admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:45:00 +00:00
parent f1eaf594dc
commit 4382a7c029
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
60 changed files with 3918 additions and 3869 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2008/0xxx/CVE-2008-0162.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0162", "ID": "CVE-2008-0162",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-1500", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1500" "lang": "eng",
}, "value": "misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges."
{ }
"name" : "GLSA-200803-05", ]
"refsource" : "GENTOO", },
"url" : "http://security.gentoo.org/glsa/glsa-200803-05.xml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "27936", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27936" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "29064", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/29064" ]
}, },
{ "references": {
"name" : "29080", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29080" "name": "DSA-1500",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1500"
"name" : "29190", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29190" "name": "29190",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/29190"
} },
} {
"name": "29080",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29080"
},
{
"name": "GLSA-200803-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-05.xml"
},
{
"name": "29064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29064"
},
{
"name": "27936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27936"
}
]
}
}

200
2008/0xxx/CVE-2008-0244.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0244", "ID": "CVE-2008-0244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"&&\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486039/100/0/threaded" "lang": "eng",
}, "value": "SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via \"&&\" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe."
{ }
"name" : "4877", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/4877" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://aluigi.altervista.org/adv/sapone-adv.txt", "description": [
"refsource" : "MISC", {
"url" : "http://aluigi.altervista.org/adv/sapone-adv.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27206", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27206" ]
}, },
{ "references": {
"name" : "ADV-2008-0104", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0104" "name": "28409",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28409"
"name" : "1019171", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019171" "name": "20080109 Pre-auth remote commands execution in SAP MaxDB 7.6.03.07",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486039/100/0/threaded"
"name" : "28409", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28409" "name": "ADV-2008-0104",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0104"
"name" : "3536", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3536" "name": "4877",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/4877"
"name" : "maxdb-system-command-execution(39573)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573" "name": "1019171",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1019171"
} },
} {
"name": "http://aluigi.altervista.org/adv/sapone-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/sapone-adv.txt"
},
{
"name": "3536",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3536"
},
{
"name": "maxdb-system-command-execution(39573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39573"
},
{
"name": "27206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27206"
}
]
}
}

160
2008/0xxx/CVE-2008-0500.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0500", "ID": "CVE-2008-0500",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser."
{ }
"name" : "27483", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27483" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0316", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0316" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28652", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/28652" ]
}, },
{ "references": {
"name" : "mambo-laithai-multiple-unspecified(40014)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40014" "name": "27483",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/27483"
} },
} {
"name": "28652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28652"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=192544&release_id=571300"
},
{
"name": "ADV-2008-0316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0316"
},
{
"name": "mambo-laithai-multiple-unspecified(40014)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40014"
}
]
}
}

150
2008/0xxx/CVE-2008-0518.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0518", "ID": "CVE-2008-0518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5014", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5014" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the Recipes (com_recipes) 1.00 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action."
{ }
"name" : "27519", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27519" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0360", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0360" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "recipes-index-sql-injection(40064)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40064" ]
} },
] "references": {
} "reference_data": [
} {
"name": "recipes-index-sql-injection(40064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40064"
},
{
"name": "5014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5014"
},
{
"name": "ADV-2008-0360",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0360"
},
{
"name": "27519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27519"
}
]
}
}

190
2008/0xxx/CVE-2008-0997.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0997", "ID": "CVE-2008-0997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://docs.info.apple.com/article.html?artnum=307562", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "lang": "eng",
}, "value": "Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows user-assisted remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted PostScript Printer Description (PPD) file that is not properly handled when querying a network printer."
{ }
"name" : "APPLE-SA-2008-03-18", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA08-079A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-079A.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "28304", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/28304" ]
}, },
{ "references": {
"name" : "28364", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28364" "name": "28364",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28364"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "28304",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28304"
"name" : "1019648", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019648" "name": "TA08-079A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html"
"name" : "macos-appkit-ppd-bo(41282)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41282" "name": "ADV-2008-0924",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/0924/references"
} },
} {
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "macos-appkit-ppd-bo(41282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41282"
},
{
"name": "1019648",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019648"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
}
]
}
}

150
2008/3xxx/CVE-2008-3029.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3029", "ID": "CVE-2008-3029",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "30026", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30026" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30905", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30905" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "wecdiscussion-unspecified-xss(43514)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43514" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080701-4/"
},
{
"name": "30026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30026"
},
{
"name": "30905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30905"
},
{
"name": "wecdiscussion-unspecified-xss(43514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43514"
}
]
}
}

34
2008/3xxx/CVE-2008-3099.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3099", "ID": "CVE-2008-3099",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2008/3xxx/CVE-2008-3583.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3583", "ID": "CVE-2008-3583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6195", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6195" "lang": "eng",
}, "value": "Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected."
{ }
"name" : "30521", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30521" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "intellitamper-htmlparser-bo(44215)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44215" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "30521",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30521"
},
{
"name": "6195",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6195"
},
{
"name": "intellitamper-htmlparser-bo(44215)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44215"
}
]
}
}

34
2008/4xxx/CVE-2008-4042.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-4042", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-4042",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candidate is a duplicate of CVE-2008-3889. Notes: All CVE users should reference CVE-2008-3889 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candidate is a duplicate of CVE-2008-3889. Notes: All CVE users should reference CVE-2008-3889 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

140
2008/4xxx/CVE-2008-4164.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4164", "ID": "CVE-2008-4164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6393", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6393" "lang": "eng",
}, "value": "cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
{ }
"name" : "4288", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4288" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "memhtportal-cron-path-disclosure(45413)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45413" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "memhtportal-cron-path-disclosure(45413)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45413"
},
{
"name": "6393",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6393"
},
{
"name": "4288",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4288"
}
]
}
}

140
2008/4xxx/CVE-2008-4329.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4329", "ID": "CVE-2008-4329",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6571", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6571" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in cms/system/openengine.php in openEngine 2.0 beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the oe_classpath parameter."
{ }
"name" : "31413", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31413" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openengine-openengine-file-include(45435)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45435" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "31413",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31413"
},
{
"name": "6571",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6571"
},
{
"name": "openengine-openengine-file-include(45435)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45435"
}
]
}
}

34
2008/4xxx/CVE-2008-4608.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-4608", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-4608",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
} }
] ]
} }
} }

150
2008/4xxx/CVE-2008-4640.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4640", "ID": "CVE-2008-4640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081016 Re: CVE request: jhead", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/16/3" "lang": "eng",
}, "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
{ }
"name" : "[oss-security] 20081127 Re: CVE request: jhead", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/11/26/4" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32506", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/32506" ]
} },
] "references": {
} "reference_data": [
} {
"name": "32506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32506"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
},
{
"name": "[oss-security] 20081127 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
},
{
"name": "[oss-security] 20081016 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
}
]
}
}

