.oval:def:18651",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18651"
}
]
}
} }

32
2013/3xxx/CVE-2013-3303.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3303", "ID": "CVE-2013-3303",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2013/3xxx/CVE-2013-3388.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3388", "ID": "CVE-2013-3388",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm" "lang": "eng",
} "value": "Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.x before 9.2(1) allows remote attackers to cause a denial of service (memory consumption) via a flood of TCP packets to port 44444, aka Bug ID CSCtz92776."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130821 Cisco Prime Central for Hosted Collaboration Solution Assurance Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130821-hcm"
}
]
}
} }

138
2013/3xxx/CVE-2013-3571.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3571", "ID": "CVE-2013-3571",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/05/26/1" "lang": "eng",
}, "value": "socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor consumption) via multiple request that are refused based on the (1) sourceport, (2) lowport, (3) range, or (4) tcpwrap restrictions."
{ }
"name" : "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2013:169", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html",
"refsource": "CONFIRM",
"url": "http://www.dest-unreach.org/socat/contrib/socat-secadv4.html"
},
{
"name": "MDVSA-2013:169",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:169"
},
{
"name": "[oss-security] 20130526 socat security advisory 4 - CVE-2013-3571",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/05/26/1"
}
]
}
} }

158
2013/4xxx/CVE-2013-4271.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4271", "ID": "CVE-2013-4271",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://restlet.org/learn/2.1/changes", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://restlet.org/learn/2.1/changes" "lang": "eng",
}, "value": "The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=999735", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=999735" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/restlet/restlet-framework-java/issues/778", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/restlet/restlet-framework-java/issues/778" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1410", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1410.html" ]
}, },
{ "references": {
"name" : "RHSA-2013:1862", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1862.html" "name": "RHSA-2013:1862",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1862.html"
} },
{
"name": "https://github.com/restlet/restlet-framework-java/issues/778",
"refsource": "CONFIRM",
"url": "https://github.com/restlet/restlet-framework-java/issues/778"
},
{
"name": "http://restlet.org/learn/2.1/changes",
"refsource": "CONFIRM",
"url": "http://restlet.org/learn/2.1/changes"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=999735",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=999735"
},
{
"name": "RHSA-2013:1410",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1410.html"
}
]
}
} }

258
2013/4xxx/CVE-2013-4350.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4350", "ID": "CVE-2013-4350",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/09/13/3" "lang": "eng",
}, "value": "The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel through 3.11.1 uses data structures and function calls that do not trigger an intended configuration of IPsec encryption, which allows remote attackers to obtain sensitive information by sniffing the network."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007872", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1007872" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7" ]
}, },
{ "references": {
"name" : "RHSA-2013:1490", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html" "name": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/95ee62083cb6453e056562d91f597552021e6ae7"
"name" : "USN-2041-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2041-1" "name": "USN-2024-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2024-1"
"name" : "USN-2045-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2045-1" "name": "[oss-security] 20130913 Re: CVE request -- Linux kernel: net: sctp: ipv6 ipsec encryption bug in sctp_v6_xmit",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/09/13/3"
"name" : "USN-2049-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2049-1" "name": "RHSA-2013:1490",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"name" : "USN-2019-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2019-1" "name": "USN-2039-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2039-1"
"name" : "USN-2021-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2021-1" "name": "USN-2022-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2022-1"
"name" : "USN-2022-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2022-1" "name": "USN-2038-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2038-1"
"name" : "USN-2024-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2024-1" "name": "USN-2021-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2021-1"
"name" : "USN-2038-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2038-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=95ee62083cb6453e056562d91f597552021e6ae7"
"name" : "USN-2039-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2039-1" "name": "USN-2019-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2019-1"
"name" : "USN-2050-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2050-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1007872"
} },
{
"name": "USN-2049-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2049-1"
},
{
"name": "USN-2045-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2045-1"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "USN-2041-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2041-1"
}
]
}
} }

138
2013/4xxx/CVE-2013-4577.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-4577", "ID": "CVE-2013-4577",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131114 CVE Request: grub-mkconfig", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q4/291" "lang": "eng",
}, "value": "A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file."
{ }
"name" : "[oss-security] 20131114 Re: CVE Request: grub-mkconfig", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2013/q4/292" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632598"
},
{
"name": "[oss-security] 20131114 CVE Request: grub-mkconfig",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/291"
},
{
"name": "[oss-security] 20131114 Re: CVE Request: grub-mkconfig",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/292"
}
]
}
} }

