admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:33:47 +00:00
parent 0eca4d5196
commit 474a4e1ce2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 3860 additions and 3860 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2004/1xxx/CVE-2004-1427.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1427", "ID": "CVE-2004-1427",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041230 KorWeblog php injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110442847614890&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded."
{ }
"name" : "12132", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12132" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13700", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13700" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "korweblog-install-file-include(18717)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18717" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20041230 KorWeblog php injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110442847614890&w=2"
},
{
"name": "12132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12132"
},
{
"name": "korweblog-install-file-include(18717)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18717"
},
{
"name": "13700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13700"
}
]
}
}

200
2004/1xxx/CVE-2004-1442.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1442", "ID": "CVE-2004-1442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as \"DTWP001E.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040126 Secunia Research: IBM Net.Data Macro Name Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "VULNWATCH", {
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0019.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as \"DTWP001E.\""
{ }
"name" : "http://secunia.com/secunia_research/2004-1/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2004-1/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "VU#197318", "description": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/197318" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL" ]
}, },
{ "references": {
"name" : "9488", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/9488" "name": "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL",
}, "refsource": "CONFIRM",
{ "url": "http://www.kb.cert.org/vuls/id/DMOA-5VNPEL"
"name" : "3712", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/3712" "name": "1008845",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1008845"
"name" : "1008845", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1008845" "name": "VU#197318",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/197318"
"name" : "10709", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/10709/" "name": "10709",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/10709/"
"name" : "ibm-netdata-db2wwwcomponent-xss(14925)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/14925" "name": "9488",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/9488"
} },
} {
"name": "ibm-netdata-db2wwwcomponent-xss(14925)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14925"
},
{
"name": "http://secunia.com/secunia_research/2004-1/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2004-1/advisory/"
},
{
"name": "20040126 Secunia Research: IBM Net.Data Macro Name Cross-Site Scripting Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0019.html"
},
{
"name": "3712",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3712"
}
]
}
}

150
2008/0xxx/CVE-2008-0135.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0135", "ID": "CVE-2008-0135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/485894/100/200/threaded" "lang": "eng",
}, "value": "Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb."
{ }
"name" : "20080107 [HSC] Snitz Forums Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/485836/100/200/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://hackerscenter.com/archive/view.asp?id=28145", "description": [
"refsource" : "MISC", {
"url" : "http://hackerscenter.com/archive/view.asp?id=28145" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt", ]
"refsource" : "MISC", }
"url" : "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://hackerscenter.com/archive/view.asp?id=28145",
"refsource": "MISC",
"url": "http://hackerscenter.com/archive/view.asp?id=28145"
},
{
"name": "20080107 [HSC] Snitz Forums Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485836/100/200/threaded"
},
{
"name": "20080107 RE: [HSC] Snitz Forums Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485894/100/200/threaded"
},
{
"name": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt"
}
]
}
}

190
2008/0xxx/CVE-2008-0356.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0356", "ID": "CVE-2008-0356",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486585/100/0/threaded" "lang": "eng",
}, "value": "Buffer overflow in the Independent Management Architecture (IMA) service in Citrix Presentation Server (MetaFrame Presentation Server) 4.5 and earlier, Access Essentials 2.0 and earlier, and Desktop Server 1.0 allows remote attackers to execute arbitrary code via an invalid size value in a packet to TCP port 2512 or 2513."
{ }
"name" : "http://support.citrix.com/article/CTX114487", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/article/CTX114487" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://zerodayinitiative.com/advisories/ZDI-08-002.html", "description": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-08-002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#412228", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/412228" ]
}, },
{ "references": {
"name" : "27329", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27329" "name": "20080117 ZDI-08-002: Citrix Presentation Server IMA Service Heap Overflow Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/486585/100/0/threaded"
"name" : "ADV-2008-0172", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0172" "name": "28508",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28508"
"name" : "1019231", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019231" "name": "ADV-2008-0172",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0172"
"name" : "28508", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28508" "name": "VU#412228",
} "refsource": "CERT-VN",
] "url": "http://www.kb.cert.org/vuls/id/412228"
} },
} {
"name": "1019231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019231"
},
{
"name": "27329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27329"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-08-002.html",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-08-002.html"
},
{
"name": "http://support.citrix.com/article/CTX114487",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX114487"
}
]
}
}

150
2008/0xxx/CVE-2008-0378.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0378", "ID": "CVE-2008-0378",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when \"Resolve all names remotely\" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080118 SocksCap Stack Overflow (<= 2.40-051231)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/486632/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when \"Resolve all names remotely\" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname."
{ }
"name" : "27357", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27357" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "3560", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3560" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sockscap-hostname-bo(39781)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39781" ]
} },
] "references": {
} "reference_data": [
} {
"name": "3560",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3560"
},
{
"name": "20080118 SocksCap Stack Overflow (<= 2.40-051231)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486632/100/0/threaded"
},
{
"name": "sockscap-hostname-bo(39781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39781"
},
{
"name": "27357",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27357"
}
]
}
}

150
2008/3xxx/CVE-2008-3091.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3091", "ID": "CVE-2008-3091",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/277877", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/277877" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "30067", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30067" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30933", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30933" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "taxonomy-autotagger-unspecified-xss(43570)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43570" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30067"
},
{
"name": "taxonomy-autotagger-unspecified-xss(43570)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43570"
},
{
"name": "30933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30933"
},
{
"name": "http://drupal.org/node/277877",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/277877"
}
]
}
}