180
2008/4xxx/CVE-2008-4985.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4985", "ID": "CVE-2008-4985",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/30/2" "lang": "eng",
}, "value": "vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/memleaktest.log temporary file."
{ }
"name" : "http://uvw.ru/report.lenny.txt", ]
"refsource" : "MISC", },
"url" : "http://uvw.ru/report.lenny.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/496421", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/496421" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://dev.gentoo.org/~rbu/security/debiantemp/vdr-dbg", ]
"refsource" : "CONFIRM", }
"url" : "http://dev.gentoo.org/~rbu/security/debiantemp/vdr-dbg" ]
}, },
{ "references": {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235770", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235770" "name": "https://bugs.gentoo.org/show_bug.cgi?id=235827",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=235827"
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=235827", },
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=235827" "name": "vdrdbg-vdrleaktest-symlink(44880)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44880"
"name" : "vdrdbg-vdrleaktest-symlink(44880)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44880" "name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"
} },
} {
"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"
},
{
"name": "http://dev.gentoo.org/~rbu/security/debiantemp/vdr-dbg",
"refsource": "CONFIRM",
"url": "http://dev.gentoo.org/~rbu/security/debiantemp/vdr-dbg"
},
{
"name": "http://uvw.ru/report.lenny.txt",
"refsource": "MISC",
"url": "http://uvw.ru/report.lenny.txt"
},
{
"name": "http://bugs.debian.org/496421",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/496421"
}
]
}
}

180
2013/2xxx/CVE-2013-2032.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2032", "ID": "CVE-2013-2032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html" "lang": "eng",
}, "value": "MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks."
{ }
"name" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2013-7654", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2013-7701", ]
"refsource" : "FEDORA", }
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html" ]
}, },
{ "references": {
"name" : "FEDORA-2013-7714", "reference_data": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html" "name": "FEDORA-2013-7714",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105825.html"
"name" : "GLSA-201310-21", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-201310-21.xml" "name": "55433",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55433"
"name" : "55433", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55433" "name": "FEDORA-2013-7654",
} "refsource": "FEDORA",
] "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106293.html"
} },
} {
"name": "FEDORA-2013-7701",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105784.html"
},
{
"name": "GLSA-201310-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201310-21.xml"
},
{
"name": "[MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6",
"refsource": "MLIST",
"url": "http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-April/000129.html"
},
{
"name": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590",
"refsource": "CONFIRM",
"url": "https://bugzilla.wikimedia.org/show_bug.cgi?id=46590"
}
]
}
}

130
2013/2xxx/CVE-2013-2278.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2278", "ID": "CVE-2013-2278",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the \"internal log handler to the Windows Event log.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130226 Denial of Service vulnerability in War FTP Daemon 1.82", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/525830" "lang": "eng",
}, "value": "Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the \"internal log handler to the Windows Event log.\""
{ }
"name" : "http://www.warftp.org/index.php?cmd=show_article&article_id=1035", ]
"refsource" : "CONFIRM", },
"url" : "http://www.warftp.org/index.php?cmd=show_article&article_id=1035" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130226 Denial of Service vulnerability in War FTP Daemon 1.82",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/525830"
},
{
"name": "http://www.warftp.org/index.php?cmd=show_article&article_id=1035",
"refsource": "CONFIRM",
"url": "http://www.warftp.org/index.php?cmd=show_article&article_id=1035"
}
]
}
}

34
2013/2xxx/CVE-2013-2568.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2568", "ID": "CVE-2013-2568",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/2xxx/CVE-2013-2969.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-2969", "ID": "CVE-2013-2969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640348", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21640348" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters."
{ }
"name" : "sterling-cve20132969-xss(83860)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83860" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21640348",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21640348"
},
{
"name": "sterling-cve20132969-xss(83860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83860"
}
]
}
}

180
2013/3xxx/CVE-2013-3371.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3371", "ID": "CVE-2013-3371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rt-announce] 20130522 RT 3.8.17 released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment."
{ }
"name" : "[rt-announce] 20130522 RT 4.0.13 released", ]
"refsource" : "MLIST", },
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[rt-announce] 20130522 Security vulnerabilities in RT", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2670", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2012/dsa-2670" ]
}, },
{ "references": {
"name" : "93608", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/93608" "name": "[rt-announce] 20130522 RT 3.8.17 released",
}, "refsource": "MLIST",
{ "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000228.html"
"name" : "53505", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53505" "name": "[rt-announce] 20130522 Security vulnerabilities in RT",
}, "refsource": "MLIST",
{ "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000226.html"
"name" : "53522", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53522" "name": "[rt-announce] 20130522 RT 4.0.13 released",
} "refsource": "MLIST",
] "url": "http://lists.bestpractical.com/pipermail/rt-announce/2013-May/000227.html"
} },
} {
"name": "93608",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93608"
},
{
"name": "53505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53505"
},
{
"name": "DSA-2670",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2670"
},
{
"name": "53522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53522"
}
]
}
}

120
2013/3xxx/CVE-2013-3540.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3540", "ID": "CVE-2013-3540",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130612 Security Analysis of IP video surveillance cameras", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Jun/84" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/usrgrp.cgi in AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, POE100HD, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130612 Security Analysis of IP video surveillance cameras",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Jun/84"
}
]
}
}

34
2013/3xxx/CVE-2013-3924.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3924", "ID": "CVE-2013-3924",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6471.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6471", "ID": "CVE-2013-6471",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6568.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6568", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6568",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

170
2013/6xxx/CVE-2013-6836.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6836", "ID": "CVE-2013-6836",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.gnome.org/show_bug.cgi?id=712772", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.gnome.org/show_bug.cgi?id=712772" "lang": "eng",
}, "value": "Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value."
{ }
"name" : "https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69345b3c6d56ee0ed9c9e9880bb2a08cdc", ]
"refsource" : "CONFIRM", },
"url" : "https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69345b3c6d56ee0ed9c9e9880bb2a08cdc" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml", "description": [
"refsource" : "CONFIRM", {
"url" : "https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2014:0201", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00018.html" ]
}, },
{ "references": {
"name" : "64459", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/64459" "name": "openSUSE-SU-2014:0201",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00018.html"
"name" : "56678", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/56678" "name": "https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69345b3c6d56ee0ed9c9e9880bb2a08cdc",
} "refsource": "CONFIRM",
] "url": "https://git.gnome.org/browse/gnumeric/commit/?id=b5480b69345b3c6d56ee0ed9c9e9880bb2a08cdc"
} },
} {
"name": "64459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64459"
},
{
"name": "https://bugzilla.gnome.org/show_bug.cgi?id=712772",
"refsource": "CONFIRM",
"url": "https://bugzilla.gnome.org/show_bug.cgi?id=712772"
},
{
"name": "https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml",
"refsource": "CONFIRM",
"url": "https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml"
},
{
"name": "56678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56678"
}
]
}
}