178
2013/7xxx/CVE-2013-7039.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7039", "ID": "CVE-2013-7039",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131209 Re: CVE request: two issues in libmicro", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/12/09/11" "lang": "eng",
}, "value": "Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header."
{ }
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=493450", ]
"refsource" : "CONFIRM", },
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=493450" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039390", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039390" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://gnunet.org/svn/libmicrohttpd/ChangeLog", ]
"refsource" : "CONFIRM", }
"url" : "https://gnunet.org/svn/libmicrohttpd/ChangeLog" ]
}, },
{ "references": {
"name" : "GLSA-201402-01", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201402-01.xml" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039390"
"name" : "64138", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64138" "name": "64138",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/64138"
"name" : "55903", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55903" "name": "https://bugs.gentoo.org/show_bug.cgi?id=493450",
} "refsource": "CONFIRM",
] "url": "https://bugs.gentoo.org/show_bug.cgi?id=493450"
} },
{
"name": "GLSA-201402-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201402-01.xml"
},
{
"name": "https://gnunet.org/svn/libmicrohttpd/ChangeLog",
"refsource": "CONFIRM",
"url": "https://gnunet.org/svn/libmicrohttpd/ChangeLog"
},
{
"name": "[oss-security] 20131209 Re: CVE request: two issues in libmicro",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/09/11"
},
{
"name": "55903",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55903"
}
]
}
} }

128
2017/12xxx/CVE-2017-12596.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12596", "ID": "CVE-2017-12596",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/openexr/openexr/issues/238", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/openexr/openexr/issues/238" "lang": "eng",
}, "value": "In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read in the hufDecode function in IlmImf/ImfHuf.cpp during exrmaketiled execution; it may result in denial of service or possibly unspecified other impact."
{ }
"name" : "https://github.com/xiaoqx/pocs/blob/master/openexr.md", ]
"refsource" : "MISC", },
"url" : "https://github.com/xiaoqx/pocs/blob/master/openexr.md" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xiaoqx/pocs/blob/master/openexr.md",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/blob/master/openexr.md"
},
{
"name": "https://github.com/openexr/openexr/issues/238",
"refsource": "MISC",
"url": "https://github.com/openexr/openexr/issues/238"
}
]
}
} }

128
2017/12xxx/CVE-2017-12612.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"ID" : "CVE-2017-12612", "ID": "CVE-2017-12612",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E", "description_data": [
"refsource" : "MISC", {
"url" : "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E" "lang": "eng",
}, "value": "In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine. It does not affect apps run by spark-submit or spark-shell. The attacker would be able to execute code as the user that ran the Spark application. Users are encouraged to update to version 2.2.0 or later."
{ }
"name" : "100823", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100823" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100823",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100823"
},
{
"name": "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E",
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/spark-dev/201709.mbox/%3CCAEccTyy-1yYuhdNgkBUg0sr9NeaZSrBKkBePdTNZbxXZNTAR-g%40mail.gmail.com%3E"
}
]
}
} }

32
2017/12xxx/CVE-2017-12854.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12854", "ID": "CVE-2017-12854",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2017/12xxx/CVE-2017-12865.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12865", "ID": "CVE-2017-12865",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando" "lang": "eng",
}, "value": "Stack-based buffer overflow in \"dnsproxy.c\" in connman 1.34 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the \"name\" variable."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1483720", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1483720" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://01.org/security/intel-oss-10001/intel-oss-10001", ]
"refsource" : "CONFIRM", }
"url" : "https://01.org/security/intel-oss-10001/intel-oss-10001" ]
}, },
{ "references": {
"name" : "DSA-3956", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2017/dsa-3956" "name": "https://01.org/security/intel-oss-10001/intel-oss-10001",
}, "refsource": "CONFIRM",
{ "url": "https://01.org/security/intel-oss-10001/intel-oss-10001"
"name" : "GLSA-201812-02", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201812-02" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1483720",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1483720"
"name" : "100498", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100498" "name": "GLSA-201812-02",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201812-02"
} },
{
"name": "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando",
"refsource": "MISC",
"url": "https://www.nri-secure.com/blog/new-iot-vulnerability-connmando"
},
{
"name": "100498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100498"
},
{
"name": "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71"
},
{
"name": "DSA-3956",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3956"
}
]
}
} }

118
2017/12xxx/CVE-2017-12905.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-12905", "ID": "CVE-2017-12905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20170921 Pixie image Editor SSRF vulnerability for CVE-2017-12905", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2017/Sep/47" "lang": "eng",
} "value": "Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20170921 Pixie image Editor SSRF vulnerability for CVE-2017-12905",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2017/Sep/47"
}
]
}
} }

148
2017/13xxx/CVE-2017-13063.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13063", "ID": "CVE-2017-13063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "lang": "eng",
}, "value": "GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in the function GetStyleTokens in coders/svg.c:314:12."
{ }
"name" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a", ]
"refsource" : "CONFIRM", },
"url" : "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/434/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/434/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4321", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4321" ]
} },
] "references": {
} "reference_data": [
{
"name": "DSA-4321",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4321"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a",
"refsource": "CONFIRM",
"url": "http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a"
},
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/434/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/434/"
}
]
}
} }

32
2017/13xxx/CVE-2017-13381.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13381", "ID": "CVE-2017-13381",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/13xxx/CVE-2017-13414.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13414", "ID": "CVE-2017-13414",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2017/13xxx/CVE-2017-13474.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13474", "ID": "CVE-2017-13474",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2017/13xxx/CVE-2017-13685.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13685", "ID": "CVE-2017-13685",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html" "lang": "eng",
}, "value": "The dump_callback function in SQLite 3.20.0 allows remote attackers to cause a denial of service (EXC_BAD_ACCESS and application crash) via a crafted file."
{ }
"name" : "100521", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/100521" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html",
"refsource": "MISC",
"url": "http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html"
},
{
"name": "100521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100521"
}
]
}
} }

130
2017/16xxx/CVE-2017-16028.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16028", "ID": "CVE-2017-16028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "react-native-meteor-oauth node module", "product_name": "react-native-meteor-oauth node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random())."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Insufficiently Random Values (CWE-330)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66" "lang": "eng",
}, "value": "react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random())."
{ }
"name" : "https://nodesecurity.io/advisories/157", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/157" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Use of Insufficiently Random Values (CWE-330)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66",
"refsource": "MISC",
"url": "https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66"
},
{
"name": "https://nodesecurity.io/advisories/157",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/157"
}
]
}
} }

130
2017/16xxx/CVE-2017-16085.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2017-16085", "ID": "CVE-2017-16085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "tinyserver2 node module", "product_name": "tinyserver2 node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<=0.5.2" "version_value": "<=0.5.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2" "lang": "eng",
}, "value": "tinyserver2 is a webserver for static files. tinyserver2 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing \"../\" in the URL."
{ }
"name" : "https://nodesecurity.io/advisories/371", ]
"refsource" : "MISC", },
"url" : "https://nodesecurity.io/advisories/371" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2",
"refsource": "MISC",
"url": "https://github.com/JacksonGL/NPM-Vuln-PoC/tree/master/directory-traversal/tinyserver2"
},
{
"name": "https://nodesecurity.io/advisories/371",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/371"
}
]
}
} }

138
2017/17xxx/CVE-2017-17121.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17121", "ID": "CVE-2017-17121",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22506", "description_data": [
"refsource" : "MISC", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22506" "lang": "eng",
}, "value": "The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (memory access violation) or possibly have unspecified other impact via a COFF binary in which a relocation refers to a location after the end of the to-be-relocated section."
{ }
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b", ]
"refsource" : "MISC", },
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-201811-17", "description": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201811-17" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22506"
},
{
"name": "GLSA-201811-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b"
}
]
}
} }

32
2017/17xxx/CVE-2017-17270.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17270", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17270",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

310
2017/17xxx/CVE-2017-17317.json
View File

@ -1,158 +1,158 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2017-17317", "ID": "CVE-2017-17317",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60", "product_name": "DP300; IPS Module; NGFW Module; RP200; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "USG6300 V100R001C10" "version_value": "USG6300 V100R001C10"
}, },
{ {
"version_value" : "V100R001C20" "version_value": "V100R001C20"
}, },
{ {
"version_value" : "V100R001C30" "version_value": "V100R001C30"
}, },
{ {
"version_value" : "V500R001C00" "version_value": "V500R001C00"
}, },
{ {
"version_value" : "V500R001C20" "version_value": "V500R001C20"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "V500R001C50" "version_value": "V500R001C50"
}, },
{ {
"version_value" : "Secospace USG6500 V100R001C10" "version_value": "Secospace USG6500 V100R001C10"
}, },
{ {
"version_value" : "V100R001C20" "version_value": "V100R001C20"
}, },
{ {
"version_value" : "V100R001C30" "version_value": "V100R001C30"
}, },
{ {
"version_value" : "V500R001C00" "version_value": "V500R001C00"
}, },
{ {
"version_value" : "V500R001C20" "version_value": "V500R001C20"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "V500R001C50" "version_value": "V500R001C50"
}, },
{ {
"version_value" : "Secospace USG6600 V100R001C00" "version_value": "Secospace USG6600 V100R001C00"
}, },
{ {
"version_value" : "V100R001C20" "version_value": "V100R001C20"
}, },
{ {
"version_value" : "V100R001C30" "version_value": "V100R001C30"
}, },
{ {
"version_value" : "V500R001C00" "version_value": "V500R001C00"
}, },
{ {
"version_value" : "V500R001C20" "version_value": "V500R001C20"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "V500R001C50" "version_value": "V500R001C50"
}, },
{ {
"version_value" : "TE30 V100R001C02" "version_value": "TE30 V100R001C02"
}, },
{ {
"version_value" : "V100R001C10" "version_value": "V100R001C10"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE40 V500R002C00" "version_value": "TE40 V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE50 V500R002C00" "version_value": "TE50 V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE60 V100R001C01" "version_value": "TE60 V100R001C01"
}, },
{ {
"version_value" : "V100R001C10" "version_value": "V100R001C10"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en" "lang": "eng",
} "value": "Common Open Policy Service Protocol (COPS) module in Huawei USG6300 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6500 V100R001C10; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; Secospace USG6600 V100R001C00; V100R001C20; V100R001C30; V500R001C00; V500R001C20; V500R001C30; V500R001C50; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00 has a buffer overflow vulnerability. An unauthenticated, remote attacker has to control the peer device and send specially crafted message to the affected products. Due to insufficient input validation, successful exploit may cause some services abnormal."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180630-01-cops-en"
}
]
}
} }

118
2017/17xxx/CVE-2017-17798.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17798", "ID": "CVE-2017-17798",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0" "lang": "eng",
} "value": "In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x8273A0A0, a different vulnerability than CVE-2017-17800."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0",
"refsource": "MISC",
"url": "https://github.com/rubyfly/Vir.IT-explorer_POC/tree/master/0x8273A0A0"
}
]
}
} }

158
2017/17xxx/CVE-2017-17912.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17912", "ID": "CVE-2017-17912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html" "lang": "eng",
}, "value": "In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based buffer over-read in ReadNewsProfile in coders/tiff.c, in which LocaleNCompare reads heap data beyond the allocated region."
{ }
"name" : "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f", "description": [
"refsource" : "CONFIRM", {
"url" : "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://sourceforge.net/p/graphicsmagick/bugs/533/", ]
"refsource" : "CONFIRM", }
"url" : "https://sourceforge.net/p/graphicsmagick/bugs/533/" ]
}, },
{ "references": {
"name" : "DSA-4321", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4321" "name": "DSA-4321",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4321"
} },
{
"name": "https://sourceforge.net/p/graphicsmagick/bugs/533/",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/graphicsmagick/bugs/533/"
},
{
"name": "[debian-lts-announce] 20180627 [SECURITY] [DLA 1401-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html"
},
{
"name": "[debian-lts-announce] 20180108 [SECURITY] [DLA 1231-1] graphicsmagick security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00005.html"
},
{
"name": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f",
"refsource": "CONFIRM",
"url": "http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f"
}
]
}
} }

32
2018/18xxx/CVE-2018-18214.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18214", "ID": "CVE-2018-18214",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

304
2018/18xxx/CVE-2018-18498.json
View File

@ -1,155 +1,155 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@mozilla.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2018-18498", "ID": "CVE-2018-18498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Thunderbird", "product_name": "Thunderbird",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60.4" "version_value": "60.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox ESR", "product_name": "Firefox ESR",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "60.4" "version_value": "60.4"
} }
] ]
} }
}, },
{ {
"product_name" : "Firefox", "product_name": "Firefox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "64" "version_value": "64"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mozilla" "vendor_name": "Mozilla"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow when calculating buffer sizes for images"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html" "lang": "eng",
}, "value": "A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used instead of the checked value. This leads to a possible out-of-bounds write. This vulnerability affects Thunderbird < 60.4, Firefox ESR < 60.4, and Firefox < 64."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-29/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-29/" "lang": "eng",
}, "value": "Integer overflow when calculating buffer sizes for images"
{ }
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-30/", ]
"refsource" : "CONFIRM", }
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-30/" ]
}, },
{ "references": {
"name" : "https://www.mozilla.org/security/advisories/mfsa2018-31/", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.mozilla.org/security/advisories/mfsa2018-31/" "name": "https://www.mozilla.org/security/advisories/mfsa2018-29/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-29/"
"name" : "DSA-4354", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4354" "name": "[debian-lts-announce] 20181213 [SECURITY] [DLA 1605-1] firefox-esr security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00002.html"
"name" : "DSA-4362", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2019/dsa-4362" "name": "RHSA-2018:3833",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3833"
"name" : "GLSA-201903-04", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201903-04" "name": "RHSA-2018:3831",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:3831"
"name" : "RHSA-2018:3831", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3831" "name": "DSA-4362",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2019/dsa-4362"
"name" : "RHSA-2018:3833", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3833" "name": "GLSA-201903-04",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201903-04"
"name" : "RHSA-2019:0159", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0159" "name": "USN-3844-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3844-1/"
"name" : "RHSA-2019:0160", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2019:0160" "name": "106168",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/106168"
"name" : "USN-3844-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3844-1/" "name": "RHSA-2019:0159",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2019:0159"
"name" : "USN-3868-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3868-1/" "name": "https://www.mozilla.org/security/advisories/mfsa2018-31/",
}, "refsource": "CONFIRM",
{ "url": "https://www.mozilla.org/security/advisories/mfsa2018-31/"
"name" : "106168", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106168" "name": "https://www.mozilla.org/security/advisories/mfsa2018-30/",
} "refsource": "CONFIRM",
] "url": "https://www.mozilla.org/security/advisories/mfsa2018-30/"
} },
{
"name": "DSA-4354",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4354"
},
{
"name": "USN-3868-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3868-1/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1500011"
},
{
"name": "RHSA-2019:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0160"
}
]
}
} }

32
2018/18xxx/CVE-2018-18575.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18575", "ID": "CVE-2018-18575",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/18xxx/CVE-2018-18897.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-18897", "ID": "CVE-2018-18897",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://gitlab.freedesktop.org/poppler/poppler/issues/654", "description_data": [
"refsource" : "MISC", {
"url" : "https://gitlab.freedesktop.org/poppler/poppler/issues/654" "lang": "eng",
} "value": "An issue was discovered in Poppler 0.71.0. There is a memory leak in GfxColorSpace::setDisplayProfile in GfxState.cc, as demonstrated by pdftocairo."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.freedesktop.org/poppler/poppler/issues/654",
"refsource": "MISC",
"url": "https://gitlab.freedesktop.org/poppler/poppler/issues/654"
}
]
}
} }

128
2018/19xxx/CVE-2018-19150.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19150", "ID": "CVE-2018-19150",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a \"Data from Faulting Address controls Code Flow\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md" "lang": "eng",
}, "value": "Memory corruption in PDMODELProvidePDModelHFT in pdmodel.dll in pdfforge PDF Architect 6 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact because of a \"Data from Faulting Address controls Code Flow\" issue."
{ }
"name" : "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html", ]
"refsource" : "MISC", },
"url" : "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html",
"refsource": "MISC",
"url": "https://nafiez.github.io/security/integer/2018/09/18/pdf-architect-corruption.html"
},
{
"name": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md",
"refsource": "MISC",
"url": "https://github.com/nafiez/nafiez.github.io/blob/master/_posts/2018-09-19-pdf-architect-corruption.md"
}
]
}
} }

128
2018/19xxx/CVE-2018-19394.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19394", "ID": "CVE-2018-19394",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://cyberskr.com/blog/cobham-satcom-800-900.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://cyberskr.com/blog/cobham-satcom-800-900.html" "lang": "eng",
}, "value": "Cobham Satcom Sailor 800 and 900 devices contained persistent XSS, which required administrative access to exploit. The vulnerability was exploitable by acquiring a copy of the device's configuration file, inserting an XSS payload into a relevant field (e.g., Satellite name), and then restoring the malicious configuration file."
{ }
"name" : "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b", ]
"refsource" : "MISC", },
"url" : "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cyberskr.com/blog/cobham-satcom-800-900.html",
"refsource": "MISC",
"url": "https://cyberskr.com/blog/cobham-satcom-800-900.html"
},
{
"name": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b",
"refsource": "MISC",
"url": "https://gist.github.com/CyberSKR/fe21b920c8933867ea262a325d37f03b"
}
]
}
} }

322
2018/1xxx/CVE-2018-1124.json
View File

@ -1,165 +1,165 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "lpardo@redhat.com", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2018-1124", "ID": "CVE-2018-1124",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "procps-ng", "product_name": "procps-ng",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "procps-ng 3.3.15" "version_value": "procps-ng 3.3.15"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "[UNKNOWN]" "vendor_name": "[UNKNOWN]"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-190"
}
] ]
}, }
{ },
"description" : [ "data_format": "MITRE",
{ "data_type": "CVE",
"lang" : "eng", "data_version": "4.0",
"value" : "CWE-122" "description": {
} "description_data": [
{
"lang": "eng",
"value": "procps-ng before version 3.3.15 is vulnerable to multiple integer overflows leading to a heap corruption in file2strvec function. This allows a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.3/CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
] ]
} ]
] },
}, "problemtype": {
"references" : { "problemtype_data": [
"reference_data" : [ {
{ "description": [
"name" : "44806", {
"refsource" : "EXPLOIT-DB", "lang": "eng",
"url" : "https://www.exploit-db.com/exploits/44806/" "value": "CWE-190"
}, }
{ ]
"name" : "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report", },
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2018/q2/122" "description": [
}, {
{ "lang": "eng",
"name" : "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update", "value": "CWE-122"
"refsource" : "MLIST", }
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html" ]
}, }
{ ]
"name" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt", },
"refsource" : "MISC", "references": {
"url" : "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt" "reference_data": [
}, {
{ "name": "USN-3658-1",
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124", "refsource": "UBUNTU",
"refsource" : "CONFIRM", "url": "https://usn.ubuntu.com/3658-1/"
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124" },
}, {
{ "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124",
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241", "refsource": "CONFIRM",
"refsource" : "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1124"
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10241" },
}, {
{ "name": "DSA-4208",
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", "refsource": "DEBIAN",
"refsource" : "CONFIRM", "url": "https://www.debian.org/security/2018/dsa-4208"
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" },
}, {
{ "name": "GLSA-201805-14",
"name" : "DSA-4208", "refsource": "GENTOO",
"refsource" : "DEBIAN", "url": "https://security.gentoo.org/glsa/201805-14"
"url" : "https://www.debian.org/security/2018/dsa-4208" },
}, {
{ "name": "44806",
"name" : "GLSA-201805-14", "refsource": "EXPLOIT-DB",
"refsource" : "GENTOO", "url": "https://www.exploit-db.com/exploits/44806/"
"url" : "https://security.gentoo.org/glsa/201805-14" },
}, {
{ "name": "RHSA-2018:1777",
"name" : "RHSA-2018:1700", "refsource": "REDHAT",
"refsource" : "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:1777"
"url" : "https://access.redhat.com/errata/RHSA-2018:1700" },
}, {
{ "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241",
"name" : "RHSA-2018:1777", "refsource": "CONFIRM",
"refsource" : "REDHAT", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10241"
"url" : "https://access.redhat.com/errata/RHSA-2018:1777" },
}, {
{ "name": "[debian-lts-announce] 20180531 [SECURITY] [DLA 1390-1] procps security update",
"name" : "RHSA-2018:1820", "refsource": "MLIST",
"refsource" : "REDHAT", "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00021.html"
"url" : "https://access.redhat.com/errata/RHSA-2018:1820" },
}, {
{ "name": "RHSA-2018:2267",
"name" : "RHSA-2018:2267", "refsource": "REDHAT",
"refsource" : "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2267"
"url" : "https://access.redhat.com/errata/RHSA-2018:2267" },
}, {
{ "name": "RHSA-2018:2268",
"name" : "RHSA-2018:2268", "refsource": "REDHAT",
"refsource" : "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2268"
"url" : "https://access.redhat.com/errata/RHSA-2018:2268" },
}, {
{ "name": "RHSA-2018:1700",
"name" : "USN-3658-1", "refsource": "REDHAT",
"refsource" : "UBUNTU", "url": "https://access.redhat.com/errata/RHSA-2018:1700"
"url" : "https://usn.ubuntu.com/3658-1/" },
}, {
{ "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"name" : "USN-3658-2", "refsource": "CONFIRM",
"refsource" : "UBUNTU", "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"url" : "https://usn.ubuntu.com/3658-2/" },
}, {
{ "name": "104214",
"name" : "104214", "refsource": "BID",
"refsource" : "BID", "url": "http://www.securityfocus.com/bid/104214"
"url" : "http://www.securityfocus.com/bid/104214" },
}, {
{ "name": "[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report",
"name" : "1041057", "refsource": "MLIST",
"refsource" : "SECTRACK", "url": "http://seclists.org/oss-sec/2018/q2/122"
"url" : "http://www.securitytracker.com/id/1041057" },
} {
] "name": "1041057",
} "refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041057"
},
{
"name": "RHSA-2018:1820",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1820"
},
{
"name": "USN-3658-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3658-2/"
},
{
"name": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt",
"refsource": "MISC",
"url": "https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"
}
]
}
} }

140
2018/1xxx/CVE-2018-1323.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-03-12T00:00:00", "DATE_PUBLIC": "2018-03-12T00:00:00",
"ID" : "CVE-2018-1323", "ID": "CVE-2018-1323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Tomcat Connectors", "product_name": "Apache Tomcat Connectors",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42" "version_value": "Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E", "description_data": [
"refsource" : "MISC", {
"url" : "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E" "lang": "eng",
}, "value": "The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing Tomcat via the reverse proxy."
{ }
"name" : "RHSA-2018:1843", ]
"refsource" : "REDHAT", },
"url" : "https://access.redhat.com/errata/RHSA-2018:1843" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "103389", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103389" "lang": "eng",
} "value": "Information Disclosure"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "103389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103389"
},
{
"name": "RHSA-2018:1843",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1843"
},
{
"name": "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/6e146bce83578bd870893250ba8354e28f9d8e86c674c30dbeee529f@%3Cannounce.tomcat.apache.org%3E"
}
]
}
} }

180
2018/1xxx/CVE-2018-1683.json
View File

@ -1,93 +1,93 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-09-21T00:00:00", "DATE_PUBLIC": "2018-09-21T00:00:00",
"ID" : "CVE-2018-1683", "ID": "CVE-2018-1683",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebSphere Application Server", "product_name": "WebSphere Application Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "" "version_value": ""
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "N",
"S" : "U",
"SCORE" : "5.900",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10716533", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10716533" "lang": "eng",
}, "value": "IBM WebSphere Application Server Liberty could allow a remote attacker to obtain sensitive information, caused by the failure to encrypt ORB communication. IBM X-Force ID: 145455."
{ }
"name" : "1041720", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041720" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "ibm-websphere-cve20181683-info-disc(145455)", "A": "N",
"refsource" : "XF", "AC": "H",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145455" "AV": "N",
} "C": "H",
] "I": "N",
} "PR": "N",
"S": "U",
"SCORE": "5.900",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-websphere-cve20181683-info-disc(145455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145455"
},
{
"name": "1041720",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041720"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10716533",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10716533"
}
]
}
} }

170
2018/1xxx/CVE-2018-1927.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-28T00:00:00", "DATE_PUBLIC": "2018-11-28T00:00:00",
"ID" : "CVE-2018-1927", "ID": "CVE-2018-1927",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "StoredIQ", "product_name": "StoredIQ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "7.6" "version_value": "7.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "N",
"I" : "H",
"PR" : "N",
"S" : "U",
"SCORE" : "6.500",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Gain Access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10741605" "lang": "eng",
}, "value": "IBM StoredIQ 7.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 153118."
{ }
"name" : "ibm-storeiq-cve20181927-csrf(153118)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118" "impact": {
} "cvssv3": {
] "BM": {
} "A": "N",
"AC": "L",
"AV": "N",
"C": "N",
"I": "H",
"PR": "N",
"S": "U",
"SCORE": "6.500",
"UI": "R"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Gain Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10741605",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10741605"
},
{
"name": "ibm-storeiq-cve20181927-csrf(153118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/153118"
}
]
}
} }

32
2018/1xxx/CVE-2018-1992.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1992", "ID": "CVE-2018-1992",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

302
2018/5xxx/CVE-2018-5431.json
View File

@ -1,154 +1,154 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@tibco.com", "ASSIGNER": "security@tibco.com",
"DATE_PUBLIC" : "2018-04-17T16:00:00.000Z", "DATE_PUBLIC": "2018-04-17T16:00:00.000Z",
"ID" : "CVE-2018-5431", "ID": "CVE-2018-5431",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "TIBCO JasperReports Server Cross Site Scripting Vulnerability" "TITLE": "TIBCO JasperReports Server Cross Site Scripting Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "TIBCO JasperReports Server", "product_name": "TIBCO JasperReports Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "6.2.4" "version_value": "6.2.4"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "6.3.0" "version_value": "6.3.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "6.3.2" "version_value": "6.3.2"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "6.3.3" "version_value": "6.3.3"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "6.4.0" "version_value": "6.4.0"
}, },
{ {
"affected" : "=", "affected": "=",
"version_value" : "6.4.2" "version_value": "6.4.2"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO JasperReports Server Community Edition", "product_name": "TIBCO JasperReports Server Community Edition",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "6.4.2" "version_value": "6.4.2"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO JasperReports Server for ActiveMatrix BPM", "product_name": "TIBCO JasperReports Server for ActiveMatrix BPM",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "6.4.2" "version_value": "6.4.2"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO Jaspersoft for AWS with Multi-Tenancy", "product_name": "TIBCO Jaspersoft for AWS with Multi-Tenancy",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "6.4.2" "version_value": "6.4.2"
} }
] ]
} }
}, },
{ {
"product_name" : "TIBCO Jaspersoft Reporting and Analytics for AWS", "product_name": "TIBCO Jaspersoft Reporting and Analytics for AWS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<=", "affected": "<=",
"version_value" : "6.4.2" "version_value": "6.4.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "TIBCO Software Inc." "vendor_name": "TIBCO Software Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431" "lang": "eng",
} "value": "The domain designer component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which may allow, in the context of a non-default permissions configuration, persisted cross-site scripting (XSS) attacks. Affected releases include TIBCO Software Inc.'s TIBCO JasperReports Server: versions up to and including 6.2.4; 6.3.0; 6.3.2; 6.3.3; 6.4.0; 6.4.2, TIBCO JasperReports Server Community Edition: versions up to and including 6.4.2, TIBCO JasperReports Server for ActiveMatrix BPM: versions up to and including 6.4.2, TIBCO Jaspersoft for AWS with Multi-Tenancy: versions up to and including 6.4.2, TIBCO Jaspersoft Reporting and Analytics for AWS: versions up to and including 6.4.2."
] }
}, ]
"solution" : [ },
{ "impact": {
"lang" : "eng", "cvss": {
"value" : "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n" "attackComplexity": "LOW",
} "attackVector": "NETWORK",
], "availabilityImpact": "NONE",
"source" : { "baseScore": 6.3,
"discovery" : "UNKNOWN" "baseSeverity": "MEDIUM",
} "confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "The impact includes the theoretical possibility of a user performing operations using another user's access, including administrative functions being performed by a non-administrative user.\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431",
"refsource": "CONFIRM",
"url": "https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431"
}
]
},
"solution": [
{
"lang": "eng",
"value": "TIBCO has released updated versions of the affected components which address these issues. For each affected system, update to the corresponding software versions:\n\nTIBCO JasperReports Server versions 6.2.4 and below update to version 6.2.5 or higher\nTIBCO JasperReports Server versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher\nTIBCO JasperReports Server versions 6.4.0 and 6.4.2 update to version 6.4.3 or higher\n\nTIBCO JasperReports Server Community Edition versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO JasperReports Server for ActiveMatrix BPM versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft for AWS with Multi-Tenancy versions 6.4.2 and below update to version 6.4.3 or higher\n\nTIBCO Jaspersoft Reporting and Analytics for AWS versions 6.4.2 and below update to version 6.4.3 or higher\n"
}
],
"source": {
"discovery": "UNKNOWN"
}
} }

32
2018/5xxx/CVE-2018-5587.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5587", "ID": "CVE-2018-5587",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/5xxx/CVE-2018-5646.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-5646", "ID": "CVE-2018-5646",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }