admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:17:14 +00:00
parent 2bdb4aa08d
commit 44b6937248
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3559 additions and 3491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
2004/1xxx/CVE-2004-1154.json
View File

@ -1,136 +1,136 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1154",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1154",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow."
"lang": "eng",
"value": "Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities"
"name": "http://www.samba.org/samba/security/CAN-2004-1154.html",
"refsource": "CONFIRM",
"url": "http://www.samba.org/samba/security/CAN-2004-1154.html"
},
{
"name" : "http://www.samba.org/samba/security/CAN-2004-1154.html",
"refsource" : "CONFIRM",
"url" : "http://www.samba.org/samba/security/CAN-2004-1154.html"
"name": "101643",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1"
},
{
"name" : "APPLE-SA-2005-03-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
"name": "oval:org.mitre.oval:def:10236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236"
},
{
"name" : "DSA-701",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-701"
"name": "11973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11973"
},
{
"name" : "RHSA-2005:020",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-020.html"
"name": "samba-msrpc-heap-corruption(18519)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18519"
},
{
"name" : "SCOSA-2005.17",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt"
"name": "RHSA-2005:020",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-020.html"
},
{
"name" : "101643",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1"
"name": "oval:org.mitre.oval:def:642",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642"
},
{
"name" : "57730",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1"
"name": "13453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13453/"
},
{
"name" : "SUSE-SA:2004:045",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2004_45_samba.html"
"name": "DSA-701",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-701"
},
{
"name" : "VU#226184",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/226184"
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name" : "11973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11973"
"name": "57730",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1"
},
{
"name" : "oval:org.mitre.oval:def:1459",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459"
"name": "20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities"
},
{
"name" : "oval:org.mitre.oval:def:642",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A642"
"name": "SUSE-SA:2004:045",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_45_samba.html"
},
{
"name" : "oval:org.mitre.oval:def:10236",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10236"
"name": "oval:org.mitre.oval:def:1459",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1459"
},
{
"name" : "13453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13453/"
"name": "SCOSA-2005.17",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt"
},
{
"name" : "samba-msrpc-heap-corruption(18519)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18519"
"name": "VU#226184",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226184"
}
]
}

80
2008/3xxx/CVE-2008-3228.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3228",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3228",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
"lang": "eng",
"value": "Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that \"block common exploits\" to SEF URLs, which has unknown impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20080712 CVE requests: joomla <1.5.4",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/07/12/2"
"name": "[oss-security] 20080712 CVE requests: joomla <1.5.4",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/12/2"
},
{
"name" : "http://www.joomla.org/content/view/5180/1/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/5180/1/"
"name": "http://www.joomla.org/content/view/5180/1/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/"
},
{
"name" : "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
"name": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/5180/1/1/1/#htaccess"
},
{
"name" : "joomla-block-common-unspecified(44206)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
"name": "joomla-block-common-unspecified(44206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44206"
}
]
}

122
2008/3xxx/CVE-2008-3527.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3527",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-3527",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions."
"lang": "eng",
"value": "arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vectors, related to the install_special_mapping, syscall, and syscall32_nopage functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7"
"name": "32485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32485"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21"
"name": "oval:org.mitre.oval:def:10602",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=460251",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=460251"
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7d91d531900bfa1165d445390b3b13a8013f98f7"
},
{
"name" : "DSA-1687",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2008/dsa-1687"
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21"
},
{
"name" : "RHSA-2008:0957",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
"name": "RHSA-2008:0957",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0957.html"
},
{
"name" : "SUSE-SR:2008:025",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
"name": "1021137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021137"
},
{
"name" : "oval:org.mitre.oval:def:10602",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10602"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=460251",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=460251"
},
{
"name" : "1021137",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021137"
"name": "DSA-1687",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1687"
},
{
"name" : "32485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32485"
"name": "32759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32759"
},
{
"name" : "32759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32759"
"name": "33180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33180"
},
{
"name" : "33180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33180"
"name": "SUSE-SR:2008:025",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html"
}
]
}

86
2008/3xxx/CVE-2008-3725.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3725",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3725",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6271",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6271"
"name": "6271",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6271"
},
{
"name" : "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt"
"name": "31491",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31491"
},
{
"name" : "30742",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30742"
"name": "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt",
"refsource": "MISC",
"url": "http://packetstorm.linuxsecurity.com/0808-exploits/adboard-sql.txt"
},
{
"name" : "31491",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31491"
"name": "30742",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30742"
},
{
"name" : "adboard-trr-sql-injection(44532)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44532"
"name": "adboard-trr-sql-injection(44532)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44532"
}
]
}

110
2008/3xxx/CVE-2008-3739.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3739",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3739",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving upload of files containing XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://wiz.syscon.co.jp/Details.htm",
"refsource" : "CONFIRM",
"url" : "http://wiz.syscon.co.jp/Details.htm"
"name": "JVN#52557009",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52557009/index.html"
},
{
"name" : "http://www.spacetag.jp/modules/products/index.php?id=54",
"refsource" : "CONFIRM",
"url" : "http://www.spacetag.jp/modules/products/index.php?id=54"
"name": "30791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30791"
},
{
"name" : "JVN#27417220",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN27417220/index.html"
"name": "JVN#27417220",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN27417220/index.html"
},
{
"name" : "JVN#52557009",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52557009/index.html"
"name": "31574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31574"
},
{
"name" : "JVNDB-2008-000048",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html"
"name": "lacooda-unspecified-xss(44593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44593"
},
{
"name" : "30791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30791"
"name": "JVNDB-2008-000048",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000048.html"
},
{
"name" : "31574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31574"
"name": "http://wiz.syscon.co.jp/Details.htm",
"refsource": "CONFIRM",
"url": "http://wiz.syscon.co.jp/Details.htm"
},
{
"name" : "31582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31582"
"name": "31582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31582"
},
{
"name" : "lacooda-unspecified-xss(44593)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44593"
"name": "http://www.spacetag.jp/modules/products/index.php?id=54",
"refsource": "CONFIRM",
"url": "http://www.spacetag.jp/modules/products/index.php?id=54"
}
]
}

116
2008/4xxx/CVE-2008-4102.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4102",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4102",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
"lang": "eng",
"value": "Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, which makes it easier for attackers to guess the pseudo-random values produced by PHP's mt_rand function, as demonstrated by guessing password reset tokens, a different vulnerability than CVE-2008-3681."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
"name": "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122152798516853&w=2"
},
{
"name" : "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122118210029084&w=2"
"name": "4271",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4271"
},
{
"name" : "[oss-security] 20080911 CVE request: joomla < 1.5.7",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122115344915232&w=2"
"name": "20080911 Advisory 04/2008: Joomla Weak Random Password Reset Token Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496237/100/0/threaded"
},
{
"name" : "[oss-security] 20080916 Re: CVE request: joomla < 1.5.7",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=122152798516853&w=2"
"name": "31789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31789"
},
{
"name" : "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource" : "MISC",
"url" : "http://www.sektioneins.de/advisories/SE-2008-04.txt"
"name": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource": "MISC",
"url": "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
},
{
"name" : "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/",
"refsource" : "MISC",
"url" : "http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/"
"name": "joomla-randomnumbers-info-disclosure(45068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
},
{
"name" : "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
"name": "[oss-security] 20080911 CVE request: joomla < 1.5.7",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122115344915232&w=2"
},
{
"name" : "31789",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31789"
"name": "[oss-security] 20080911 CVE request for Joomla multiple vuln.",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=122118210029084&w=2"
},
{
"name" : "4271",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4271"
"name": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/272-20080902-core-random-number-generation-flaw.html"
},
{
"name" : "joomla-randomnumbers-info-disclosure(45068)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45068"
"name": "http://www.sektioneins.de/advisories/SE-2008-04.txt",
"refsource": "MISC",
"url": "http://www.sektioneins.de/advisories/SE-2008-04.txt"
}
]
}

74
2008/4xxx/CVE-2008-4511.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4511",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4511",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
"lang": "eng",
"value": "Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080927 ASP News Remote Password Disclouse Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496787/100/0/threaded"
"name": "aspnewsmanagement-news-info-disclosure(45838)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45838"
},
{
"name" : "4380",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4380"
"name": "4380",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4380"
},
{
"name" : "aspnewsmanagement-news-info-disclosure(45838)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45838"
"name": "20080927 ASP News Remote Password Disclouse Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496787/100/0/threaded"
}
]
}

74
2008/4xxx/CVE-2008-4559.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4559",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4559",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205."
"lang": "eng",
"value": "HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090206 HP Network Node Manager Multiple Command Injection Vulnerabilities",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770"
"name": "SSRT080100",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610"
},
{
"name" : "HPSBMA02406",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610"
"name": "20090206 HP Network Node Manager Multiple Command Injection Vulnerabilities",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=770"
},
{
"name" : "SSRT080100",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610"
"name": "HPSBMA02406",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01661610"
}
]
}

86
2008/4xxx/CVE-2008-4674.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4674",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4674",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode."
"lang": "eng",
"value": "SQL injection vulnerability in realestate-index.php in Conkurent Real Estate Manager 1.01 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in browse mode."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6599",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6599"
"name": "4469",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4469"
},
{
"name" : "31443",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31443"
"name": "31443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31443"
},
{
"name" : "32049",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32049"
"name": "32049",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32049"
},
{
"name" : "4469",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4469"
"name": "6599",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6599"
},
{
"name" : "realestatemanager-catid-sql-injection(45499)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45499"
"name": "realestatemanager-catid-sql-injection(45499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45499"
}
]
}

74
2008/4xxx/CVE-2008-4756.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4756",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4756",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6833",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6833"
"name": "31915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31915"
},
{
"name" : "31915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31915"
"name": "phpdaily-date-xss(46128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46128"
},
{
"name" : "phpdaily-date-xss(46128)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46128"
"name": "6833",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6833"
}
]
}

86
2008/6xxx/CVE-2008-6733.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6733",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6733",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx"
"name": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx",
"refsource": "CONFIRM",
"url": "http://www.dotnetnuke.com/News/SecurityPolicy/SecurityBulletinno18/tabid/1165/Default.aspx"
},
{
"name" : "29686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29686"
"name": "29686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29686"
},
{
"name" : "46323",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/46323"
"name": "46323",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/46323"
},
{
"name" : "30617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30617"
"name": "30617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30617"
},
{
"name" : "dotnetnuke-errorpage-xss(43026)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43026"
"name": "dotnetnuke-errorpage-xss(43026)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43026"
}
]
}

68
2008/6xxx/CVE-2008-6761.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6761",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6761",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php."
"lang": "eng",
"value": "Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7622",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7622"
"name": "flexcustomer-install-code-execution(47652)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47652"
},
{
"name" : "flexcustomer-install-code-execution(47652)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47652"
"name": "7622",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7622"
}
]
}

74
2008/6xxx/CVE-2008-6950.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6950",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6950",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "7120",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7120"
"name": "webhostpanel-login-sql-injection(46637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46637"
},
{
"name" : "32299",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32299"
"name": "32299",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32299"
},
{
"name" : "webhostpanel-login-sql-injection(46637)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46637"
"name": "7120",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7120"
}
]
}

80
2008/6xxx/CVE-2008-6962.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6962",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6962",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer."
"lang": "eng",
"value": "Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
"refsource" : "MISC",
"url" : "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt"
"name": "avira-ioctl-privilege-escalation(46567)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567"
},
{
"name" : "32269",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32269"
"name": "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt",
"refsource": "MISC",
"url": "http://www.vupen.com/english/VUPEN-Security-Advisory-20081112.txt"
},
{
"name" : "ADV-2008-3130",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3130"
"name": "ADV-2008-3130",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3130"
},
{
"name" : "avira-ioctl-privilege-escalation(46567)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46567"
"name": "32269",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32269"
}
]
}

80
2008/7xxx/CVE-2008-7111.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7111",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7111",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109."
"lang": "eng",
"value": "The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080826 White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495772/100/0/threaded"
"name": "kyocera-utility-code-execution(53003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53003"
},
{
"name" : "http://www.informit.com/guides/content.aspx?g=security&seqNum=320",
"refsource" : "MISC",
"url" : "http://www.informit.com/guides/content.aspx?g=security&seqNum=320"
"name": "20080826 White Wolf Labs #080826-1: Kyocera Mita Scanner File Utility (Multiple)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495772/100/0/threaded"
},
{
"name" : "31631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31631"
"name": "http://www.informit.com/guides/content.aspx?g=security&seqNum=320",
"refsource": "MISC",
"url": "http://www.informit.com/guides/content.aspx?g=security&seqNum=320"
},
{
"name" : "kyocera-utility-code-execution(53003)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53003"
"name": "31631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31631"
}
]
}

68
2008/7xxx/CVE-2008-7292.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7292",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7292",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977."
"lang": "eng",
"value": "Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before 3.0.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain sensitive information by reading these files, a different vulnerability than CVE-2011-2977."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414002",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414002"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=414002",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=414002"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660502",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=660502"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=660502",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=660502"
}
]
}

68
2013/2xxx/CVE-2013-2034.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2034",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2034",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource" : "CONFIRM",
"url" : "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
"name": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb",
"refsource": "CONFIRM",
"url": "http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb"
},
{
"name" : "92981",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/92981"
"name": "92981",
"refsource": "OSVDB",
"url": "http://osvdb.org/92981"
}
]
}

74
2013/2xxx/CVE-2013-2335.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2335",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2013-2335",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733."
"lang": "eng",
"value": "Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBMU02883",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "SSRT101227",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
},
{
"name" : "SSRT101075",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "SSRT101075",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
},
{
"name" : "SSRT101227",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
"name": "HPSBMU02883",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03781657"
}
]
}

272
2013/2xxx/CVE-2013-2419.json
View File

@ -1,236 +1,236 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2419",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-2419",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2."
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to \"font processing errors\" in the International Components for Unicode (ICU) Layout Engine before 51.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
"name": "oval:org.mitre.oval:def:16527",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
"name": "SUSE-SU-2013:0835",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource" : "CONFIRM",
"url" : "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
"name": "[distro-pkg-dev] 20130417 [SECURITY] IcedTea 1.11.10 for OpenJDK 6 Released!",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html"
},
{
"name" : "http://bugs.icu-project.org/trac/ticket/10107",
"refsource" : "CONFIRM",
"url" : "http://bugs.icu-project.org/trac/ticket/10107"
"name": "SUSE-SU-2013:0871",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
},
{
"name" : "http://site.icu-project.org/download/51#TOC-Known-Issues",
"refsource" : "CONFIRM",
"url" : "http://site.icu-project.org/download/51#TOC-Known-Issues"
"name": "RHSA-2013:0758",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=952656",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=952656"
"name": "59131",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59131"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
"name": "http://site.icu-project.org/download/51#TOC-Known-Issues",
"refsource": "CONFIRM",
"url": "http://site.icu-project.org/download/51#TOC-Known-Issues"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
"name": "APPLE-SA-2013-04-16-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"name": "MDVSA-2013:145",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name" : "APPLE-SA-2013-04-16-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html"
"name": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/25/security-icedtea-1-11-11-1-12-5-for-openjdk-6-released/"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
"name": "SSRT101252",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "HPSBUX02889",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0130"
},
{
"name" : "SSRT101252",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "HPSBUX02922",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name": "SSRT101305",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "SSRT101305",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name" : "MDVSA-2013:145",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:145"
"name": "HPSBUX02922",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880"
},
{
"name" : "MDVSA-2013:161",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
"name": "oval:org.mitre.oval:def:19386",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386"
},
{
"name" : "RHSA-2013:0752",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0124"
},
{
"name" : "RHSA-2013:0757",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
"name": "openSUSE-SU-2013:0777",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
},
{
"name" : "RHSA-2013:0758",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0758.html"
"name": "MDVSA-2013:161",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:161"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name": "openSUSE-SU-2013:0964",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
"name": "RHSA-2013:0752",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0752.html"
},
{
"name" : "SUSE-SU-2013:0814",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
"name": "http://bugs.icu-project.org/trac/ticket/10107",
"refsource": "CONFIRM",
"url": "http://bugs.icu-project.org/trac/ticket/10107"
},
{
"name" : "openSUSE-SU-2013:0777",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "SUSE-SU-2013:0835",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html"
"name": "USN-1806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1806-1"
},
{
"name" : "SUSE-SU-2013:0871",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html"
"name": "oval:org.mitre.oval:def:19526",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526"
},
{
"name" : "SUSE-SU-2013:0934",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "openSUSE-SU-2013:0964",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html"
"name": "SUSE-SU-2013:0814",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html"
},
{
"name" : "USN-1806-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1806-1"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=952656",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=952656"
},
{
"name" : "TA13-107A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A"
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
},
{
"name" : "59131",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59131"
"name": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/",
"refsource": "CONFIRM",
"url": "http://blog.fuseyism.com/index.php/2013/04/22/security-icedtea-2-3-9-for-openjdk-7-released/"
},
{
"name" : "oval:org.mitre.oval:def:16527",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527"
"name": "SUSE-SU-2013:0934",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html"
},
{
"name" : "oval:org.mitre.oval:def:19386",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386"
"name": "HPSBUX02889",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=137283787217316&w=2"
},
{
"name" : "oval:org.mitre.oval:def:19526",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}

86
2013/6xxx/CVE-2013-6913.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2013-6913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource" : "MISC",
"url" : "http://cs.cybozu.co.jp/information/20131202up01.php"
"name": "http://cs.cybozu.co.jp/information/20131202up01.php",
"refsource": "MISC",
"url": "http://cs.cybozu.co.jp/information/20131202up01.php"
},
{
"name" : "https://support.cybozu.com/ja-jp/article/6928",
"refsource" : "CONFIRM",
"url" : "https://support.cybozu.com/ja-jp/article/6928"
"name": "100559",
"refsource": "OSVDB",
"url": "http://osvdb.org/100559"
},
{
"name" : "JVN#23981867",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN23981867/index.html"
"name": "https://support.cybozu.com/ja-jp/article/6928",
"refsource": "CONFIRM",
"url": "https://support.cybozu.com/ja-jp/article/6928"
},
{
"name" : "JVNDB-2013-000113",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
"name": "JVNDB-2013-000113",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000113"
},
{
"name" : "100559",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100559"
"name": "JVN#23981867",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23981867/index.html"
}
]
}

22
2013/6xxx/CVE-2013-6988.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6988",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6988",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

88
2017/10xxx/CVE-2017-10163.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10163",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10163",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Business Intelligence Enterprise Edition",
"version" : {
"version_data" : [
"product_name": "Business Intelligence Enterprise Edition",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "11.1.1.7.0"
"version_affected": "=",
"version_value": "11.1.1.7.0"
},
{
"version_affected" : "=",
"version_value" : "11.1.1.9.0"
"version_affected": "=",
"version_value": "11.1.1.9.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.1.0"
"version_affected": "=",
"version_value": "12.2.1.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.2.0"
"version_affected": "=",
"version_value": "12.2.1.2.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. Note: Please refer to Doc ID <a href=\"http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2310021.1\">My Oracle Support Note 2310021.1 for instructions on how to address this issue. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Web General). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. Note: Please refer to Doc ID <a href=\"http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2310021.1\">My Oracle Support Note 2310021.1 for instructions on how to address this issue. CVSS 3.0 Base Score 6.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "1039602",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039602"
},
{
"name" : "101357",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101357"
"name": "101357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101357"
},
{
"name" : "1039602",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039602"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
}
]
}

80
2017/10xxx/CVE-2017-10251.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10251",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10251",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "8.54"
"version_affected": "=",
"version_value": "8.54"
},
{
"version_affected" : "=",
"version_value" : "8.55"
"version_affected": "=",
"version_value": "8.55"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "99822",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99822"
},
{
"name" : "99822",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99822"
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name" : "1038932",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038932"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

76
2017/11xxx/CVE-2017-11852.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2017-11-14T00:00:00",
"ID" : "CVE-2017-11852",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-11-14T00:00:00",
"ID": "CVE-2017-11852",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "GDI",
"version" : {
"version_data" : [
"product_name": "GDI",
"version": {
"version_data": [
{
"version_value" : "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1."
"version_value": "Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1."
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka \"Windows GDI Information Disclosure Vulnerability\"."
"lang": "eng",
"value": "Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an attacker to log on to an affected system and run a specially crafted application to compromise the user's system, due improperly disclosing kernel memory addresses, aka \"Windows GDI Information Disclosure Vulnerability\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Information Disclosure"
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11852"
},
{
"name" : "101739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/101739"
"name": "101739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101739"
},
{
"name" : "1039782",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1039782"
"name": "1039782",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039782"
}
]
}

74
2017/14xxx/CVE-2017-14141.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14141",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14141",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
"lang": "eng",
"value": "The wiki_decode Developer System Helper function in the admin panel in Kaltura before 13.2.0 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt",
"refsource" : "MISC",
"url" : "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt"
"name": "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682",
"refsource": "CONFIRM",
"url": "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682"
},
{
"name" : "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682",
"refsource" : "CONFIRM",
"url" : "https://github.com/kaltura/server/commit/6a6d14328b7a1493e8c47f9565461e5f88be20c9#diff-0770640cc76112cbf77bebc604852682"
"name": "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20170912_kaltura-advisory.txt"
},
{
"name" : "100976",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100976"
"name": "100976",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100976"
}
]
}

68
2017/14xxx/CVE-2017-14231.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14231",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14231",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php."
"lang": "eng",
"value": "GeniXCMS before 1.1.0 allows remote attackers to cause a denial of service (account blockage) by leveraging the mishandling of certain username substring relationships, such as the admin<script> username versus the admin username, related to register.php, User.class.php, and Type.class.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/semplon/GeniXCMS/issues/78",
"refsource" : "CONFIRM",
"url" : "https://github.com/semplon/GeniXCMS/issues/78"
"name": "https://github.com/semplon/GeniXCMS/releases/tag/v1.1.0",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/releases/tag/v1.1.0"
},
{
"name" : "https://github.com/semplon/GeniXCMS/releases/tag/v1.1.0",
"refsource" : "CONFIRM",
"url" : "https://github.com/semplon/GeniXCMS/releases/tag/v1.1.0"
"name": "https://github.com/semplon/GeniXCMS/issues/78",
"refsource": "CONFIRM",
"url": "https://github.com/semplon/GeniXCMS/issues/78"
}
]
}

62
2017/14xxx/CVE-2017-14290.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14290",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14290",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to \"Heap Corruption starting at wow64!Wow64NotifyDebugger+0x000000000000001d.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14290",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14290"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14290",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14290"
}
]
}

62
2017/14xxx/CVE-2017-14545.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14545",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14545",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332.\""
"lang": "eng",
"value": "STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .epub file, related to \"Data from Faulting Address controls Branch Selection starting at STDUEPubFile!DllUnregisterServer+0x0000000000010332.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14545",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14545"
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14545",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-14545"
}
]
}

62
2017/15xxx/CVE-2017-15084.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15084",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15084",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
"lang": "eng",
"value": "The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/",
"refsource" : "CONFIRM",
"url" : "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
"name": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/",
"refsource": "CONFIRM",
"url": "https://blog.rapid7.com/2017/10/06/vulnerabilities-affecting-four-rapid7-products-fixed/"
}
]
}

82
2017/15xxx/CVE-2017-15104.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-12-18T00:00:00",
"ID" : "CVE-2017-15104",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-12-18T00:00:00",
"ID": "CVE-2017-15104",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Heketi",
"version" : {
"version_data" : [
"product_name": "Heketi",
"version": {
"version_data": [
{
"version_value" : "5.0"
"version_value": "5.0"
}
]
}
}
]
},
"vendor_name" : "Heketi"
"vendor_name": "Heketi"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
"lang": "eng",
"value": "An access flaw was found in Heketi 5, where the heketi.json configuration file was world readable. An attacker having local access to the Heketi server could read plain-text passwords from the heketi.json file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-552"
"lang": "eng",
"value": "CWE-552"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://access.redhat.com/security/cve/CVE-2017-15104",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/security/cve/CVE-2017-15104"
"name": "RHSA-2017:3481",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3481"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1510149"
},
{
"name" : "https://github.com/heketi/heketi/releases/tag/v5.0.1",
"refsource" : "CONFIRM",
"url" : "https://github.com/heketi/heketi/releases/tag/v5.0.1"
"name": "https://access.redhat.com/security/cve/CVE-2017-15104",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/security/cve/CVE-2017-15104"
},
{
"name" : "RHSA-2017:3481",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:3481"
"name": "https://github.com/heketi/heketi/releases/tag/v5.0.1",
"refsource": "CONFIRM",
"url": "https://github.com/heketi/heketi/releases/tag/v5.0.1"
}
]
}

74
2017/15xxx/CVE-2017-15297.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15297",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15297",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993."
"lang": "eng",
"value": "SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/",
"refsource" : "MISC",
"url" : "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/"
"name": "99528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99528"
},
{
"name" : "https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/",
"refsource" : "MISC",
"url" : "https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/"
"name": "https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-034-sap-hostcontrol-unprotected-web-method-dos/"
},
{
"name" : "99528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99528"
"name": "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/",
"refsource": "MISC",
"url": "https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017/"
}
]
}

22
2017/15xxx/CVE-2017-15507.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15507",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-15507",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
}
]
}

74
2017/15xxx/CVE-2017-15573.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-15573",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15573",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
"lang": "eng",
"value": "In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.redmine.org/issues/25503",
"refsource" : "CONFIRM",
"url" : "https://www.redmine.org/issues/25503"
"name": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
},
{
"name" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://www.redmine.org/projects/redmine/wiki/Security_Advisories"
"name": "DSA-4191",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4191"
},
{
"name" : "DSA-4191",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4191"
"name": "https://www.redmine.org/issues/25503",
"refsource": "CONFIRM",
"url": "https://www.redmine.org/issues/25503"
}
]
}

62
2017/9xxx/CVE-2017-9632.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2017-9632",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9632",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch",
"version" : {
"version_data" : [
"product_name": "PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch",
"version": {
"version_data": [
{
"version_value" : "PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch"
"version_value": "PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely."
"lang": "eng",
"value": "A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all versions, ProTouch ICON, all versions, and ProTouch AutoGloss, all versions. The username and password are transmitted insecurely."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-311"
"lang": "eng",
"value": "CWE-311"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-03"
}
]
}

80
2017/9xxx/CVE-2017-9740.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9740",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9740",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document."
"lang": "eng",
"value": "The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626",
"refsource" : "CONFIRM",
"url" : "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626"
"name": "GLSA-201811-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-12"
},
{
"name" : "https://bugs.ghostscript.com/show_bug.cgi?id=698064",
"refsource" : "CONFIRM",
"url" : "https://bugs.ghostscript.com/show_bug.cgi?id=698064"
"name": "99983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99983"
},
{
"name" : "GLSA-201811-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-12"
"name": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626",
"refsource": "CONFIRM",
"url": "http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626"
},
{
"name" : "99983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99983"
"name": "https://bugs.ghostscript.com/show_bug.cgi?id=698064",
"refsource": "CONFIRM",
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=698064"
}
]
}

62
2017/9xxx/CVE-2017-9953.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9953",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9953",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack."
"lang": "eng",
"value": "There is an invalid free in Image::printIFDStructure that leads to a Segmentation fault in Exiv2 0.26. A crafted input will lead to a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1465061",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1465061"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1465061"
}
]
}

68
2018/0xxx/CVE-2018-0291.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0291",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0291",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco NX-OS unknown",
"version" : {
"version_data" : [
"product_name": "Cisco NX-OS unknown",
"version": {
"version_data": [
{
"version_value" : "Cisco NX-OS unknown"
"version_value": "Cisco NX-OS unknown"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuw99630, CSCvg71290, CSCvj67977."
"lang": "eng",
"value": "A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco NX-OS Software could allow an authenticated, remote attacker to cause the SNMP application on an affected device to restart unexpectedly. The vulnerability is due to improper validation of SNMP protocol data units (PDUs) in SNMP packets. An attacker could exploit this vulnerability by sending a crafted SNMP packet to an affected device. A successful exploit could allow the attacker to cause the SNMP application to restart multiple times, leading to a system-level restart and a denial of service (DoS) condition. This vulnerability affects Nexus 2000 Series Switches, Nexus 3000 Series Switches, Nexus 3500 Platform Switches, Nexus 3600 Platform Switches, Nexus 5500 Platform Switches, Nexus 5600 Platform Switches, Nexus 6000 Series Switches, Nexus 7000 Series Switches, Nexus 7700 Series Switches, Nexus 9000 Series Switches in standalone NX-OS mode, Nexus 9500 R-Series Line Cards and Fabric Modules, UCS 6100 Series Fabric Interconnects, UCS 6200 Series Fabric Interconnects, UCS 6300 Series Fabric Interconnects. Cisco Bug IDs: CSCuw99630, CSCvg71290, CSCvj67977."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-20"
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180620-nxossnmp"
},
{
"name" : "1041169",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041169"
"name": "1041169",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041169"
}
]
}

76
2018/0xxx/CVE-2018-0808.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-03-14T00:00:00",
"ID" : "CVE-2018-0808",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-03-14T00:00:00",
"ID": "CVE-2018-0808",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "ASP.NET Core",
"version" : {
"version_data" : [
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value" : "ASP.NET Core 1.0. 1.1, and 2.0"
"version_value": "ASP.NET Core 1.0. 1.1, and 2.0"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784."
"lang": "eng",
"value": "ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka \"ASP.NET Core Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0784."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808"
"name": "103226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103226"
},
{
"name" : "103226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103226"
"name": "1040504",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040504"
},
{
"name" : "1040504",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040504"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0808"
}
]
}

84
2018/0xxx/CVE-2018-0945.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-0945",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0945",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
"version_value": "Windows 10 Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value" : "ChakraCore"
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139."
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0945",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0945"
"name": "103987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103987"
},
{
"name" : "103987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103987"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0945",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0945"
},
{
"name" : "1040844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040844"
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}

66
2018/1000xxx/CVE-2018-1000035.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED" : "2018-02-01 0:00:00",
"ID" : "CVE-2018-1000035",
"REQUESTER" : "research@sec-consult.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-02-01 0:00:00",
"ID": "CVE-2018-1000035",
"REQUESTER": "research@sec-consult.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "UnZip",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "<= 6.00"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "InfoZip"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
"lang": "eng",
"value": "A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Heap-based Buffer Overflow"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
"refsource" : "MISC",
"url" : "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
"name": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html"
}
]
}

23
2018/1000xxx/CVE-2018-1000555.json
View File

@ -1,18 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-21",
"ID" : "CVE-2018-1000555",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-1000555",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10188. Reason: This candidate is a reservation duplicate of CVE-2018-10188. Notes: All CVE users should reference CVE-2018-10188 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-10188. Reason: This candidate is a reservation duplicate of CVE-2018-10188. Notes: All CVE users should reference CVE-2018-10188 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}

68
2018/1000xxx/CVE-2018-1000841.json
View File

@ -1,64 +1,64 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.478148",
"DATE_REQUESTED" : "2018-10-26T09:44:20",
"ID" : "CVE-2018-1000841",
"REQUESTER" : "lo@microlab.red",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-11-27T13:54:33.478148",
"DATE_REQUESTED": "2018-10-26T09:44:20",
"ID": "CVE-2018-1000841",
"REQUESTER": "lo@microlab.red",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Zend.To",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : " Prior to 5.15-1"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Zend.To"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
"lang": "eng",
"value": "Zend.To version Prior to 5.15-1 contains a Cross Site Scripting (XSS) vulnerability in The verify.php page that can result in An attacker could execute arbitrary Javascript code in the context of the victim's browser.. This attack appear to be exploitable via HTTP POST request. This vulnerability appears to have been fixed in 5.16-1 Beta."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross Site Scripting (XSS)"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://zend.to/changelog.php",
"refsource" : "MISC",
"url" : "https://zend.to/changelog.php"
"name": "https://zend.to/changelog.php",
"refsource": "MISC",
"url": "https://zend.to/changelog.php"
}
]
}

92
2018/12xxx/CVE-2018-12480.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-11-12T01:00:00.000Z",
"ID" : "CVE-2018-12480",
"STATE" : "PUBLIC",
"TITLE" : "NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3"
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-11-12T01:00:00.000Z",
"ID": "CVE-2018-12480",
"STATE": "PUBLIC",
"TITLE": "NetIQ Access Manager XSS vulnerability in versions prior to 4.4 SP3"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "NetIQ Access Manager (NAM)",
"version" : {
"version_data" : [
"product_name": "NetIQ Access Manager (NAM)",
"version": {
"version_data": [
{
"affected" : "<",
"version_name" : "NetIQ Access Manager",
"version_value" : "4.4 SP3"
"affected": "<",
"version_name": "NetIQ Access Manager",
"version_value": "4.4 SP3"
}
]
}
}
]
},
"vendor_name" : "NetIQ eDirectory"
"vendor_name": "NetIQ eDirectory"
}
]
}
},
"credit" : [
"credit": [
{
"lang" : "eng",
"value" : "\n\n"
"lang": "eng",
"value": "\n\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3."
"lang": "eng",
"value": "Mitigates an XSS issue in NetIQ Access Manager versions prior to 4.4 SP3."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "XSS"
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.microfocus.com/kb/doc.php?id=7023513",
"refsource" : "CONFIRM",
"url" : "https://support.microfocus.com/kb/doc.php?id=7023513"
"name": "https://support.microfocus.com/kb/doc.php?id=7023513",
"refsource": "CONFIRM",
"url": "https://support.microfocus.com/kb/doc.php?id=7023513"
},
{
"name" : "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6",
"refsource" : "CONFIRM",
"url" : "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6"
"name": "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6",
"refsource": "CONFIRM",
"url": "https://www.netiq.com/documentation/access-manager-44/accessmanager443-release-notes/data/accessmanager443-release-notes.html#b149i4n6"
}
]
},
"solution" : [
"solution": [
{
"lang" : "eng",
"value" : "Upgrade to NetIQ Access Manager versions prior to 4.4 SP3."
"lang": "eng",
"value": "Upgrade to NetIQ Access Manager versions prior to 4.4 SP3."
}
],
"source" : {
"discovery" : "INTERNAL"
"source": {
"discovery": "INTERNAL"
}
}

22
2018/12xxx/CVE-2018-12890.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12890",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12890",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

88
2018/16xxx/CVE-2018-16081.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-16081",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-16081",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected" : "<",
"version_value" : "69.0.3497.81"
"version_affected": "<",
"version_value": "69.0.3497.81"
}
]
}
}
]
},
"vendor_name" : "Google"
"vendor_name": "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension."
"lang": "eng",
"value": "Allowing the chrome.debugger API to run on file:// URLs in DevTools in Google Chrome prior to 69.0.3497.81 allowed an attacker who convinced a user to install a malicious extension to access files on the local file system without file access permission via a crafted Chrome Extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://crbug.com/666299",
"refsource" : "MISC",
"url" : "https://crbug.com/666299"
"name": "https://crbug.com/666299",
"refsource": "MISC",
"url": "https://crbug.com/666299"
},
{
"name" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html"
"name": "105215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105215"
},
{
"name" : "GLSA-201811-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-10"
"name": "RHSA-2018:2666",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2666"
},
{
"name" : "RHSA-2018:2666",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2666"
"name": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/09/stable-channel-update-for-desktop.html"
},
{
"name" : "105215",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105215"
"name": "GLSA-201811-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-10"
}
]
}

62
2018/16xxx/CVE-2018-16518.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16518",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16518",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
"lang": "eng",
"value": "A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf",
"refsource" : "MISC",
"url" : "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
"name": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf",
"refsource": "MISC",
"url": "https://github.com/ponypot/cve/blob/master/zed_watermarkExtension.pdf"
}
]
}

22
2018/16xxx/CVE-2018-16960.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16960",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16960",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4654.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4654",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4654",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2018/4xxx/CVE-2018-4809.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4809",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4809",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2018/4xxx/CVE-2018-4902.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4902",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4902",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : {
"version_data" : [
"product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version": {
"version_data": [
{
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
"version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution."
"lang": "eng",
"value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the rendering engine. The vulnerability is triggered by a crafted PDF file containing a video annotation (and corresponding media files) that is activated by the embedded JavaScript. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Use After Free"
"lang": "eng",
"value": "Use After Free"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
"name": "102995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102995"
},
{
"name" : "102995",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102995"
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name" : "1040364",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040364"
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}

73
2019/7xxx/CVE-2019-7384.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7384",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,53 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An authenticated shell command injection issue has been discovered in Raisecom ISCOM HT803G-U, HT803G-W, HT803G-1GE, and HT803G GPON products with the firmware version ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 or below. The value of the fmgpon_loid parameter is used in a system call inside the boa binary. Because there is no user input validation, this leads to authenticated code execution on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "http://packetstormsecurity.com/files/151649/Raisecom-Technology-GPON-ONU-HT803G-07-Command-Injection.html",
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/151649/Raisecom-Technology-GPON-ONU-HT803G-07-Command-Injection.html"
},
{
"refsource": "FULLDISC",
"name": "20190212 KSA-Dev-005:CVE-2019-7384: Authenticated Remote Code Execution in Raisecom GPON Devices",
"url": "http://seclists.org/fulldisclosure/2019/Feb/33"
},
{
"refsource": "BID",
"name": "107033",
"url": "http://www.securityfocus.com/bid/107033"
},
{
"url": "http://www.breakthesec.com/search/label/0day",
"refsource": "MISC",
"name": "http://www.breakthesec.com/search/label/0day"
},
{
"url": "https://s3curityb3ast.github.io",
"refsource": "MISC",
"name": "https://s3curityb3ast.github.io"
},
{
"url": "http://www.breakthesec.com",
"refsource": "MISC",
"name": "http://www.breakthesec.com"
}
]
}