34
2013/7xxx/CVE-2013-7148.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-7148", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-7148",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/7xxx/CVE-2013-7161.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7161", "ID": "CVE-2013-7161",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/7xxx/CVE-2013-7453.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7453", "ID": "CVE-2013-7453",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" "lang": "eng",
}, "value": "The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing."
{ }
"name" : "https://nodesecurity.io/advisories/41", ]
"refsource" : "CONFIRM", },
"url" : "https://nodesecurity.io/advisories/41" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodesecurity.io/advisories/41",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/41"
},
{
"name": "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
}
]
}
}

120
2017/10xxx/CVE-2017-10778.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10778", "ID": "CVE-2017-10778",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to \"Data from Faulting Address controls Branch Selection starting at xnview+0x0000000000233125.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10778"
}
]
}
}

140
2017/10xxx/CVE-2017-10940.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "zdi-disclosures@trendmicro.com", "ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2017-10940", "ID": "CVE-2017-10940",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Joyent Smart Data Center", "product_name": "Joyent Smart Data Center",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad)" "version_value": "prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Joyent" "vendor_name": "Joyent"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://zerodayinitiative.com/advisories/ZDI-17-453", "description_data": [
"refsource" : "MISC", {
"url" : "https://zerodayinitiative.com/advisories/ZDI-17-453" "lang": "eng",
}, "value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Joyent Smart Data Center prior to agentsshar@1.0.0-release-20160901-20160901T051624Z-g3fd5adf (e469cf49-4de3-4658-8419-ab42837916ad). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the docker API. The process does not properly validate user-supplied data which can allow for the upload of arbitrary files. An attacker can leverage this vulnerability to execute arbitrary code under the context of root. Was ZDI-CAN-3853."
{ }
"name" : "https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability", ]
"refsource" : "CONFIRM", },
"url" : "https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99510", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99510" "lang": "eng",
} "value": "CWE-22-Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-17-453",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-453"
},
{
"name": "99510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99510"
},
{
"name": "https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability",
"refsource": "CONFIRM",
"url": "https://help.joyent.com/hc/en-us/articles/115009649927-Security-Advisory-ZDI-CAN-3853-Docker-File-Overwrite-Vulnerability"
}
]
}
}

34
2017/10xxx/CVE-2017-10992.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10992", "ID": "CVE-2017-10992",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14250.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14250", "ID": "CVE-2017-14250",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the \"Wireless Settings\" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://angeloanatrella86.github.io/CVE-2017/", "description_data": [
"refsource" : "MISC", {
"url" : "https://angeloanatrella86.github.io/CVE-2017/" "lang": "eng",
} "value": "In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with Firmware Version 3.11.7 Build 100603 Rel.56412n and Hardware Version: WR741N v1/v2 00000000, parameter SSID in the \"Wireless Settings\" is not properly validated. It's possible to inject malicious code: </script><H1>BUG/* </script><a href=XXX.com>. The second payload blocks the change of wireless settings. A factory reset is required."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://angeloanatrella86.github.io/CVE-2017/",
"refsource": "MISC",
"url": "https://angeloanatrella86.github.io/CVE-2017/"
}
]
}
}

140
2017/14xxx/CVE-2017-14385.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security_alert@emc.com", "ASSIGNER": "security_alert@emc.com",
"ID" : "CVE-2017-14385", "ID": "CVE-2017-14385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2", "product_name": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2" "version_value": "EMC Data Domain DD OS EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6, EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9, EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21, EMC Data Domain Virtual Edition 2.0 family, all versions, EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1, EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Memory Overflow Vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/fulldisclosure/2017/Dec/79", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://seclists.org/fulldisclosure/2017/Dec/79" "lang": "eng",
}, "value": "An issue was discovered in EMC Data Domain DD OS 5.7 family, versions prior to 5.7.5.6; EMC Data Domain DD OS 6.0 family, versions prior to 6.0.2.9; EMC Data Domain DD OS 6.1 family, versions prior to 6.1.0.21; EMC Data Domain Virtual Edition 2.0 family, all versions; EMC Data Domain Virtual Edition 3.0 family, versions prior to 3.0 SP2 Update 1; and EMC Data Domain Virtual Edition 3.1 family, versions prior to 3.1 Update 2. EMC Data Domain DD OS contains a memory overflow vulnerability in SMBv1 which may potentially be exploited by an unauthenticated remote attacker. An attacker may completely shut down both the SMB service and active directory authentication. This may also allow remote code injection and execution."
{ }
"name" : "102289", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102289" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040027", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040027" "lang": "eng",
} "value": "Memory Overflow Vulnerability"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Dec/79",
"refsource": "CONFIRM",
"url": "http://seclists.org/fulldisclosure/2017/Dec/79"
},
{
"name": "1040027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040027"
},
{
"name": "102289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102289"
}
]
}
}

140
2017/14xxx/CVE-2017-14528.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14528", "ID": "CVE-2017-14528",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugzilla.maptools.org/show_bug.cgi?id=2730", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugzilla.maptools.org/show_bug.cgi?id=2730" "lang": "eng",
}, "value": "The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has incorrect expectations about whether LibTIFF TIFFGetField return values imply that data validation has occurred, which allows remote attackers to cause a denial of service (use-after-free after an invalid call to TIFFSetField, and application crash) via a crafted file."
{ }
"name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560", ]
"refsource" : "MISC", },
"url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100875", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100875" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.maptools.org/show_bug.cgi?id=2730",
"refsource": "MISC",
"url": "http://bugzilla.maptools.org/show_bug.cgi?id=2730"
},
{
"name": "100875",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100875"
},
{
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560",
"refsource": "MISC",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560"
}
]
}
}

120
2017/14xxx/CVE-2017-14567.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14567", "ID": "CVE-2017-14567",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14567", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14567" "lang": "eng",
} "value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an \"Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14567",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14567"
}
]
}
}

120
2017/14xxx/CVE-2017-14710.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14710", "ID": "CVE-2017-14710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Shein Group Ltd. \"SHEIN - Fashion Shopping\" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/" "lang": "eng",
} "value": "The Shein Group Ltd. \"SHEIN - Fashion Shopping\" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/",
"refsource": "MISC",
"url": "https://www.crissyfield.de/blog/2017/12/14/missing-certificate-validation/"
}
]
}
}