180
2008/3xxx/CVE-2008-3159.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3159", "ID": "CVE-2008-3159",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to \"flawed arithmetic.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-041/", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-041/" "lang": "eng",
}, "value": "Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to \"flawed arithmetic.\""
{ }
"name" : "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858", ]
"refsource" : "CONFIRM", },
"url" : "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30085", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30085" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1999", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1999" ]
}, },
{ "references": {
"name" : "1020431", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020431" "name": "1020431",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020431"
"name" : "30938", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30938" "name": "30085",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30085"
"name" : "novell-edirectory-dsdlm-bo(43589)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43589" "name": "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858",
} "refsource": "CONFIRM",
] "url": "http://www.novell.com/support/search.do?cmd=displayKC&sliceId=SAL_Public&externalId=3694858"
} },
} {
"name": "novell-edirectory-dsdlm-bo(43589)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43589"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-08-041/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-08-041/"
},
{
"name": "ADV-2008-1999",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1999"
},
{
"name": "30938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30938"
}
]
}
}

160
2008/3xxx/CVE-2008-3184.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3184", "ID": "CVE-2008-3184",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080708 XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/494049/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO (PHP_SELF) or (2) the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE: this issue can be leveraged to execute arbitrary PHP code."
{ }
"name" : "http://www.vbulletin.com/forum/showthread.php?t=277945", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vbulletin.com/forum/showthread.php?t=277945" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30134", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30134" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30991", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/30991" ]
}, },
{ "references": {
"name" : "4000", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4000" "name": "20080708 XSS in admin logs - vBulletin 3.7.2 and lower, vBulletin 3.6.10 PL2 and lower",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/494049/100/0/threaded"
} },
} {
"name": "30991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30991"
},
{
"name": "http://www.vbulletin.com/forum/showthread.php?t=277945",
"refsource": "CONFIRM",
"url": "http://www.vbulletin.com/forum/showthread.php?t=277945"
},
{
"name": "4000",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4000"
},
{
"name": "30134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30134"
}
]
}
}

200
2008/3xxx/CVE-2008-3450.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3450", "ID": "CVE-2008-3450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm" "lang": "eng",
}, "value": "Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors."
{ }
"name" : "237986", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237986-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "30513", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30513" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5609", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5609" ]
}, },
{ "references": {
"name" : "ADV-2008-2290", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2290" "name": "31356",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31356"
"name" : "1020616", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020616" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-355.htm"
"name" : "31356", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31356" "name": "oval:org.mitre.oval:def:5609",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5609"
"name" : "31536", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31536" "name": "237986",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-237986-1"
"name" : "solaris-namefs-code-execution(44158)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44158" "name": "30513",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30513"
} },
} {
"name": "31536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31536"
},
{
"name": "ADV-2008-2290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2290"
},
{
"name": "solaris-namefs-code-execution(44158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44158"
},
{
"name": "1020616",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020616"
}
]
}
}

160
2008/3xxx/CVE-2008-3832.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3832", "ID": "CVE-2008-3832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/02/1" "lang": "eng",
}, "value": "A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function."
{ }
"name" : "http://kerneloops.org/oops.php?number=56705", ]
"refsource" : "MISC", },
"url" : "http://kerneloops.org/oops.php?number=56705" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=464883", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=464883" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31536", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31536" ]
}, },
{ "references": {
"name" : "fedora-utracecontrol-dos(45644)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644" "name": "31536",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/31536"
} },
} {
"name": "[oss-security] 20081002 CVE-2008-3832 kernel: null pointer dereference in utrace_control",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/02/1"
},
{
"name": "fedora-utracecontrol-dos(45644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45644"
},
{
"name": "http://kerneloops.org/oops.php?number=56705",
"refsource": "MISC",
"url": "http://kerneloops.org/oops.php?number=56705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=464883",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=464883"
}
]
}
}

140
2008/4xxx/CVE-2008-4172.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4172", "ID": "CVE-2008-4172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter."
{ }
"name" : "31214", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31214" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "carsvehicle-page-sql-injection(45210)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45210" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "carsvehicle-page-sql-injection(45210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45210"
},
{
"name": "31214",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31214"
},
{
"name": "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0809-exploits/carsvehicle-sql.txt"
}
]
}
}

260
2008/4xxx/CVE-2008-4247.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4247", "ID": "CVE-2008-4247",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080926 multiple vendor ftpd - Cross-site request forgery", "description_data": [
"refsource" : "SREASONRES", {
"url" : "http://securityreason.com/achievement_securityalert/56" "lang": "eng",
}, "value": "ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser."
{ }
"name" : "http://bugs.proftpd.org/show_bug.cgi?id=3115", ]
"refsource" : "MISC", },
"url" : "http://bugs.proftpd.org/show_bug.cgi?id=3115" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h", ]
"refsource" : "CONFIRM", }
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h" ]
}, },
{ "references": {
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c" "name": "1021112",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021112"
"name" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h", },
"refsource" : "CONFIRM", {
"url" : "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h" "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h",
}, "refsource": "CONFIRM",
{ "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y.diff?r1=1.51&r2=1.52&f=h"
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" "name": "1020946",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020946"
"name" : "FreeBSD-SA-08:12", },
"refsource" : "FREEBSD", {
"url" : "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc" "name": "20080926 multiple vendor ftpd - Cross-site request forgery",
}, "refsource": "SREASONRES",
{ "url": "http://securityreason.com/achievement_securityalert/56"
"name" : "NetBSD-SA2008-014", },
"refsource" : "NETBSD", {
"url" : "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc" "name": "33341",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33341"
"name" : "1020946", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020946" "name": "http://bugs.proftpd.org/show_bug.cgi?id=3115",
}, "refsource": "MISC",
{ "url": "http://bugs.proftpd.org/show_bug.cgi?id=3115"
"name" : "1021112", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021112" "name": "NetBSD-SA2008-014",
}, "refsource": "NETBSD",
{ "url": "ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-014.txt.asc"
"name" : "32068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32068" "name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y",
}, "refsource": "CONFIRM",
{ "url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpcmd.y"
"name" : "32070", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32070" "name": "32068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32068"
"name" : "33341", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33341" "name": "FreeBSD-SA-08:12",
}, "refsource": "FREEBSD",
{ "url": "http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc"
"name" : "4313", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4313" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
} },
} {
"name": "32070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32070"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c.diff?r1=1.183&r2=1.184&f=h"
},
{
"name": "4313",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4313"
},
{
"name": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c",
"refsource": "CONFIRM",
"url": "http://www.openbsd.org/cgi-bin/cvsweb/src/libexec/ftpd/ftpd.c"
}
]
}
}

180
2008/4xxx/CVE-2008-4419.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4419", "ID": "CVE-2008-4419",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/500657/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in the HP JetDirect web administration interface in the HP-ChaiSOE 1.0 embedded web server on the LaserJet 9040mfp, LaserJet 9050mfp, and Color LaserJet 9500mfp before firmware 08.110.9; LaserJet 4345mfp and 9200C Digital Sender before firmware 09.120.9; Color LaserJet 4730mfp before firmware 46.200.9; LaserJet 2410, LaserJet 2420, and LaserJet 2430 before firmware 20080819 SPCL112A; LaserJet 4250 and LaserJet 4350 before firmware 20080819 SPCL015A; and LaserJet 9040 and LaserJet 9050 before firmware 20080819 SPCL110A allows remote attackers to read arbitrary files via directory traversal sequences in the URI."
{ }
"name" : "HPSBPI02398", ]
"refsource" : "HP", },
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT080166", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "33611", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/33611" ]
}, },
{ "references": {
"name" : "1021687", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021687" "name": "33779",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33779"
"name" : "33779", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33779" "name": "33611",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33611"
"name" : "ADV-2009-0341", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0341" "name": "20090204 DDIVRT-2008-19 HP JetDirect Web Administration Directory Traversal",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/500657/100/0/threaded"
} },
} {
"name": "1021687",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021687"
},
{
"name": "ADV-2009-0341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0341"
},
{
"name": "SSRT080166",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
},
{
"name": "HPSBPI02398",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01623905"
}
]
}
}

150
2008/4xxx/CVE-2008-4584.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4584", "ID": "CVE-2008-4584",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5005", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5005" "lang": "eng",
}, "value": "Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method."
{ }
"name" : "27493", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27493" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4424", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4424" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "chilkatmail-chilkatcert-file-overwrite(40041)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40041" ]
} },
] "references": {
} "reference_data": [
} {
"name": "4424",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4424"
},
{
"name": "27493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27493"
},
{
"name": "5005",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5005"
},
{
"name": "chilkatmail-chilkatcert-file-overwrite(40041)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40041"
}
]
}
}

130
2008/7xxx/CVE-2008-7221.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-7221", "ID": "CVE-2008-7221",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080216 RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488287/100/200/threaded" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows remote attackers to hijack the authentication of administrators for requests that (1) add new administrators or (2) modify user profiles via a crafted request to system/admin.php."
{ }
"name" : "runcms-admin-csrf(40628)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40628" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080216 RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488287/100/200/threaded"
},
{
"name": "runcms-admin-csrf(40628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40628"
}
]
}
}

320
2013/2xxx/CVE-2013-2442.json
View File

@ -1,162 +1,162 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2442", "ID": "CVE-2013-2442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2466 and CVE-2013-2468."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21642336" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21644197" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "HPSBUX02907", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=137545505800971&w=2" ]
}, },
{ "references": {
"name" : "HPSBUX02908", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=137545592101387&w=2" "name": "RHSA-2013:1060",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1060.html"
"name" : "RHSA-2013:0963", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0963.html" "name": "oval:org.mitre.oval:def:16803",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16803"
"name" : "RHSA-2013:1060", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1060.html" "name": "HPSBUX02908",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545592101387&w=2"
"name" : "RHSA-2013:1455", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html" "name": "RHSA-2014:0414",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2014:0414"
"name" : "RHSA-2013:1456", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html" "name": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html"
"name" : "RHSA-2013:1059", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1059.html" "name": "60643",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/60643"
"name" : "RHSA-2014:0414", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2014:0414" "name": "SUSE-SU-2013:1257",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html"
"name" : "SUSE-SU-2013:1305", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html" "name": "HPSBUX02907",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=137545505800971&w=2"
"name" : "SUSE-SU-2013:1255", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html" "name": "SUSE-SU-2013:1256",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html"
"name" : "SUSE-SU-2013:1256", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00027.html" "name": "54154",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/54154"
"name" : "SUSE-SU-2013:1257", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00028.html" "name": "RHSA-2013:1455",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
"name" : "TA13-169A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-169A" "name": "RHSA-2013:1059",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1059.html"
"name" : "60643", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60643" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21644197"
"name" : "oval:org.mitre.oval:def:16803", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16803" "name": "oval:org.mitre.oval:def:19460",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19460"
"name" : "oval:org.mitre.oval:def:19460", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19460" "name": "oval:org.mitre.oval:def:19569",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19569"
"name" : "oval:org.mitre.oval:def:19569", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19569" "name": "TA13-169A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA13-169A"
"name" : "54154", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/54154" "name": "RHSA-2013:0963",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-0963.html"
} },
} {
"name": "SUSE-SU-2013:1255",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00026.html"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21642336"
},
{
"name": "SUSE-SU-2013:1305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00003.html"
}
]
}
}

180
2013/2xxx/CVE-2013-2690.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2690", "ID": "CVE-2013-2690",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130325 SynConnect PMS SQL Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-03/0134.html" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Synchroweb Technology SynConnect 2.0 allows remote attackers to execute arbitrary SQL commands via the loginid parameter in a logoff action."
{ }
"name" : "24898", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/24898" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://osvdb.org/ref/91/synconnect.txt", "description": [
"refsource" : "MISC", {
"url" : "http://osvdb.org/ref/91/synconnect.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html" ]
}, },
{ "references": {
"name" : "58711", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58711" "name": "91693",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/91693"
"name" : "91693", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/91693" "name": "http://osvdb.org/ref/91/synconnect.txt",
}, "refsource": "MISC",
{ "url": "http://osvdb.org/ref/91/synconnect.txt"
"name" : "synconnect-index-sql-injection(83040)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/83040" "name": "58711",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/58711"
} },
} {
"name": "20130325 SynConnect PMS SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-03/0134.html"
},
{
"name": "24898",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/24898"
},
{
"name": "synconnect-index-sql-injection(83040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83040"
},
{
"name": "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/120958/SynConnect-SQL-Injection.html"
}
]
}
}

180
2013/2xxx/CVE-2013-2728.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2013-2728", "ID": "CVE-2013-2728",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb13-14.html" "lang": "eng",
}, "value": "Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.1860; and Adobe AIR SDK & Compiler before 3.7.0.1860 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3324, CVE-2013-3325, CVE-2013-3326, CVE-2013-3327, CVE-2013-3328, CVE-2013-3329, CVE-2013-3330, CVE-2013-3331, CVE-2013-3332, CVE-2013-3333, CVE-2013-3334, and CVE-2013-3335."
{ }
"name" : "RHSA-2013:0825", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0825.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SU-2013:0798", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "openSUSE-SU-2013:0892", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2013:0954", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html" "name": "openSUSE-SU-2013:0892",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00003.html"
"name" : "oval:org.mitre.oval:def:16932", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16932" "name": "53442",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/53442"
"name" : "53442", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/53442" "name": "oval:org.mitre.oval:def:16932",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16932"
} },
} {
"name": "SUSE-SU-2013:0798",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0954",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00010.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb13-14.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb13-14.html"
},
{
"name": "RHSA-2013:0825",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0825.html"
}
]
}
}

34
2013/6xxx/CVE-2013-6125.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6125", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6125",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6238.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6238", "ID": "CVE-2013-6238",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/6xxx/CVE-2013-6702.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-6702", "ID": "CVE-2013-6702",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999" "lang": "eng",
}, "value": "The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz50902."
{ }
"name" : "20131203 Cisco ONS 15454 Controller Card Denial of Service Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6702" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1029421", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1029421" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20131203 Cisco ONS 15454 Controller Card Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6702"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=31999"
},
{
"name": "1029421",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029421"
}
]
}
}

140
2013/6xxx/CVE-2013-6730.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2013-6730", "ID": "CVE-2013-6730",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665915", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21665915" "lang": "eng",
}, "value": "IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled, allows remote attackers to bypass intended read restrictions on an item by accessing that item within search results."
{ }
"name" : "PI07185", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-websphere-portal-cve20136730-search(89363)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "PI07185",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI07185"
},
{
"name": "ibm-websphere-portal-cve20136730-search(89363)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89363"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21665915"
}
]
}
}

34
2013/6xxx/CVE-2013-6753.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6753", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6753",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

150
2013/7xxx/CVE-2013-7384.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7384", "ID": "CVE-2013-7384",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q4/379" "lang": "eng",
}, "value": "UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from CVE-2013-6413 per ADT2 due to different vulnerability types."
{ }
"name" : "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS", ]
"refsource" : "MLIST", },
"url" : "http://seclists.org/oss-sec/2013/q4/383" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221", "description": [
"refsource" : "CONFIRM", {
"url" : "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt" ]
} },
] "references": {
} "reference_data": [
} {
"name": "[oss-security] 20131129 CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/379"
},
{
"name": "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221",
"refsource": "CONFIRM",
"url": "http://forums.unrealircd.com/viewtopic.php?f=2&t=8221"
},
{
"name": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unreal3_2_10_2_release_notes.txt"
},
{
"name": "[oss-security] 20131129 Re: CVE request: UnrealIRCd remote DoS",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q4/383"
}
]
}
}

34
2017/10xxx/CVE-2017-10390.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10390", "ID": "CVE-2017-10390",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/10xxx/CVE-2017-10498.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10498", "ID": "CVE-2017-10498",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/10xxx/CVE-2017-10737.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10737", "ID": "CVE-2017-10737",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a \"User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-10737"
}
]
}
}

120
2017/10xxx/CVE-2017-10895.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10895", "ID": "CVE-2017-10895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "sDNSProxy.exe", "product_name": "sDNSProxy.exe",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ver1.1.0.0 and earlier" "version_value": "ver1.1.0.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Tomoki Sanaki" "vendor_name": "Tomoki Sanaki"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial-of-service (DoS)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "JVN#71291160", "description_data": [
"refsource" : "JVN", {
"url" : "https://jvn.jp/en/jp/JVN71291160/index.html" "lang": "eng",
} "value": "sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial-of-service (DoS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#71291160",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN71291160/index.html"
}
]
}
}

160
2017/14xxx/CVE-2017-14041.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14041", "ID": "CVE-2017-14041",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/" "lang": "eng",
}, "value": "A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution."
{ }
"name" : "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9", ]
"refsource" : "MISC", },
"url" : "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/uclouvain/openjpeg/issues/997", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/uclouvain/openjpeg/issues/997" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4013", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-4013" ]
}, },
{ "references": {
"name" : "100555", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/100555" "name": "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/",
} "refsource": "MISC",
] "url": "https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/"
} },
} {
"name": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9"
},
{
"name": "100555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100555"
},
{
"name": "https://github.com/uclouvain/openjpeg/issues/997",
"refsource": "MISC",
"url": "https://github.com/uclouvain/openjpeg/issues/997"
},
{
"name": "DSA-4013",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-4013"
}
]
}
}

34
2017/14xxx/CVE-2017-14110.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14110", "ID": "CVE-2017-14110",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14232.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14232", "ID": "CVE-2017-14232",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14246.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14246", "ID": "CVE-2017-14246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html" "lang": "eng",
}, "value": "An out of bounds read in the function d2ulaw_array() in ulaw.c of libsndfile 1.0.28 may lead to a remote DoS attack or information disclosure, related to mishandling of the NAN and INFINITY floating-point values."
{ }
"name" : "https://github.com/erikd/libsndfile/issues/317", ]
"refsource" : "MISC", },
"url" : "https://github.com/erikd/libsndfile/issues/317" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/erikd/libsndfile/issues/317",
"refsource": "MISC",
"url": "https://github.com/erikd/libsndfile/issues/317"
},
{
"name": "[debian-lts-announce] 20181226 [SECURITY] [DLA 1618-1] libsndfile security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00016.html"
}
]
}
}

34
2017/14xxx/CVE-2017-14598.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14598", "ID": "CVE-2017-14598",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14969.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14969", "ID": "CVE-2017-14969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.greyhathacker.net/?p=995", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.greyhathacker.net/?p=995" "lang": "eng",
} "value": "In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greyhathacker.net/?p=995",
"refsource": "MISC",
"url": "http://www.greyhathacker.net/?p=995"
}
]
}
}

150
2017/15xxx/CVE-2017-15293.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15293", "ID": "CVE-2017-15293",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/" "lang": "eng",
}, "value": "Xpress Server in SAP POS does not require authentication for file read and erase operations, daemon shutdown, terminal read operations, or certain attacks on credentials. This is SAP Security Note 2520064."
{ }
"name" : "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/", ]
"refsource" : "MISC", },
"url" : "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://erpscan.io/research/hacking-sap-pos/", "description": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/research/hacking-sap-pos/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "100713", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/100713" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-032-sap-pos-missing-authentication-xpressserver/"
},
{
"name": "100713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100713"
},
{
"name": "https://erpscan.io/research/hacking-sap-pos/",
"refsource": "MISC",
"url": "https://erpscan.io/research/hacking-sap-pos/"
},
{
"name": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/",
"refsource": "MISC",
"url": "https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/"
}
]
}
}

120
2017/15xxx/CVE-2017-15611.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15611", "ID": "CVE-2017-15611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/OctopusDeploy/Issues/issues/3864", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/OctopusDeploy/Issues/issues/3864" "lang": "eng",
} "value": "In Octopus before 3.17.7, an authenticated user who was explicitly granted the permission to invite new users (aka UserInvite) can invite users to teams with escalated privileges."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OctopusDeploy/Issues/issues/3864",
"refsource": "CONFIRM",
"url": "https://github.com/OctopusDeploy/Issues/issues/3864"
}
]
}
}

130
2017/15xxx/CVE-2017-15617.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15617", "ID": "CVE-2017-15617",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/541655/100/0/threaded" "lang": "eng",
}, "value": "TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the iface variable in the interface_wan.lua file."
{ }
"name" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt", ]
"refsource" : "MISC", },
"url" : "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt",
"refsource": "MISC",
"url": "https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt"
},
{
"name": "20180110 Multiple vulnerabilities in TP-Link products(CVE-2017-15613 to CVE-2017-15637)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541655/100/0/threaded"
}
]
}
}

34
2017/15xxx/CVE-2017-15827.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15827", "ID": "CVE-2017-15827",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/15xxx/CVE-2017-15983.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15983", "ID": "CVE-2017-15983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "43076", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/43076/" "lang": "eng",
} "value": "MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43076",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43076/"
}
]
}
}

120
2017/9xxx/CVE-2017-9053.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9053", "ID": "CVE-2017-9053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.prevanders.net/dwarfbug.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.prevanders.net/dwarfbug.html" "lang": "eng",
} "value": "An issue, also known as DW201703-005, was discovered in libdwarf 2017-03-21. A heap-based buffer over-read in _dwarf_read_loc_expr_op() is due to a failure to check a pointer for being in bounds (in a few places in this function)."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.prevanders.net/dwarfbug.html",
"refsource": "MISC",
"url": "https://www.prevanders.net/dwarfbug.html"
}
]
}
}

34
2017/9xxx/CVE-2017-9236.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9236", "ID": "CVE-2017-9236",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

122
2017/9xxx/CVE-2017-9314.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@dahuatech.com", "ASSIGNER": "cybersecurity@dahuatech.com",
"DATE_PUBLIC" : "2017-11-08T00:00:00", "DATE_PUBLIC": "2017-11-08T00:00:00",
"ID" : "CVE-2017-9314", "ID": "CVE-2017-9314",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NVR50XX, VR52XX, VR54XX, VR58XX", "product_name": "NVR50XX, VR52XX, VR54XX, VR58XX",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Versions Build between 2013 and 2017/10" "version_value": "Versions Build between 2013 and 2017/10"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Dahua Technologies" "vendor_name": "Dahua Technologies"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Authentication vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html" "lang": "eng",
} "value": "Authentication vulnerability found in Dahua NVR models NVR50XX, NVR52XX, NVR54XX, NVR58XX with software before DH_NVR5xxx_Eng_P_V2.616.0000.0.R.20171102. Attacker could exploit this vulnerability to gain access to additional operations by means of forging json message."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html",
"refsource": "CONFIRM",
"url": "http://www.dahuasecurity.com/annoucementsingle/security-advisory--authentication-vulnerability-found-in-some-dahua-nvr_14731_211.html"
}
]
}
}

130
2017/9xxx/CVE-2017-9413.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9413", "ID": "CVE-2017-9413",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42118", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42118/" "lang": "eng",
}, "value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks."
{ }
"name" : "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/142794/Subsonic-6.1.1-Server-Side-Request-Forgery.html"
},
{
"name": "42118",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42118/"
}
]
}
}

170
2017/9xxx/CVE-2017-9503.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9503", "ID": "CVE-2017-9503",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2017/06/08/1" "lang": "eng",
}, "value": "QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing."
{ }
"name" : "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once", ]
"refsource" : "MLIST", },
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas", "description": [
"refsource" : "MLIST", {
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update", ]
"refsource" : "MLIST", }
"url" : "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1459477", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1459477" "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
"name" : "99010", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99010" "name": "[oss-security] 20170608 CVE-2017-9503 Qemu: scsi: null pointer dereference while processing megasas command",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2017/06/08/1"
} },
} {
"name": "99010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99010"
},
{
"name": "[qemu-devel] 20170606 [PATCH 7/7] megasas: always store SCSIRequest* into Megasas",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1459477"
},
{
"name": "[qemu-devel] 20170606 [PATCH 4/7] megasas: do not read DCMD opcode more than once",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html"
}
]
}
}

450
2018/0xxx/CVE-2018-0031.json
View File

@ -1,228 +1,228 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2018-07-11T16:00:00.000Z", "DATE_PUBLIC": "2018-07-11T16:00:00.000Z",
"ID" : "CVE-2018-0031", "ID": "CVE-2018-0031",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules" "TITLE": "Junos OS: Receipt of specially crafted UDP packets over MPLS may bypass stateless IP firewall rules"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.1X46",
"version_value": "12.1X46-D76"
},
{
"affected": "<",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "12.3X48",
"version_value": "12.3X48-D66, 12.3X48-D70"
},
{
"affected": "<",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected": "<",
"platform": "SRX Series",
"version_name": "15.1X49",
"version_value": "15.1X49-D131, 15.1X49-D140"
},
{
"affected": "<",
"platform": "EX2300, EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
},
{
"affected": "<",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
},
{
"affected": "<",
"platform": "QFX5110, QFX5200",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D471, 15.1X53-D490"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R1-S6, 16.2R2-S5, 16.2R3"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D100"
},
{
"affected": "<",
"version_name": "17.3",
"version_value": "17.3R1-S4, 17.3R2-S2, 17.3R3"
},
{
"affected": "<",
"version_name": "17.4",
"version_value": "17.4R1-S3, 17.4R2"
},
{
"affected": "<",
"version_name": "18.1",
"version_value": "18.1R2"
},
{
"affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D5"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Internet2"
},
{
"lang": "eng",
"value": "The Indiana University GlobalNOC"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{ {
"product" : { "lang": "eng",
"product_data" : [ "value": "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5."
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D76"
},
{
"affected" : "<",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D66, 12.3X48-D70"
},
{
"affected" : "<",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7"
},
{
"affected" : "<",
"platform" : "SRX Series",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D131, 15.1X49-D140"
},
{
"affected" : "<",
"platform" : "EX2300, EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
},
{
"affected" : "<",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
},
{
"affected" : "<",
"platform" : "QFX5110, QFX5200",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D471, 15.1X53-D490"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7"
},
{
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R1-S6, 16.2R2-S5, 16.2R3"
},
{
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R1-S7, 17.1R2-S7, 17.1R3"
},
{
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R1-S6, 17.2R2-S4, 17.2R3"
},
{
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D100"
},
{
"affected" : "<",
"version_name" : "17.3",
"version_value" : "17.3R1-S4, 17.3R2-S2, 17.3R3"
},
{
"affected" : "<",
"version_name" : "17.4",
"version_value" : "17.4R1-S3, 17.4R2"
},
{
"affected" : "<",
"version_name" : "18.1",
"version_value" : "18.1R2"
},
{
"affected" : "<",
"version_name" : "18.2X75",
"version_value" : "18.2X75-D5"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
} }
] ]
} },
}, "exploit": [
"credit" : [ {
{ "lang": "eng",
"lang" : "eng", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
"value" : "Internet2" }
}, ],
{ "impact": {
"lang" : "eng", "cvss": {
"value" : "The Indiana University GlobalNOC" "attackComplexity": "LOW",
} "attackVector": "NETWORK",
], "availabilityImpact": "NONE",
"data_format" : "MITRE", "baseScore": 5.3,
"data_type" : "CVE", "baseSeverity": "MEDIUM",
"data_version" : "4.0", "confidentialityImpact": "NONE",
"description" : { "integrityImpact": "LOW",
"description_data" : [ "privilegesRequired": "NONE",
{ "scope": "UNCHANGED",
"lang" : "eng", "userInteraction": "NONE",
"value" : "Receipt of specially crafted UDP/IP packets over MPLS may be able to bypass a stateless firewall filter. The crafted UDP packets must be encapsulated and meet a very specific packet format to be classified in a way that bypasses IP firewall filter rules. The packets themselves do not cause a service interruption (e.g. RPD crash), but receipt of a high rate of UDP packets may be able to contribute to a denial of service attack. This issue only affects processing of transit UDP/IP packets over MPLS, received on an interface with MPLS enabled. TCP packet processing and non-MPLS encapsulated UDP packet processing are unaffected by this issue. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D76; 12.3 versions prior to 12.3R12-S10; 12.3X48 versions prior to 12.3X48-D66, 12.3X48-D70; 14.1X53 versions prior to 14.1X53-D47; 15.1 versions prior to 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7; 15.1X49 versions prior to 15.1X49-D131, 15.1X49-D140; 15.1X53 versions prior to 15.1X53-D59 on EX2300/EX3400; 15.1X53 versions prior to 15.1X53-D67 on QFX10K; 15.1X53 versions prior to 15.1X53-D233 on QFX5200/QFX5110; 15.1X53 versions prior to 15.1X53-D471, 15.1X53-D490 on NFX; 16.1 versions prior to 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7; 16.2 versions prior to 16.2R1-S6, 16.2R2-S5, 16.2R3; 17.1 versions prior to 17.1R1-S7, 17.1R2-S7, 17.1R3; 17.2 versions prior to 17.2R1-S6, 17.2R2-S4, 17.2R3; 17.2X75 versions prior to 17.2X75-D100; 17.3 versions prior to 17.3R1-S4, 17.3R2-S2, 17.3R3; 17.4 versions prior to 17.4R1-S3, 17.4R2; 18.1 versions prior to 18.1R2; 18.2X75 versions prior to 18.2X75-D5." "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
} "version": "3.0"
] }
}, },
"exploit" : [ "problemtype": {
{ "problemtype_data": [
"lang" : "eng", {
"value" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability." "description": [
} {
], "lang": "eng",
"impact" : { "value": "Firewall bypass"
"cvss" : { }
"attackComplexity" : "LOW", ]
"attackVector" : "NETWORK", },
"availabilityImpact" : "NONE", {
"baseScore" : 5.3, "description": [
"baseSeverity" : "MEDIUM", {
"confidentialityImpact" : "NONE", "lang": "eng",
"integrityImpact" : "LOW", "value": "Denial of Service"
"privilegesRequired" : "NONE", }
"scope" : "UNCHANGED", ]
"userInteraction" : "NONE", }
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", ]
"version" : "3.0" },
} "references": {
}, "reference_data": [
"problemtype" : { {
"problemtype_data" : [ "name": "https://kb.juniper.net/JSA10865",
{ "refsource": "CONFIRM",
"description" : [ "url": "https://kb.juniper.net/JSA10865"
{ },
"lang" : "eng", {
"value" : "Firewall bypass" "name": "1041326",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1041326"
}, }
{ ]
"description" : [ },
{ "solution": [
"lang" : "eng", {
"value" : "Denial of Service" "lang": "eng",
} "value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
] }
} ],
] "source": {
}, "advisory": "JSA10865",
"references" : { "defect": [
"reference_data" : [ "1326402"
{ ],
"name" : "https://kb.juniper.net/JSA10865", "discovery": "EXTERNAL"
"refsource" : "CONFIRM", },
"url" : "https://kb.juniper.net/JSA10865" "work_around": [
}, {
{ "lang": "eng",
"name" : "1041326", "value": "There are no viable workarounds for this issue."
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041326" ]
} }
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1X53-D47, 15.1F6-S10, 15.1R4-S9, 15.1R6-S6, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D67, 16.1R3-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S3, 16.1R7, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S4, 17.2R3, 17.2X75-D100, 17.3R1-S4, 17.3R2-S2, 17.3R3, 17.4R1-S3, 17.4R2, 18.1R2, 18.2R1, 18.2X75-D5, and all subsequent releases.\n"
}
],
"source" : {
"advisory" : "JSA10865",
"defect" : [
"1326402"
],
"discovery" : "EXTERNAL"
},
"work_around" : [
{
"lang" : "eng",
"value" : "There are no viable workarounds for this issue."
}
]
}

130
2018/0xxx/CVE-2018-0259.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0259", "ID": "CVE-2018-0259",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco MATE Collector", "product_name": "Cisco MATE Collector",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco MATE Collector" "version_value": "Cisco MATE Collector"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-352"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE" "lang": "eng",
}, "value": "A vulnerability in the web-based management interface of Cisco MATE Collector could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions on a targeted device via a web browser and with the privileges of the user. Cisco Bug IDs: CSCvh31222."
{ }
"name" : "103928", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103928" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-352"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-MATE"
},
{
"name": "103928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103928"
}
]
}
}

130
2018/0xxx/CVE-2018-0401.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0401", "ID": "CVE-2018-0401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Unified Contact Center Express unknown", "product_name": "Cisco Unified Contact Center Express unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Unified Contact Center Express unknown" "version_value": "Cisco Unified Contact Center Express unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx" "lang": "eng",
}, "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70967."
{ }
"name" : "1041352", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041352" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx"
},
{
"name": "1041352",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041352"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000202.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-06-05T13:57:43.659756", "DATE_ASSIGNED": "2018-06-05T13:57:43.659756",
"DATE_REQUESTED" : "2018-05-09T00:00:00", "DATE_REQUESTED": "2018-05-09T00:00:00",
"ID" : "CVE-2018-1000202", "ID": "CVE-2018-1000202",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Groovy Postbuild Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.3.1 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821" "lang": "eng",
} "value": "A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-05-09/#SECURITY-821"
}
]
}
}

130
2018/16xxx/CVE-2018-16179.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-16179", "ID": "CVE-2018-16179",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Mizuho Direct App for Android", "product_name": "Mizuho Direct App for Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 3.13.0 and earlier" "version_value": "version 3.13.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Mizuho Bank, Ltd." "vendor_name": "Mizuho Bank, Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jvn.jp/en/vu/JVNVU91640357/index.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://jvn.jp/en/vu/JVNVU91640357/index.html" "lang": "eng",
}, "value": "The Mizuho Direct App for Android version 3.13.0 and earlier does not verify server certificates, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking", ]
"refsource" : "MISC", },
"url" : "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.co.mizuhobank.banking"
},
{
"name": "https://jvn.jp/en/vu/JVNVU91640357/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU91640357/index.html"
}
]
}
}

120
2018/16xxx/CVE-2018-16713.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16713", "ID": "CVE-2018-16713",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downwithup.github.io/CVEPosts.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://downwithup.github.io/CVEPosts.html" "lang": "eng",
} "value": "IObit Advanced SystemCare, which includes Monitor_win10_x64.sys or Monitor_win7_x64.sys, 1.2.0.5 (and possibly earlier versions) allows a user to send an IOCTL (0x9C402084) with a buffer containing user defined content. The driver's subroutine will execute a rdmsr instruction with the user's buffer for input, and provide output from the instruction."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downwithup.github.io/CVEPosts.html",
"refsource": "MISC",
"url": "https://downwithup.github.io/CVEPosts.html"
}
]
}
}

34
2018/16xxx/CVE-2018-16995.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16995", "ID": "CVE-2018-16995",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/19xxx/CVE-2018-19036.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19036", "ID": "CVE-2018-19036",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf" "lang": "eng",
} "value": "An issue was discovered in several Bosch IP cameras for firmware versions 6.32 and higher. A malicious client could potentially succeed in the unauthorized execution of code on the device via the network interface."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf",
"refsource": "CONFIRM",
"url": "https://media.boschsecurity.com/fs/media/pb/security_advisories/bosch-2018-1202-bt-cve-2018-19036_security_advisory_ip_camera_vulnerability.pdf"
}
]
}
}

120
2018/19xxx/CVE-2018-19286.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19286", "ID": "CVE-2018-19286",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md" "lang": "eng",
} "value": "The server in mubu note 2018-11-11 has XSS by configuring an account with a crafted name value (along with an arbitrary username value), and then creating and sharing a note."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md",
"refsource": "MISC",
"url": "https://github.com/CCCCCrash/POCs/blob/master/Web/mubu/xss.md"
}
]
}
}

34
2018/19xxx/CVE-2018-19573.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19573", "ID": "CVE-2018-19573",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4097.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4097", "ID": "CVE-2018-4097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208465", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208465" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app."
{ }
"name" : "102785", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102785" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040267", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040267" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208465",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208465"
},
{
"name": "102785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102785"
},
{
"name": "1040267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040267"
}
]
}
}

160
2018/4xxx/CVE-2018-4147.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4147", "ID": "CVE-2018-4147",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208465", "description_data": [
"refsource" : "MISC", {
"url" : "https://support.apple.com/HT208465" "lang": "eng",
}, "value": "In iCloud for Windows before 7.3, Safari before 11.0.3, iTunes before 12.7.3 for Windows, and iOS before 11.2.5, multiple memory corruption issues exist and were addressed with improved memory handling."
{ }
"name" : "https://support.apple.com/HT208473", ]
"refsource" : "MISC", },
"url" : "https://support.apple.com/HT208473" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT208474", "description": [
"refsource" : "MISC", {
"url" : "https://support.apple.com/HT208474" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/HT208475", ]
"refsource" : "MISC", }
"url" : "https://support.apple.com/HT208475" ]
}, },
{ "references": {
"name" : "https://support.apple.com/HT208463", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208463" "name": "https://support.apple.com/HT208473",
} "refsource": "MISC",
] "url": "https://support.apple.com/HT208473"
} },
} {
"name": "https://support.apple.com/HT208474",
"refsource": "MISC",
"url": "https://support.apple.com/HT208474"
},
{
"name": "https://support.apple.com/HT208475",
"refsource": "MISC",
"url": "https://support.apple.com/HT208475"
},
{
"name": "https://support.apple.com/HT208465",
"refsource": "MISC",
"url": "https://support.apple.com/HT208465"
},
{
"name": "https://support.apple.com/HT208463",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208463"
}
]
}
}

34
2018/4xxx/CVE-2018-4587.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4587", "ID": "CVE-2018-4587",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4907.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4907", "ID": "CVE-2018-4907",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions", "product_name": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions" "version_value": "Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html" "lang": "eng",
}, "value": "An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end of the target buffer; the computation is part of the TIFF processing in the XPS module. A successful attack can lead to sensitive data exposure."
{ }
"name" : "102996", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102996" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040364", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040364" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "102996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102996"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-02.html"
},
{
"name": "1040364",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040364"
}
]
}
}

140
2018/4xxx/CVE-2018-4959.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4959", "ID": "CVE-2018-4959",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use-after-free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "104169", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104169" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040920", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040920" "lang": "eng",
} "value": "Use-after-free"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104169"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}