512
2017/17xxx/CVE-2017-17137.json
View File

@ -1,258 +1,258 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-12-06T00:00:00", "DATE_PUBLIC": "2017-12-06T00:00:00",
"ID" : "CVE-2017-17137", "ID": "CVE-2017-17137",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030", "product_name": "DP300; IPS Module; NGFW Module; NIP6300; NIP6600; RP200; S12700; S1700; S2700; S5700; S6700; S7700; S9700; Secospace USG6300; Secospace USG6500; Secospace USG6600; TE30; TE40; TE50; TE60; TP3106; TP3206; USG9500; ViewPoint 9030",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "DP300 V500R002C00" "version_value": "DP300 V500R002C00"
}, },
{ {
"version_value" : "IPS Module V500R001C00" "version_value": "IPS Module V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "NGFW Module V500R001C00" "version_value": "NGFW Module V500R001C00"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "NIP6300 V500R001C00" "version_value": "NIP6300 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "NIP6600 V500R001C00" "version_value": "NIP6600 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "RP200 V500R002C00" "version_value": "RP200 V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "S12700 V200R007C00" "version_value": "S12700 V200R007C00"
}, },
{ {
"version_value" : "V200R007C01" "version_value": "V200R007C01"
}, },
{ {
"version_value" : "V200R008C00" "version_value": "V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S1700 V200R006C10" "version_value": "S1700 V200R006C10"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S2700 V200R006C10" "version_value": "S2700 V200R006C10"
}, },
{ {
"version_value" : "V200R007C00" "version_value": "V200R007C00"
}, },
{ {
"version_value" : "V200R008C00" "version_value": "V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S5700 V200R006C00" "version_value": "S5700 V200R006C00"
}, },
{ {
"version_value" : "V200R007C00" "version_value": "V200R007C00"
}, },
{ {
"version_value" : "V200R008C00" "version_value": "V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S6700 V200R008C00" "version_value": "S6700 V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S7700 V200R007C00" "version_value": "S7700 V200R007C00"
}, },
{ {
"version_value" : "V200R008C00" "version_value": "V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "S9700 V200R007C00" "version_value": "S9700 V200R007C00"
}, },
{ {
"version_value" : "V200R007C01" "version_value": "V200R007C01"
}, },
{ {
"version_value" : "V200R008C00" "version_value": "V200R008C00"
}, },
{ {
"version_value" : "V200R009C00" "version_value": "V200R009C00"
}, },
{ {
"version_value" : "V200R010C00" "version_value": "V200R010C00"
}, },
{ {
"version_value" : "Secospace USG6300 V500R001C00" "version_value": "Secospace USG6300 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "Secospace USG6500 V500R001C00" "version_value": "Secospace USG6500 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "Secospace USG6600 V500R001C00" "version_value": "Secospace USG6600 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30S" "version_value": "V500R001C30S"
}, },
{ {
"version_value" : "TE30 V100R001C02" "version_value": "TE30 V100R001C02"
}, },
{ {
"version_value" : "V100R001C10" "version_value": "V100R001C10"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE40 V500R002C00" "version_value": "TE40 V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE50 V500R002C00" "version_value": "TE50 V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE60 V100R001C01" "version_value": "TE60 V100R001C01"
}, },
{ {
"version_value" : "V100R001C10" "version_value": "V100R001C10"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TP3106 V100R002C00" "version_value": "TP3106 V100R002C00"
}, },
{ {
"version_value" : "TP3206 V100R002C00" "version_value": "TP3206 V100R002C00"
}, },
{ {
"version_value" : "V100R002C10" "version_value": "V100R002C10"
}, },
{ {
"version_value" : "USG9500 V500R001C00" "version_value": "USG9500 V500R001C00"
}, },
{ {
"version_value" : "V500R001C30" "version_value": "V500R001C30"
}, },
{ {
"version_value" : "ViewPoint 9030 V100R011C02" "version_value": "ViewPoint 9030 V100R011C02"
}, },
{ {
"version_value" : "V100R011C03" "version_value": "V100R011C03"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-Bounds memory access"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en" "lang": "eng",
} "value": "PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; NGFW Module V500R001C00; V500R002C00; NIP6300 V500R001C00; V500R001C30; NIP6600 V500R001C00; V500R001C30; RP200 V500R002C00; V600R006C00; S12700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; S1700 V200R006C10; V200R009C00; V200R010C00; S2700 V200R006C10; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S5700 V200R006C00; V200R007C00; V200R008C00; V200R009C00; V200R010C00; S6700 V200R008C00; V200R009C00; V200R010C00; S7700 V200R007C00; V200R008C00; V200R009C00; V200R010C00; S9700 V200R007C00; V200R007C01; V200R008C00; V200R009C00; V200R010C00; Secospace USG6300 V500R001C00; V500R001C30; Secospace USG6500 V500R001C00; V500R001C30; Secospace USG6600 V500R001C00; V500R001C30S; TE30 V100R001C02; V100R001C10; V500R002C00; V600R006C00; TE40 V500R002C00; V600R006C00; TE50 V500R002C00; V600R006C00; TE60 V100R001C01; V100R001C10; V500R002C00; V600R006C00; TP3106 V100R002C00; TP3206 V100R002C00; V100R002C10; USG9500 V500R001C00; V500R001C30; ViewPoint 9030 V100R011C02; V100R011C03 has an Out-of-Bounds memory access vulnerability due to insufficient verification. An authenticated local attacker can make processing crash by a malicious certificate. The attacker can exploit this vulnerability to cause a denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds memory access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-pem-en"
}
]
}
}

698
2017/17xxx/CVE-2017-17142.json
View File

@ -1,351 +1,351 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC" : "2017-12-06T00:00:00", "DATE_PUBLIC": "2017-12-06T00:00:00",
"ID" : "CVE-2017-17142", "ID": "CVE-2017-17142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981", "product_name": "DP300; RP200; RSE6500; TE30; TE40; TE50; TE60; TP3106; TP3206; ViewPoint 9030; eSpace U1960; eSpace U1981",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "DP300 V500R002C00" "version_value": "DP300 V500R002C00"
}, },
{ {
"version_value" : "V500R002C00SPC100" "version_value": "V500R002C00SPC100"
}, },
{ {
"version_value" : "V500R002C00SPC200" "version_value": "V500R002C00SPC200"
}, },
{ {
"version_value" : "V500R002C00SPC300" "version_value": "V500R002C00SPC300"
}, },
{ {
"version_value" : "V500R002C00SPC400" "version_value": "V500R002C00SPC400"
}, },
{ {
"version_value" : "V500R002C00SPC500" "version_value": "V500R002C00SPC500"
}, },
{ {
"version_value" : "V500R002C00SPC600" "version_value": "V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC800" "version_value": "V500R002C00SPC800"
}, },
{ {
"version_value" : "V500R002C00SPC900" "version_value": "V500R002C00SPC900"
}, },
{ {
"version_value" : "V500R002C00SPCa00" "version_value": "V500R002C00SPCa00"
}, },
{ {
"version_value" : "RP200 V500R002C00SPC200" "version_value": "RP200 V500R002C00SPC200"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "V600R006C00SPC200" "version_value": "V600R006C00SPC200"
}, },
{ {
"version_value" : "RSE6500 V500R002C00SPC100" "version_value": "RSE6500 V500R002C00SPC100"
}, },
{ {
"version_value" : "V500R002C00SPC200" "version_value": "V500R002C00SPC200"
}, },
{ {
"version_value" : "V500R002C00SPC300" "version_value": "V500R002C00SPC300"
}, },
{ {
"version_value" : "V500R002C00SPC300T" "version_value": "V500R002C00SPC300T"
}, },
{ {
"version_value" : "V500R002C00SPC500" "version_value": "V500R002C00SPC500"
}, },
{ {
"version_value" : "V500R002C00SPC600" "version_value": "V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC700" "version_value": "V500R002C00SPC700"
}, },
{ {
"version_value" : "V500R002C00T" "version_value": "V500R002C00T"
}, },
{ {
"version_value" : "TE30 V100R001C10" "version_value": "TE30 V100R001C10"
}, },
{ {
"version_value" : "V100R001C10SPC100" "version_value": "V100R001C10SPC100"
}, },
{ {
"version_value" : "V100R001C10SPC200B010" "version_value": "V100R001C10SPC200B010"
}, },
{ {
"version_value" : "V100R001C10SPC300" "version_value": "V100R001C10SPC300"
}, },
{ {
"version_value" : "V100R001C10SPC500" "version_value": "V100R001C10SPC500"
}, },
{ {
"version_value" : "V100R001C10SPC600" "version_value": "V100R001C10SPC600"
}, },
{ {
"version_value" : "V100R001C10SPC700B010" "version_value": "V100R001C10SPC700B010"
}, },
{ {
"version_value" : "V100R001C10SPC800" "version_value": "V100R001C10SPC800"
}, },
{ {
"version_value" : "V500R002C00SPC200" "version_value": "V500R002C00SPC200"
}, },
{ {
"version_value" : "V500R002C00SPC500" "version_value": "V500R002C00SPC500"
}, },
{ {
"version_value" : "V500R002C00SPC600" "version_value": "V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC700" "version_value": "V500R002C00SPC700"
}, },
{ {
"version_value" : "V500R002C00SPC900" "version_value": "V500R002C00SPC900"
}, },
{ {
"version_value" : "V500R002C00SPCb00" "version_value": "V500R002C00SPCb00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "TE40 V500R002C00SPC600" "version_value": "TE40 V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC700" "version_value": "V500R002C00SPC700"
}, },
{ {
"version_value" : "V500R002C00SPC900" "version_value": "V500R002C00SPC900"
}, },
{ {
"version_value" : "V500R002C00SPCb00" "version_value": "V500R002C00SPCb00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "V600R006C00SPC200" "version_value": "V600R006C00SPC200"
}, },
{ {
"version_value" : "TE50 V500R002C00SPC600" "version_value": "TE50 V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC700" "version_value": "V500R002C00SPC700"
}, },
{ {
"version_value" : "V500R002C00SPCb00" "version_value": "V500R002C00SPCb00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "V600R006C00SPC200" "version_value": "V600R006C00SPC200"
}, },
{ {
"version_value" : "TE60 V100R001C01SPC100" "version_value": "TE60 V100R001C01SPC100"
}, },
{ {
"version_value" : "V100R001C01SPC107TB010" "version_value": "V100R001C01SPC107TB010"
}, },
{ {
"version_value" : "V100R001C10" "version_value": "V100R001C10"
}, },
{ {
"version_value" : "V100R001C10SPC300" "version_value": "V100R001C10SPC300"
}, },
{ {
"version_value" : "V100R001C10SPC400" "version_value": "V100R001C10SPC400"
}, },
{ {
"version_value" : "V100R001C10SPC500" "version_value": "V100R001C10SPC500"
}, },
{ {
"version_value" : "V100R001C10SPC600" "version_value": "V100R001C10SPC600"
}, },
{ {
"version_value" : "V100R001C10SPC700" "version_value": "V100R001C10SPC700"
}, },
{ {
"version_value" : "V100R001C10SPC800" "version_value": "V100R001C10SPC800"
}, },
{ {
"version_value" : "V100R001C10SPC900" "version_value": "V100R001C10SPC900"
}, },
{ {
"version_value" : "V500R002C00" "version_value": "V500R002C00"
}, },
{ {
"version_value" : "V500R002C00SPC100" "version_value": "V500R002C00SPC100"
}, },
{ {
"version_value" : "V500R002C00SPC200" "version_value": "V500R002C00SPC200"
}, },
{ {
"version_value" : "V500R002C00SPC300" "version_value": "V500R002C00SPC300"
}, },
{ {
"version_value" : "V500R002C00SPC600" "version_value": "V500R002C00SPC600"
}, },
{ {
"version_value" : "V500R002C00SPC700" "version_value": "V500R002C00SPC700"
}, },
{ {
"version_value" : "V500R002C00SPC800" "version_value": "V500R002C00SPC800"
}, },
{ {
"version_value" : "V500R002C00SPC900" "version_value": "V500R002C00SPC900"
}, },
{ {
"version_value" : "V500R002C00SPCa00" "version_value": "V500R002C00SPCa00"
}, },
{ {
"version_value" : "V500R002C00SPCb00" "version_value": "V500R002C00SPCb00"
}, },
{ {
"version_value" : "V500R002C00SPCd00" "version_value": "V500R002C00SPCd00"
}, },
{ {
"version_value" : "V600R006C00" "version_value": "V600R006C00"
}, },
{ {
"version_value" : "V600R006C00SPC100" "version_value": "V600R006C00SPC100"
}, },
{ {
"version_value" : "V600R006C00SPC200" "version_value": "V600R006C00SPC200"
}, },
{ {
"version_value" : "V600R006C00SPC300" "version_value": "V600R006C00SPC300"
}, },
{ {
"version_value" : "TP3106 V100R002C00" "version_value": "TP3106 V100R002C00"
}, },
{ {
"version_value" : "V100R002C00SPC200" "version_value": "V100R002C00SPC200"
}, },
{ {
"version_value" : "V100R002C00SPC400" "version_value": "V100R002C00SPC400"
}, },
{ {
"version_value" : "V100R002C00SPC600" "version_value": "V100R002C00SPC600"
}, },
{ {
"version_value" : "V100R002C00SPC700" "version_value": "V100R002C00SPC700"
}, },
{ {
"version_value" : "V100R002C00SPC800" "version_value": "V100R002C00SPC800"
}, },
{ {
"version_value" : "TP3206 V100R002C00" "version_value": "TP3206 V100R002C00"
}, },
{ {
"version_value" : "V100R002C00SPC200" "version_value": "V100R002C00SPC200"
}, },
{ {
"version_value" : "V100R002C00SPC400" "version_value": "V100R002C00SPC400"
}, },
{ {
"version_value" : "V100R002C00SPC600" "version_value": "V100R002C00SPC600"
}, },
{ {
"version_value" : "V100R002C00SPC700" "version_value": "V100R002C00SPC700"
}, },
{ {
"version_value" : "V100R002C10" "version_value": "V100R002C10"
}, },
{ {
"version_value" : "ViewPoint 9030 V100R011C02SPC100" "version_value": "ViewPoint 9030 V100R011C02SPC100"
}, },
{ {
"version_value" : "V100R011C03B012SP15" "version_value": "V100R011C03B012SP15"
}, },
{ {
"version_value" : "V100R011C03B012SP16" "version_value": "V100R011C03B012SP16"
}, },
{ {
"version_value" : "V100R011C03B015SP03" "version_value": "V100R011C03B015SP03"
}, },
{ {
"version_value" : "V100R011C03LGWL01SPC100" "version_value": "V100R011C03LGWL01SPC100"
}, },
{ {
"version_value" : "V100R011C03SPC100" "version_value": "V100R011C03SPC100"
}, },
{ {
"version_value" : "V100R011C03SPC200" "version_value": "V100R011C03SPC200"
}, },
{ {
"version_value" : "V100R011C03SPC300" "version_value": "V100R011C03SPC300"
}, },
{ {
"version_value" : "V100R011C03SPC400" "version_value": "V100R011C03SPC400"
}, },
{ {
"version_value" : "V100R011C03SPC500" "version_value": "V100R011C03SPC500"
}, },
{ {
"version_value" : "eSpace U1960 V200R003C30SPC200" "version_value": "eSpace U1960 V200R003C30SPC200"
}, },
{ {
"version_value" : "eSpace U1981 V100R001C20SPC700" "version_value": "eSpace U1981 V100R001C20SPC700"
}, },
{ {
"version_value" : "V200R003C20SPCa00" "version_value": "V200R003C20SPCa00"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that attacker can exploit by sending a specially crafted SIP message leading to a process reboot at random."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en" "lang": "eng",
} "value": "SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC400; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; RP200 V500R002C00SPC200; V600R006C00; V600R006C00SPC200; RSE6500 V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC300T; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00T; TE30 V100R001C10; V100R001C10SPC100; V100R001C10SPC200B010; V100R001C10SPC300; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700B010; V100R001C10SPC800; V500R002C00SPC200; V500R002C00SPC500; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; TE40 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC900; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE50 V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPCb00; V600R006C00; V600R006C00SPC200; TE60 V100R001C01SPC100; V100R001C01SPC107TB010; V100R001C10; V100R001C10SPC300; V100R001C10SPC400; V100R001C10SPC500; V100R001C10SPC600; V100R001C10SPC700; V100R001C10SPC800; V100R001C10SPC900; V500R002C00; V500R002C00SPC100; V500R002C00SPC200; V500R002C00SPC300; V500R002C00SPC600; V500R002C00SPC700; V500R002C00SPC800; V500R002C00SPC900; V500R002C00SPCa00; V500R002C00SPCb00; V500R002C00SPCd00; V600R006C00; V600R006C00SPC100; V600R006C00SPC200; V600R006C00SPC300; TP3106 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C00SPC800; TP3206 V100R002C00; V100R002C00SPC200; V100R002C00SPC400; V100R002C00SPC600; V100R002C00SPC700; V100R002C10; ViewPoint 9030 V100R011C02SPC100; V100R011C03B012SP15; V100R011C03B012SP16; V100R011C03B015SP03; V100R011C03LGWL01SPC100; V100R011C03SPC100; V100R011C03SPC200; V100R011C03SPC300; V100R011C03SPC400; V100R011C03SPC500; eSpace U1960 V200R003C30SPC200; eSpace U1981 V100R001C20SPC700; V200R003C20SPCa00 has an overflow vulnerability that attacker can exploit by sending a specially crafted SIP message leading to a process reboot at random."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-sip-en"
}
]
}
}

34
2017/17xxx/CVE-2017-17275.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17275", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17275",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17525.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17525", "ID": "CVE-2017-17525",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security-tracker.debian.org/tracker/CVE-2017-17525", "description_data": [
"refsource" : "MISC", {
"url" : "https://security-tracker.debian.org/tracker/CVE-2017-17525" "lang": "eng",
} "value": "guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-17525",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-17525"
}
]
}
}

34
2017/9xxx/CVE-2017-9004.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9004", "ID": "CVE-2017-9004",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/9xxx/CVE-2017-9258.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9258", "ID": "CVE-2017-9258",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42389", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42389/" "lang": "eng",
}, "value": "The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file."
{ }
"name" : "http://seclists.org/fulldisclosure/2017/Jul/62", ]
"refsource" : "MISC", },
"url" : "http://seclists.org/fulldisclosure/2017/Jul/62" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2017/Jul/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2017/Jul/62"
},
{
"name": "42389",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42389/"
}
]
}
}

140
2017/9xxx/CVE-2017-9463.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9463", "ID": "CVE-2017-9463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Piwigo/Piwigo/commit/42920897ce927c236728d387f61bf03d117109a2", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Piwigo/Piwigo/commit/42920897ce927c236728d387f61bf03d117109a2" "lang": "eng",
}, "value": "The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The user_list_backend.php component is affected: values of the iDisplayStart & iDisplayLength parameters are not sanitized; these are used to construct a SQL query and retrieve a list of registered users into the application."
{ }
"name" : "https://github.com/Piwigo/Piwigo/issues/705", ]
"refsource" : "MISC", },
"url" : "https://github.com/Piwigo/Piwigo/issues/705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-003", "description": [
"refsource" : "MISC", {
"url" : "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-003" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Piwigo/Piwigo/issues/705",
"refsource": "MISC",
"url": "https://github.com/Piwigo/Piwigo/issues/705"
},
{
"name": "https://github.com/Piwigo/Piwigo/commit/42920897ce927c236728d387f61bf03d117109a2",
"refsource": "MISC",
"url": "https://github.com/Piwigo/Piwigo/commit/42920897ce927c236728d387f61bf03d117109a2"
},
{
"name": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-003",
"refsource": "MISC",
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2017-003"
}
]
}
}

122
2017/9xxx/CVE-2017-9796.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-01-09T00:00:00", "DATE_PUBLIC": "2018-01-09T00:00:00",
"ID" : "CVE-2017-9796", "ID": "CVE-2017-9796",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Geode", "product_name": "Apache Geode",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.0.0 to 1.2.1" "version_value": "1.0.0 to 1.2.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[user] 20180109 [SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.apache.org/thread.html/e580d22195b6b61ff9cf866ac6dd6fe16e790ff0e14a3b1a22cd20b1@%3Cuser.geode.apache.org%3E" "lang": "eng",
} "value": "When an Apache Geode cluster before v1.3.0 is operating in secure mode, a user with read access to specific regions within a Geode cluster may execute OQL queries containing a region name as a bind parameter that allow read access to objects within unauthorized regions."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[user] 20180109 [SECURITY] CVE-2017-9796 Apache Geode OQL bind parameter vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e580d22195b6b61ff9cf866ac6dd6fe16e790ff0e14a3b1a22cd20b1@%3Cuser.geode.apache.org%3E"
}
]
}
}

130
2018/0xxx/CVE-2018-0385.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0385", "ID": "CVE-2018-0385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Firepower unknown", "product_name": "Cisco Firepower unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Firepower unknown" "version_value": "Cisco Firepower unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-399"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepwr-ssl-dos", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepwr-ssl-dos" "lang": "eng",
}, "value": "A vulnerability in the detection engine parsing of Security Socket Layer (SSL) protocol packets for Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper input handling of the SSL traffic. An attacker could exploit this vulnerability by sending a crafted SSL traffic to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. Cisco Bug IDs: CSCvi36434."
{ }
"name" : "104727", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104727" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-399"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104727"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepwr-ssl-dos",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180711-firepwr-ssl-dos"
}
]
}
}

154
2018/0xxx/CVE-2018-0455.json
View File

@ -1,79 +1,79 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500", "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-0455", "ID": "CVE-2018-0455",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Firepower System Software Detection Engine Denial of Service Vulnerability" "TITLE": "Cisco Firepower System Software Detection Engine Denial of Service Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco FireSIGHT System Software ", "product_name": "Cisco FireSIGHT System Software ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-19"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181003 Cisco Firepower System Software Detection Engine Denial of Service Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort" "lang": "eng",
} "value": "A vulnerability in the Server Message Block Version 2 (SMBv2) and Version 3 (SMBv3) protocol implementation for the Cisco Firepower System Software could allow an unauthenticated, remote attacker to cause the device to run low on system memory, possibly preventing the device from forwarding traffic. It is also possible that a manual reload of the device may be required to clear the condition. The vulnerability is due to incorrect SMB header validation. An attacker could exploit this vulnerability by sending a custom SMB file transfer through the targeted device. A successful exploit could cause the device to consume an excessive amount of system memory and prevent the SNORT process from forwarding network traffic. This vulnerability can be exploited using either IPv4 or IPv6 in combination with SMBv2 or SMBv3 network traffic."
] }
}, ]
"source" : { },
"advisory" : "cisco-sa-20181003-fp-smb-snort", "impact": {
"defect" : [ "cvss": {
[ "baseScore": "8.6",
"CSCvg28189" "version": "3.0"
] }
], },
"discovery" : "UNKNOWN" "problemtype": {
} "problemtype_data": [
} {
"description": [
{
"lang": "eng",
"value": "CWE-19"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181003 Cisco Firepower System Software Detection Engine Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-fp-smb-snort"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-fp-smb-snort",
"defect": [
[
"CSCvg28189"
]
],
"discovery": "UNKNOWN"
}
}

130
2018/0xxx/CVE-2018-0566.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0566", "ID": "CVE-2018-0566",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cybozu Office", "product_name": "Cybozu Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "10.0.0 to 10.8.0" "version_value": "10.0.0 to 10.8.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cybozu, Inc." "vendor_name": "Cybozu, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.cybozu.com/ja-jp/article/10195", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.cybozu.com/ja-jp/article/10195" "lang": "eng",
}, "value": "Cybozu Office 10.0.0 to 10.8.0 allows authenticated attackers to bypass authentication to obtain the schedules without access privilege via unspecified vectors."
{ }
"name" : "JVN#51737843", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN51737843/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.cybozu.com/ja-jp/article/10195",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/10195"
},
{
"name": "JVN#51737843",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51737843/index.html"
}
]
}
}

152
2018/0xxx/CVE-2018-0762.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-03T00:00:00", "DATE_PUBLIC": "2018-01-03T00:00:00",
"ID" : "CVE-2018-0762", "ID": "CVE-2018-0762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge, Internet Explorer", "product_name": "Microsoft Edge, Internet Explorer",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016." "version_value": "Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft Corporation" "vendor_name": "Microsoft Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762" "lang": "eng",
}, "value": "Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka \"Scripting Engine Memory Corruption Vulnerability\". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781."
{ }
"name" : "102408", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102408" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040099", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040099" "lang": "eng",
}, "value": "Remote Code Execution"
{ }
"name" : "1040100", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040100" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0762"
},
{
"name": "1040100",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040100"
},
{
"name": "102408",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102408"
},
{
"name": "1040099",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040099"
}
]
}
}

146
2018/0xxx/CVE-2018-0920.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-0920", "ID": "CVE-2018-0920",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Excel", "product_name": "Microsoft Excel",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2010 Service Pack 2 (32-bit editions)" "version_value": "2010 Service Pack 2 (32-bit editions)"
}, },
{ {
"version_value" : "2010 Service Pack 2 (64-bit editions)" "version_value": "2010 Service Pack 2 (64-bit editions)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-1011, CVE-2018-1027, CVE-2018-1029."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-1011, CVE-2018-1027, CVE-2018-1029."
{ }
"name" : "103608", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103608" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040652", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040652" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1040652",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040652"
},
{
"name": "103608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103608"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0920"
}
]
}
}

198
2018/0xxx/CVE-2018-0965.json
View File

@ -1,101 +1,101 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-0965", "ID": "CVE-2018-0965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0965", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0965" "lang": "eng",
}, "value": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Remote Code Execution Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439."
{ }
"name" : "105229", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105229" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041624", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041624" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0965",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0965"
},
{
"name": "105229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105229"
},
{
"name": "1041624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041624"
}
]
}
}

256
2018/1000xxx/CVE-2018-1000199.json
View File

@ -1,130 +1,130 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-05-18T21:46:02.320084", "DATE_ASSIGNED": "2018-05-18T21:46:02.320084",
"DATE_REQUESTED" : "2018-04-17T08:55:55", "DATE_REQUESTED": "2018-04-17T08:55:55",
"ID" : "CVE-2018-1000199", "ID": "CVE-2018-1000199",
"REQUESTER" : "luto@kernel.org", "REQUESTER": "luto@kernel.org",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Linux Kernel", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.18" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Linux Kernel" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "dangerous feature"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lkml.org/lkml/2018/4/6/813" "lang": "eng",
}, "value": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f."
{ }
"name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4187", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4187" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4188", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4188" ]
}, },
{ "references": {
"name" : "RHSA-2018:1318", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1318" "name": "DSA-4187",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4187"
"name" : "RHSA-2018:1345", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1345" "name": "RHSA-2018:1347",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1347"
"name" : "RHSA-2018:1347", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1347" "name": "RHSA-2018:1348",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1348"
"name" : "RHSA-2018:1348", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1348" "name": "DSA-4188",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4188"
"name" : "RHSA-2018:1354", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1354" "name": "RHSA-2018:1354",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1354"
"name" : "RHSA-2018:1355", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1355" "name": "1040806",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1040806"
"name" : "RHSA-2018:1374", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1374" "name": "RHSA-2018:1355",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1355"
"name" : "USN-3641-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3641-2/" "name": "RHSA-2018:1345",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1345"
"name" : "USN-3641-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3641-1/" "name": "RHSA-2018:1318",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1318"
"name" : "1040806", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040806" "name": "RHSA-2018:1374",
} "refsource": "REDHAT",
] "url": "https://access.redhat.com/errata/RHSA-2018:1374"
} },
} {
"name": "[linux-kernel] 20180406 [PATCH 3.18 40/93] perf/hwbp: Simplify the perf-hwbp code, fix documentation",
"refsource": "MLIST",
"url": "https://lkml.org/lkml/2018/4/6/813"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3641-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"name": "USN-3641-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-1/"
}
]
}
}

34
2018/1000xxx/CVE-2018-1000853.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-1000853", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-1000853",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-18925. Reason: This candidate is a reservation duplicate of CVE-2018-18925. Notes: All CVE users should reference CVE-2018-18925 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-18925. Reason: This candidate is a reservation duplicate of CVE-2018-18925. Notes: All CVE users should reference CVE-2018-18925 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

130
2018/19xxx/CVE-2018-19003.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "ics-cert@hq.dhs.gov", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-19003", "ID": "CVE-2018-19003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e", "product_name": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Mark VIe Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C" "version_value": "Mark VIe Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04", "description_data": [
"refsource" : "MISC", {
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04" "lang": "eng",
}, "value": "GE Mark VIe, EX2100e, EX2100e_Reg, and LS2100e Versions 03.03.28C to 05.02.04C, EX2100e All versions prior to v04.09.00C, EX2100e_Reg All versions prior to v04.09.00C, and LS2100e All versions prior to v04.09.00C The affected versions of the application have a path traversal vulnerability that fails to restrict the ability of an attacker to gain access to restricted information."
{ }
"name" : "106216", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106216" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "IMPROPER LIMITATION OF A PATHNAME TO A RESTRICTED DIRECTORY ('PATH TRAVERSAL') CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-347-04"
},
{
"name": "106216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106216"
}
]
}
}

34
2018/19xxx/CVE-2018-19442.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19442", "ID": "CVE-2018-19442",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

53
2018/19xxx/CVE-2018-19509.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19509", "ID": "CVE-2018-19509",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,33 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "wg7.php in Webgalamb 7.0 makes opportunistic calls to htmlspecialchars() instead of using a templating engine with proper contextual encoding. Because it is possible to insert arbitrary strings into the database, any JavaScript could be executed by the administrator, leading to XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html"
},
{
"url": "http://seclists.org/fulldisclosure/2019/Jan/15",
"refsource": "MISC",
"name": "http://seclists.org/fulldisclosure/2019/Jan/15"
} }
] ]
} }

34
2018/19xxx/CVE-2018-19563.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19563", "ID": "CVE-2018-19563",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/19xxx/CVE-2018-19748.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19748", "ID": "CVE-2018-19748",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_directory_traversal.doc", "description_data": [
"refsource" : "MISC", {
"url" : "https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_directory_traversal.doc" "lang": "eng",
}, "value": "app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector)."
{ }
"name" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/SDCMS_1.6_directory_traversal.doc", ]
"refsource" : "MISC", },
"url" : "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/SDCMS_1.6_directory_traversal.doc" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_directory_traversal.doc",
"refsource": "MISC",
"url": "https://blog.whiterabbitxyj.com/cve/SDCMS_1.6_directory_traversal.doc"
},
{
"name": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/SDCMS_1.6_directory_traversal.doc",
"refsource": "MISC",
"url": "https://github.com/WhiteRabbitc/WhiteRabbitc.github.io/blob/master/cve/SDCMS_1.6_directory_traversal.doc"
}
]
}
}

120
2018/19xxx/CVE-2018-19827.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19827", "ID": "CVE-2018-19827",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sass/libsass/issues/2782", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sass/libsass/issues/2782" "lang": "eng",
} "value": "In LibSass 3.5.5, a use-after-free vulnerability exists in the SharedPtr class in SharedPtr.cpp (or SharedPtr.hpp) that may cause a denial of service (application crash) or possibly have unspecified other impact."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sass/libsass/issues/2782",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/issues/2782"
}
]
}
}

178
2018/1xxx/CVE-2018-1844.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-09T00:00:00", "DATE_PUBLIC": "2018-10-09T00:00:00",
"ID" : "CVE-2018-1844", "ID": "CVE-2018-1844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FileNet Content Manager", "product_name": "FileNet Content Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.2.1" "version_value": "5.2.1"
}, },
{ {
"version_value" : "5.5.0" "version_value": "5.5.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "L",
"AC" : "L",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "7.100",
"UI" : "N"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10732755", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10732755" "lang": "eng",
}, "value": "IBM FileNet Content Manager 5.2.1 and 5.5.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150904."
{ }
"name" : "ibm-case-cve20181844-info-disc(150904)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/150904" "impact": {
} "cvssv3": {
] "BM": {
} "A": "L",
} "AC": "L",
"AV": "N",
"C": "H",
"I": "N",
"PR": "L",
"S": "U",
"SCORE": "7.100",
"UI": "N"
},
"TM": {
"E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-case-cve20181844-info-disc(150904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/150904"
},
{
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10732755",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10732755"
}
]
}
}

34
2018/4xxx/CVE-2018-4407.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4407", "ID": "CVE-2018-4407",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4580.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4580", "ID": "CVE-2018-4580",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }