admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:21:44 +00:00
parent 4e0da8fd99
commit 4a4fc9e724
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
67 changed files with 4215 additions and 4144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2008/0xxx/CVE-2008-0067.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-0067", "ID": "CVE-2008-0067",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499826/100/0/threaded" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program."
{ }
"name" : "http://secunia.com/secunia_research/2008-13/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-13/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMA02400", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123247393715913&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT080144", ]
"refsource" : "HP", }
"url" : "http://marc.info/?l=bugtraq&m=123247393715913&w=2" ]
}, },
{ "references": {
"name" : "33147", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33147" "name": "http://secunia.com/secunia_research/2008-13/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2008-13/"
"name" : "1021521", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021521" "name": "HPSBMA02400",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123247393715913&w=2"
"name" : "28074", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28074" "name": "1021521",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1021521"
"name" : "4885", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4885" "name": "33147",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/33147"
"name" : "8307", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/8307" "name": "4885",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4885"
} },
} {
"name": "20090107 Secunia Research: HP OpenView Network Node Manager Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499826/100/0/threaded"
},
{
"name": "SSRT080144",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123247393715913&w=2"
},
{
"name": "8307",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8307"
},
{
"name": "28074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28074"
}
]
}
}

34
2008/0xxx/CVE-2008-0188.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2008-0188", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2008-0188",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its requester. Further investigation showed that it was not a new security issue. Notes: none."
} }
] ]
} }
} }

160
2008/0xxx/CVE-2008-0663.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0663", "ID": "CVE-2008-0663",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html" "lang": "eng",
}, "value": "Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with Novell Client for Windows 4.91 SP4, allows users with physical access to a locked system to obtain contents of the clipboard by pasting the contents into the Challenge Question field."
{ }
"name" : "27631", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27631" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-0423", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0423/references" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1019304", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1019304" ]
}, },
{ "references": {
"name" : "28792", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28792" "name": "28792",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/28792"
} },
} {
"name": "ADV-2008-0423",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0423/references"
},
{
"name": "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "https://secure-support.novell.com/KanisaPlatform/Publishing/686/3726376_f.SAL_Public.html"
},
{
"name": "1019304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019304"
},
{
"name": "27631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27631"
}
]
}
}

130
2008/0xxx/CVE-2008-0670.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0670", "ID": "CVE-2008-0670",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5081", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5081" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action."
{ }
"name" : "27691", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/27691" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5081",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5081"
},
{
"name": "27691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27691"
}
]
}
}

130
2008/1xxx/CVE-2008-1164.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1164", "ID": "CVE-2008-1164",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5209", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5209" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in phpComasy 0.8 allows remote attackers to execute arbitrary SQL commands via the mod_project_id parameter in a project_detail action."
{ }
"name" : "28064", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28064" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5209",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5209"
},
{
"name": "28064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28064"
}
]
}
}

190
2008/1xxx/CVE-2008-1738.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1738", "ID": "CVE-2008-1738",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/491405/100/0/threaded" "lang": "eng",
}, "value": "Rising Antivirus 2008 before 20.38.20 allows local users to cause a denial of service (system crash) via an invalid pointer to the _CLIENT_ID structure in a call to the NtOpenProcess hooked System Service Descriptor Table (SSDT) function."
{ }
"name" : "http://www.coresecurity.com/?action=item&id=2249", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/?action=item&id=2249" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28744", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28744" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1382", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1382" ]
}, },
{ "references": {
"name" : "1019946", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019946" "name": "28744",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28744"
"name" : "30007", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30007" "name": "3838",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/3838"
"name" : "3838", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3838" "name": "risingantivirus-ssdt-dos(42084)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42084"
"name" : "risingantivirus-ssdt-dos(42084)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42084" "name": "http://www.coresecurity.com/?action=item&id=2249",
} "refsource": "MISC",
] "url": "http://www.coresecurity.com/?action=item&id=2249"
} },
} {
"name": "ADV-2008-1382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1382"
},
{
"name": "30007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30007"
},
{
"name": "20080428 CORE-2008-0320 - Insufficient argument validation of hooked SSDT functions on multiple Antivirus and Firewalls",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491405/100/0/threaded"
},
{
"name": "1019946",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019946"
}
]
}
}

150
2008/3xxx/CVE-2008-3334.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3334", "ID": "CVE-2008-3334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://community.mybboard.net/thread-33865.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://community.mybboard.net/thread-33865.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php."
{ }
"name" : "30401", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30401" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31216", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31216" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mybb-unspecified-xss(44034)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034" ]
} },
] "references": {
} "reference_data": [
} {
"name": "31216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31216"
},
{
"name": "30401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30401"
},
{
"name": "http://community.mybboard.net/thread-33865.html",
"refsource": "CONFIRM",
"url": "http://community.mybboard.net/thread-33865.html"
},
{
"name": "mybb-unspecified-xss(44034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44034"
}
]
}
}

150
2008/3xxx/CVE-2008-3455.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3455", "ID": "CVE-2008-3455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6160", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6160" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter."
{ }
"name" : "30428", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30428" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4106", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4106" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "phphostingdirectory-admin-file-include(44108)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44108" ]
} },
] "references": {
} "reference_data": [
} {
"name": "30428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30428"
},
{
"name": "phphostingdirectory-admin-file-include(44108)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44108"
},
{
"name": "4106",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4106"
},
{
"name": "6160",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6160"
}
]
}
}

210
2008/3xxx/CVE-2008-3466.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-3466", "ID": "CVE-2008-3466",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745" "lang": "eng",
}, "value": "Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka \"HIS Command Execution Vulnerability.\""
{ }
"name" : "HPSBST02379", ]
"refsource" : "HP", },
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT080143", "description": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=122479227205998&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS08-059", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059" ]
}, },
{ "references": {
"name" : "TA08-288A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-288A.html" "name": "ADV-2008-2810",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2810"
"name" : "31620", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31620" "name": "20081014 Microsoft Host Integration Server 2006 Command Execution Vulnerability",
}, "refsource": "IDEFENSE",
{ "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=745"
"name" : "oval:org.mitre.oval:def:6075", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075" "name": "31620",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31620"
"name" : "ADV-2008-2810", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2810" "name": "SSRT080143",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
"name" : "1021043", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021043" "name": "32233",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32233"
"name" : "32233", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32233" "name": "HPSBST02379",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=122479227205998&w=2"
} },
} {
"name": "MS08-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-059"
},
{
"name": "TA08-288A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-288A.html"
},
{
"name": "1021043",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021043"
},
{
"name": "oval:org.mitre.oval:def:6075",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6075"
}
]
}
}

160
2008/3xxx/CVE-2008-3589.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3589", "ID": "CVE-2008-3589",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6194", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6194" "lang": "eng",
}, "value": "Directory traversal vulnerability in download.php in moziloCMS 1.10.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the cat parameter."
{ }
"name" : "30526", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30526" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31327", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31327" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4136", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4136" ]
}, },
{ "references": {
"name" : "mozilocms-download-directory-traversal(44162)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44162" "name": "4136",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4136"
} },
} {
"name": "6194",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6194"
},
{
"name": "mozilocms-download-directory-traversal(44162)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44162"
},
{
"name": "30526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30526"
},
{
"name": "31327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31327"
}
]
}
}

170
2008/3xxx/CVE-2008-3712.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3712", "ID": "CVE-2008-3712",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080815 Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495507/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php."
{ }
"name" : "30708", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30708" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31528", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31528" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4164", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4164" ]
}, },
{ "references": {
"name" : "mambo-connectorphp-xss(44502)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44502" "name": "31528",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31528"
"name" : "mambo-index3pop-xss(44503)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44503" "name": "mambo-connectorphp-xss(44502)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44502"
} },
} {
"name": "mambo-index3pop-xss(44503)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44503"
},
{
"name": "20080815 Mambo 4.6.2 Full Version - Multiple Cross Site Scripting - By Khashayar Fereidani",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495507/100/0/threaded"
},
{
"name": "30708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30708"
},
{
"name": "4164",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4164"
}
]
}
}

130
2008/3xxx/CVE-2008-3891.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3891", "ID": "CVE-2008-3891",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU" "lang": "eng",
}, "value": "The SAML Single Sign-On (SSO) Service for Google Apps allows remote service providers to impersonate users at arbitrary service providers via vectors related to authentication responses that lack a request identifier and recipient field."
{ }
"name" : "VU#612636", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/612636" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-7FQGWU"
},
{
"name": "VU#612636",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/612636"
}
]
}
}

160
2008/4xxx/CVE-2008-4003.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2008-4003", "ID": "CVE-2008-4003",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.18 and 8.49.14 allows remote attackers to affect confidentiality via unknown vectors."
{ }
"name" : "ADV-2008-2825", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2008/2825" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1021055", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021055" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32291", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32291" ]
}, },
{ "references": {
"name" : "oracle-peoplesoft-peopletool-info-disclosure(45905)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45905" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
} },
} {
"name": "32291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32291"
},
{
"name": "oracle-peoplesoft-peopletool-info-disclosure(45905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45905"
},
{
"name": "1021055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021055"
},
{
"name": "ADV-2008-2825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2825"
}
]
}
}

160
2008/4xxx/CVE-2008-4148.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4148", "ID": "CVE-2008-4148",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/309769", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/309769" "lang": "eng",
}, "value": "SQL injection vulnerability in the Mailhandler module 5.x before 5.x-1.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to composing queries without using the Drupal database API."
{ }
"name" : "31230", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31230" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31877", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2616", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2616" ]
}, },
{ "references": {
"name" : "mailhandler-unspecified-sql-injection(45216)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45216" "name": "ADV-2008-2616",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/2616"
} },
} {
"name": "31230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31230"
},
{
"name": "mailhandler-unspecified-sql-injection(45216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45216"
},
{
"name": "31877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31877"
},
{
"name": "http://drupal.org/node/309769",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/309769"
}
]
}
}

170
2008/4xxx/CVE-2008-4339.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4339", "ID": "CVE-2008-4339",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to \"bpjava* binaries.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Administration GUI (jnbSA) in Symantec Veritas NetBackup Server and NetBackup Enterprise Server 5.1 before MP7, 6.0 before MP7, and 6.5 before 6.5.2 allows remote authenticated users to gain privileges via unknown attack vectors related to \"bpjava* binaries.\""
{ }
"name" : "239908", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239908-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31221", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31221" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-2672", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/2672" ]
}, },
{ "references": {
"name" : "1020928", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020928" "name": "239908",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239908-1"
"name" : "veritas-netbackup-jnbsa-privilege-escalation(45386)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45386" "name": "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html",
} "refsource": "CONFIRM",
] "url": "http://www.symantec.com/avcenter/security/Content/2008.09.24a.html"
} },
} {
"name": "31221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31221"
},
{
"name": "1020928",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020928"
},
{
"name": "ADV-2008-2672",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2672"
},
{
"name": "veritas-netbackup-jnbsa-privilege-escalation(45386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45386"
}
]
}
}

150
2008/4xxx/CVE-2008-4592.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4592", "ID": "CVE-2008-4592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6427", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6427" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter."
{ }
"name" : "ADV-2008-2550", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2008/2550" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "4423", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4423" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "sportsclubs-index-file-include(45062)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45062" ]
} },
] "references": {
} "reference_data": [
} {
"name": "6427",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6427"
},
{
"name": "sportsclubs-index-file-include(45062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45062"
},
{
"name": "ADV-2008-2550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2550"
},
{
"name": "4423",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4423"
}
]
}
}

170
2008/4xxx/CVE-2008-4755.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4755", "ID": "CVE-2008-4755",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6839", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6839" "lang": "eng",
}, "value": "SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "31925", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31925" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2008-2923", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2923" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32373", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32373" ]
}, },
{ "references": {
"name" : "4521", "reference_data": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4521" "name": "ADV-2008-2923",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2923"
"name" : "classifiedauctions-gotourl-sql-injection(46112)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46112" "name": "4521",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/4521"
} },
} {
"name": "classifiedauctions-gotourl-sql-injection(46112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46112"
},
{
"name": "31925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31925"
},
{
"name": "32373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32373"
},
{
"name": "6839",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6839"
}
]
}
}

150
2008/4xxx/CVE-2008-4881.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4881", "ID": "CVE-2008-4881",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6943", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6943" "lang": "eng",
}, "value": "SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "32061", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32061" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49593", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49593" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32504", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32504" ]
} },
] "references": {
} "reference_data": [
} {
"name": "32061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32061"
},
{
"name": "49593",
"refsource": "OSVDB",
"url": "http://osvdb.org/49593"
},
{
"name": "6943",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6943"
},
{
"name": "32504",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32504"
}
]
}
}

310
2013/2xxx/CVE-2013-2237.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2237", "ID": "CVE-2013-2237",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/07/04/3" "lang": "eng",
}, "value": "The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=981220", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=981220" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40" ]
}, },
{ "references": {
"name" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2" "name": "USN-1970-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1970-1"
"name" : "DSA-2766", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2766" "name": "RHSA-2013:1166",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1166.html"
"name" : "RHSA-2013:1166", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1166.html" "name": "[oss-security] 20130703 Re: CVE Request: Earlier AF_KEY in key_notify_policy_flush",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/07/04/3"
"name" : "RHSA-2013:1173", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1173.html" "name": "USN-1913-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1913-1"
"name" : "SUSE-SU-2013:1473", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html" "name": "SUSE-SU-2013:1473",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html"
"name" : "SUSE-SU-2013:1474", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html" "name": "USN-1995-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1995-1"
"name" : "openSUSE-SU-2013:1971", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html" "name": "RHSA-2013:1173",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1173.html"
"name" : "USN-1912-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1912-1" "name": "DSA-2766",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2013/dsa-2766"
"name" : "USN-1913-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1913-1" "name": "openSUSE-SU-2013:1971",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html"
"name" : "USN-1970-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1970-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=981220",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=981220"
"name" : "USN-1972-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1972-1" "name": "USN-1998-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1998-1"
"name" : "USN-1973-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1973-1" "name": "SUSE-SU-2013:1474",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00004.html"
"name" : "USN-1992-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1992-1" "name": "USN-1973-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1973-1"
"name" : "USN-1993-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1993-1" "name": "USN-1992-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1992-1"
"name" : "USN-1995-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1995-1" "name": "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40"
"name" : "USN-1998-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1998-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40",
} "refsource": "CONFIRM",
] "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=85dfb745ee40232876663ae206cba35f24ab2a40"
} },
} {
"name": "USN-1993-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1993-1"
},
{
"name": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2",
"refsource": "CONFIRM",
"url": "https://www.kernel.org/pub/linux/kernel/v3.x/patch-3.9.bz2"
},
{
"name": "USN-1912-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1912-1"
},
{
"name": "USN-1972-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1972-1"
}
]
}
}

150
2013/2xxx/CVE-2013-2438.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2013-2438", "ID": "CVE-2013-2438",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX."
{ }
"name" : "RHSA-2013:0757", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0757.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "TA13-107A", "description": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-107A" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:16618", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16618" ]
} },
] "references": {
} "reference_data": [
} {
"name": "TA13-107A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-107A"
},
{
"name": "RHSA-2013:0757",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0757.html"
},
{
"name": "oval:org.mitre.oval:def:16618",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16618"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuapr2013-1928497.html"
}
]
}
}

120
2013/2xxx/CVE-2013-2783.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-2783", "ID": "CVE-2013-2783",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01" "lang": "eng",
} "value": "The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers to cause a denial of service (infinite loop) or obtain unspecified control via crafted data to TCP port 20000."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-161-01"
}
]
}
}

160
2013/2xxx/CVE-2013-2882.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2882", "ID": "CVE-2013-2882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html" "lang": "eng",
}, "value": "Google V8, as used in Google Chrome before 28.0.1500.95, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage \"type confusion.\""
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=260106", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=260106" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2732", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2013/dsa-2732" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2013:1201", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1201.html" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:17329", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329" "name": "RHSA-2013:1201",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1201.html"
} },
} {
"name": "DSA-2732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2732"
},
{
"name": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2013/07/stable-channel-update_30.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=260106",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=260106"
},
{
"name": "oval:org.mitre.oval:def:17329",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17329"
}
]
}
}

230
2013/2xxx/CVE-2013-2895.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2013-2895", "ID": "CVE-2013-2895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[linux-input] 20130828 [PATCH 09/14] HID: logitech-dj: validate output report details", "description_data": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=linux-input&m=137772188314631&w=1" "lang": "eng",
}, "value": "drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device."
{ }
"name" : "[oss-security] 20130828 Linux HID security flaws", ]
"refsource" : "MLIST", },
"url" : "http://openwall.com/lists/oss-security/2013/08/28/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2013:1490", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1490.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "USN-2019-1", ]
"refsource" : "UBUNTU", }
"url" : "http://www.ubuntu.com/usn/USN-2019-1" ]
}, },
{ "references": {
"name" : "USN-2020-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2020-1" "name": "USN-2024-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2024-1"
"name" : "USN-2021-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2021-1" "name": "RHSA-2013:1490",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2013-1490.html"
"name" : "USN-2022-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2022-1" "name": "USN-2039-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2039-1"
"name" : "USN-2023-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2023-1" "name": "USN-2022-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2022-1"
"name" : "USN-2024-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2024-1" "name": "[oss-security] 20130828 Linux HID security flaws",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2013/08/28/13"
"name" : "USN-2038-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2038-1" "name": "USN-2038-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2038-1"
"name" : "USN-2039-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2039-1" "name": "USN-2020-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2020-1"
"name" : "USN-2050-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2050-1" "name": "USN-2021-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-2021-1"
} },
} {
"name": "USN-2019-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2019-1"
},
{
"name": "USN-2023-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2023-1"
},
{
"name": "USN-2050-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2050-1"
},
{
"name": "[linux-input] 20130828 [PATCH 09/14] HID: logitech-dj: validate output report details",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-input&m=137772188314631&w=1"
}
]
}
}

130
2013/3xxx/CVE-2013-3424.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3424", "ID": "CVE-2013-3424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130712 Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3424" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Administration and View pages in Cisco Secure Access Control System (ACS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCud75177."
{ }
"name" : "cisco-acs-cve20133424-csrf(85625)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/85625" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130712 Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3424"
},
{
"name": "cisco-acs-cve20133424-csrf(85625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85625"
}
]
}
}

130
2013/3xxx/CVE-2013-3862.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3862", "ID": "CVE-2013-3862",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka \"Service Control Manager Double Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-077", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-077" "lang": "eng",
}, "value": "Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager (SCM), aka \"Service Control Manager Double Free Vulnerability.\""
{ }
"name" : "TA13-253A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS13-077",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-077"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

120
2013/6xxx/CVE-2013-6142.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "ics-cert@hq.dhs.gov",
"ID" : "CVE-2013-6142", "ID": "CVE-2013-6142",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01", "description_data": [
"refsource" : "MISC", {
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01" "lang": "eng",
} "value": "DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service (resource consumption) via IP packets containing errors that trigger event-journal messages."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-014-01"
}
]
}
}

34
2013/6xxx/CVE-2013-6295.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6295", "ID": "CVE-2013-6295",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2013/6xxx/CVE-2013-6381.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6381", "ID": "CVE-2013-6381",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20131122 Linux kernel CVE fixes", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/11/22/5" "lang": "eng",
}, "value": "Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033600", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1033600" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62" ]
}, },
{ "references": {
"name" : "RHSA-2014:0159", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0159.html" "name": "RHSA-2014:0159",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0159.html"
"name" : "RHSA-2014:0284", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0284.html" "name": "RHSA-2014:0285",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0285.html"
"name" : "RHSA-2014:0285", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0285.html" "name": "[oss-security] 20131122 Linux kernel CVE fixes",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/11/22/5"
"name" : "63890", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/63890" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033600",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033600"
} },
} {
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6fb392b1a63ae36c31f62bc3fc8630b49d602b62"
},
{
"name": "63890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/63890"
},
{
"name": "RHSA-2014:0284",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0284.html"
},
{
"name": "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6fb392b1a63ae36c31f62bc3fc8630b49d602b62"
}
]
}
}

180
2013/6xxx/CVE-2013-6474.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6474", "ID": "CVE-2013-6474",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176" "lang": "eng",
}, "value": "Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027548", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1027548" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2875", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2014/dsa-2875" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2876", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2014/dsa-2876" ]
}, },
{ "references": {
"name" : "USN-2143-1", "reference_data": [
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2143-1" "name": "USN-2144-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2144-1"
"name" : "USN-2144-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2144-1" "name": "DSA-2876",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2014/dsa-2876"
"name" : "66163", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/66163" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1027548"
} },
} {
"name": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176",
"refsource": "CONFIRM",
"url": "http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176"
},
{
"name": "USN-2143-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2143-1"
},
{
"name": "DSA-2875",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2875"
},
{
"name": "66163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66163"
}
]
}
}

34
2013/6xxx/CVE-2013-6813.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6813", "ID": "CVE-2013-6813",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2013/6xxx/CVE-2013-6961.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-6961", "ID": "CVE-2013-6961",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36237."
{ }
"name" : "64288", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/64288" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "100905", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/100905" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029494", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029494" ]
}, },
{ "references": {
"name" : "cisco-webex-cve20136961-xss(89696)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696" "name": "cisco-webex-cve20136961-xss(89696)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89696"
} },
} {
"name": "64288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64288"
},
{
"name": "1029494",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029494"
},
{
"name": "20131212 Cisco WebEx Collaboration Partner Access Console Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6961"
},
{
"name": "100905",
"refsource": "OSVDB",
"url": "http://osvdb.org/100905"
}
]
}
}

34
2013/7xxx/CVE-2013-7099.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7099", "ID": "CVE-2013-7099",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/7xxx/CVE-2013-7278.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7278", "ID": "CVE-2013-7278",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.com/files/124624", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124624" "lang": "eng",
}, "value": "SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp."
{ }
"name" : "64572", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/64572" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "cmsafroditi-id-sql-injection(89988)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89988" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/124624",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124624"
},
{
"name": "cmsafroditi-id-sql-injection(89988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89988"
},
{
"name": "64572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64572"
}
]
}
}

150
2017/10xxx/CVE-2017-10020.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10020", "ID": "CVE-2017-10020",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PT PeopleTools", "product_name": "PeopleSoft Enterprise PT PeopleTools",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.54" "version_value": "8.54"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.55" "version_value": "8.55"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "99825", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99825" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038932", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038932" "lang": "eng",
} "value": "Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99825"
},
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10080.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10080", "ID": "CVE-2017-10080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Agile PLM Framework", "product_name": "Agile PLM Framework",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.3.5" "version_value": "9.3.5"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.3.6" "version_value": "9.3.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 9.3.5 and 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
{ }
"name" : "99669", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99669" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038947", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038947" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99669",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99669"
},
{
"name": "1038947",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038947"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

150
2017/10xxx/CVE-2017-10253.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10253", "ID": "CVE-2017-10253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PT PeopleTools", "product_name": "PeopleSoft Enterprise PT PeopleTools",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.54" "version_value": "8.54"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.55" "version_value": "8.55"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Pivot Grid). Supported versions that are affected are 8.54 and 8.55. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
{ }
"name" : "99773", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99773" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038932", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038932" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "99773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99773"
}
]
}
}

244
2017/10xxx/CVE-2017-10614.json
View File

@ -1,124 +1,124 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "sirt@juniper.net", "ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC" : "2017-10-11T09:00", "DATE_PUBLIC": "2017-10-11T09:00",
"ID" : "CVE-2017-10614", "ID": "CVE-2017-10614",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Junos OS: A remote unauthenticated attacker can consume large amounts of CPU and/or memory through telnetd" "TITLE": "Junos OS: A remote unauthenticated attacker can consume large amounts of CPU and/or memory through telnetd"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Junos OS", "product_name": "Junos OS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"platform" : "", "platform": "",
"version_value" : "12.1X46 prior to 12.1X46-D45" "version_value": "12.1X46 prior to 12.1X46-D45"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "12.3X48 prior to 12.3X48-D30" "version_value": "12.3X48 prior to 12.3X48-D30"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "14.1 prior to 14.1R4-S9, 14.1R8" "version_value": "14.1 prior to 14.1R4-S9, 14.1R8"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "14.2 prior to 14.2R6" "version_value": "14.2 prior to 14.2R6"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "15.1 prior to 15.1F5, 15.1R3" "version_value": "15.1 prior to 15.1F5, 15.1R3"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "15.1X49 prior to 15.1X49-D40" "version_value": "15.1X49 prior to 15.1X49-D40"
}, },
{ {
"platform" : "", "platform": "",
"version_value" : "15.1X53 prior to 15.1X53-D47, 15.1X53-D232" "version_value": "15.1X53 prior to 15.1X53-D47, 15.1X53-D232"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Juniper Networks" "vendor_name": "Juniper Networks"
} }
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "This issue only affects systems with telnet enabled, and is disabled by default."
}
],
"credit" : [],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47."
}
]
},
"exploit" : "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.3,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "resource consumption"
},
{
"lang" : "eng",
"value" : "denial of service"
}
] ]
} }
] },
}, "configuration": [
"references" : { {
"reference_data" : [ "lang": "eng",
{ "value": "This issue only affects systems with telnet enabled, and is disabled by default."
"name" : "https://kb.juniper.net/JSA10817", }
"refsource" : "CONFIRM", ],
"url" : "https://kb.juniper.net/JSA10817" "credit": [],
} "data_format": "MITRE",
] "data_type": "CVE",
}, "data_version": "4.0",
"solution" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D45, 12.3X48-D30, 14.1R4-S9, 14.1R8, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D232, 15.1X53-D47, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1108483 and and is visible on the Customer Support website.\n", "description": {
"work_around" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "Disable telnet services.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts." "value": "A vulnerability in telnetd service on Junos OS allows a remote attacker to cause a limited memory and/or CPU consumption denial of service attack. This issue was found during internal product security testing. Affected releases are Juniper Networks Junos OS 12.1X46 prior to 12.1X46-D45; 12.3X48 prior to 12.3X48-D30; 14.1 prior to 14.1R4-S9, 14.1R8; 14.2 prior to 14.2R6; 15.1 prior to 15.1F5, 15.1R3; 15.1X49 prior to 15.1X49-D40; 15.1X53 prior to 15.1X53-D232, 15.1X53-D47."
} }
] ]
} },
"exploit": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.",
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "resource consumption"
},
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kb.juniper.net/JSA10817",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10817"
}
]
},
"solution": "The following software releases have been updated to resolve this specific issue: 12.1X46-D45, 12.3X48-D30, 14.1R4-S9, 14.1R8, 14.2R6, 15.1F5, 15.1R3, 15.1X49-D40, 15.1X53-D232, 15.1X53-D47, 16.1R1, and all subsequent releases.\n\nThis issue is being tracked as PR 1108483 and and is visible on the Customer Support website.\n",
"work_around": [
{
"lang": "eng",
"value": "Disable telnet services.\n\nIt is good security practice to limit the exploitable attack surface of critical infrastructure networking equipment. Use access lists or firewall filters to limit access to the device from trusted, administrative networks or hosts."
}
]
}

130
2017/10xxx/CVE-2017-10840.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2017-10840", "ID": "CVE-2017-10840",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebCalendar", "product_name": "WebCalendar",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.2.7 and earlier" "version_value": "1.2.7 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "k5n.us" "vendor_name": "k5n.us"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8" "lang": "eng",
}, "value": "Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#23340457", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN23340457/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23340457",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23340457/index.html"
},
{
"name": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8",
"refsource": "MISC",
"url": "https://github.com/craigk5n/webcalendar/releases/tag/v1.2.8"
}
]
}
}

34
2017/14xxx/CVE-2017-14220.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14220", "ID": "CVE-2017-14220",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2017/14xxx/CVE-2017-14244.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14244", "ID": "CVE-2017-14244",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "42740", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/42740/" "lang": "eng",
}, "value": "An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2 devices potentially allows attackers to directly access administrative router settings by crafting URLs with a .cgi extension, as demonstrated by /info.cgi and /password.cgi."
{ }
"name" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass", ]
"refsource" : "MISC", },
"url" : "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass",
"refsource": "MISC",
"url": "https://www.techipick.com/iball-baton-adsl2-home-router-utstar-wa3002g4-adsl-broadband-modem-authentication-bypass"
},
{
"name": "42740",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42740/"
}
]
}
}

120
2017/14xxx/CVE-2017-14765.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14765", "ID": "CVE-2017-14765",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/", "description_data": [
"refsource" : "MISC", {
"url" : "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/" "lang": "eng",
} "value": "In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/",
"refsource": "MISC",
"url": "http://ph0rse.me/2017/09/21/GeniXCMS-1-1-4%E6%9C%80%E6%96%B0%E7%89%88%E6%9C%AC-getshell/"
}
]
}
}

34
2017/14xxx/CVE-2017-14853.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14853", "ID": "CVE-2017-14853",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2017/14xxx/CVE-2017-14875.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-03-26T00:00:00", "DATE_PUBLIC": "2018-03-26T00:00:00",
"ID" : "CVE-2017-14875", "ID": "CVE-2017-14875",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in Camera"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc", "description_data": [
"refsource" : "MISC", {
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc" "lang": "eng",
}, "value": "In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-05-23, a heap overread vulnerability exists."
{ }
"name" : "https://source.android.com/security/bulletin/pixel/2018-02-01", ]
"refsource" : "CONFIRM", },
"url" : "https://source.android.com/security/bulletin/pixel/2018-02-01" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Validation of Array Index in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc",
"refsource": "MISC",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=755261330733bb2440907a8407ed691c99451ddc"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-02-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-02-01"
}
]
}
}

130
2017/15xxx/CVE-2017-15883.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15883", "ID": "CVE-2017-15883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/" "lang": "eng",
}, "value": "Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography."
{ }
"name" : "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883", ]
"refsource" : "CONFIRM", },
"url" : "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/",
"refsource": "MISC",
"url": "https://www.mnemonic.no/news/2017/vulnerability-finding-sitefinity-cms/"
},
{
"name": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883",
"refsource": "CONFIRM",
"url": "https://knowledgebase.progress.com/articles/Article/Sitefinity-Security-Advisory-for-cryptographic-vulnerability-CVE-2017-15883"
}
]
}
}

34
2017/17xxx/CVE-2017-17116.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17116", "ID": "CVE-2017-17116",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/17xxx/CVE-2017-17242.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17242", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17242",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/9xxx/CVE-2017-9266.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9266", "ID": "CVE-2017-9266",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/9xxx/CVE-2017-9472.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9472", "ID": "CVE-2017-9472",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/", "description_data": [
"refsource" : "MISC", {
"url" : "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/" "lang": "eng",
} "value": "In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/",
"refsource": "MISC",
"url": "https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/"
}
]
}
}

130
2017/9xxx/CVE-2017-9752.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9752", "ID": "CVE-2017-9752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21589", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=21589" "lang": "eng",
}, "value": "bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.28, allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by mishandling of this file in the _bfd_vms_get_value and _bfd_vms_slurp_etir functions during \"objdump -D\" execution."
{ }
"name" : "99122", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99122" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "99122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99122"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=21589",
"refsource": "CONFIRM",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=21589"
}
]
}
}

130
2017/9xxx/CVE-2017-9946.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "productcert@siemens.com", "ASSIGNER": "productcert@siemens.com",
"ID" : "CVE-2017-9946", "ID": "CVE-2017-9946",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5", "product_name": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5" "version_value": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-287: Improper Authentication"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf" "lang": "eng",
}, "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device."
{ }
"name" : "101248", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101248" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101248"
},
{
"name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf",
"refsource": "CONFIRM",
"url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
}
]
}
}

140
2017/9xxx/CVE-2017-9982.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9982", "ID": "CVE-2017-9982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://pastebin.com/4Ngstncy", "description_data": [
"refsource" : "MISC", {
"url" : "https://pastebin.com/4Ngstncy" "lang": "eng",
}, "value": "TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the &#5610; Unicode character followed by the &#3903; Unicode character."
{ }
"name" : "https://www.youtube.com/watch?v=8BrQCUOgQL0", ]
"refsource" : "MISC", },
"url" : "https://www.youtube.com/watch?v=8BrQCUOgQL0" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "99308", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/99308" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99308",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99308"
},
{
"name": "https://pastebin.com/4Ngstncy",
"refsource": "MISC",
"url": "https://pastebin.com/4Ngstncy"
},
{
"name": "https://www.youtube.com/watch?v=8BrQCUOgQL0",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=8BrQCUOgQL0"
}
]
}
}

140
2018/0xxx/CVE-2018-0326.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0326", "ID": "CVE-2018-0326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco TelePresence Server", "product_name": "Cisco TelePresence Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco TelePresence Server" "version_value": "Cisco TelePresence Server"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-693"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs" "lang": "eng",
}, "value": "A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565."
{ }
"name" : "104204", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104204" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040930", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040930" "lang": "eng",
} "value": "CWE-693"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104204"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs"
},
{
"name": "1040930",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040930"
}
]
}
}

140
2018/0xxx/CVE-2018-0338.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0338", "ID": "CVE-2018-0338",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Unified Computing System unknown", "product_name": "Cisco Unified Computing System unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Unified Computing System unknown" "version_value": "Cisco Unified Computing System unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access" "lang": "eng",
}, "value": "A vulnerability in the role-based access-checking mechanisms of Cisco Unified Computing System (UCS) Software could allow an authenticated, local attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software lacks proper input and validation checks for certain file systems. An attacker could exploit this vulnerability by issuing crafted commands in the CLI of an affected system. A successful exploit could allow the attacker to cause other users to execute unwanted arbitrary commands on the affected system. Cisco Bug IDs: CSCvf52994."
{ }
"name" : "104456", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041071", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041071" "lang": "eng",
} "value": "CWE-20"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041071",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041071"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucs-access"
},
{
"name": "104456",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104456"
}
]
}
}

130
2018/0xxx/CVE-2018-0518.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0518", "ID": "CVE-2018-0518",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "LINE for iOS", "product_name": "LINE for iOS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 7.1.3 to 7.1.5" "version_value": "version 7.1.3 to 7.1.5"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "LINE Corporation" "vendor_name": "LINE Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://linecorp.com/en/security/article/136", "description_data": [
"refsource" : "MISC", {
"url" : "https://linecorp.com/en/security/article/136" "lang": "eng",
}, "value": "LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
{ }
"name" : "JVN#75453852", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN75453852/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://linecorp.com/en/security/article/136",
"refsource": "MISC",
"url": "https://linecorp.com/en/security/article/136"
},
{
"name": "JVN#75453852",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN75453852/index.html"
}
]
}
}

140
2018/0xxx/CVE-2018-0681.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0681", "ID": "CVE-2018-0681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)", "product_name": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier" "version_value": "Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NEOJAPAN Inc." "vendor_name": "NEOJAPAN Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Hard-coded Credentials"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.denbun.com/en/imap/support/security/181003.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.denbun.com/en/imap/support/security/181003.html" "lang": "eng",
}, "value": "Denbun by NEOJAPAN Inc. (Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier) uses hard-coded credentials, which may allow remote attackers to login to the Management page and change the configuration."
{ }
"name" : "https://www.denbun.com/en/pop/support/security/181003.html", ]
"refsource" : "MISC", },
"url" : "https://www.denbun.com/en/pop/support/security/181003.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVN#00344155", "description": [
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN00344155/index.html" "lang": "eng",
} "value": "Use of Hard-coded Credentials"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://www.denbun.com/en/pop/support/security/181003.html",
"refsource": "MISC",
"url": "https://www.denbun.com/en/pop/support/security/181003.html"
},
{
"name": "JVN#00344155",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN00344155/index.html"
},
{
"name": "https://www.denbun.com/en/imap/support/security/181003.html",
"refsource": "MISC",
"url": "https://www.denbun.com/en/imap/support/security/181003.html"
}
]
}
}

37
2018/1000xxx/CVE-2018-1000166.json
View File

@ -1,21 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"DATE_ASSIGNED" : "2018-04-06T14:09:26.587732", "data_version": "4.0",
"DATE_REQUESTED" : "2018-04-04T22:05:38", "CVE_data_meta": {
"ID" : "CVE-2018-1000166", "ID": "CVE-2018-1000166",
"REQUESTER" : "sfowler@redhat.com", "ASSIGNER": "cve@mitre.org",
"STATE" : "REJECT" "STATE": "REJECT"
}, },
"data_format" : "MITRE", "description": {
"data_type" : "CVE", "description_data": [
"data_version" : "4.0", {
"description" : { "lang": "eng",
"description_data" : [ "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3848 and CVE-2018-3849. Reason: This candidate is a reservation duplicate of CVE-2018-3848 and CVE-2018-3849. Notes: All CVE users should reference CVE-2018-3848 and CVE-2018-3849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
{ }
"lang" : "eng", ]
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3848 and CVE-2018-3849. Reason: This candidate is a reservation duplicate of CVE-2018-3848 and CVE-2018-3849. Notes: All CVE users should reference CVE-2018-3848 and CVE-2018-3849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." }
} }
]
}
}

136
2018/1000xxx/CVE-2018-1000838.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-11-27T13:54:33.474656", "DATE_ASSIGNED": "2018-11-27T13:54:33.474656",
"DATE_REQUESTED" : "2018-10-28T04:32:50", "DATE_REQUESTED": "2018-10-28T04:32:50",
"ID" : "CVE-2018-1000838", "ID": "CVE-2018-1000838",
"REQUESTER" : "sajeeb@0dd.zone", "REQUESTER": "sajeeb@0dd.zone",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "autopsy", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<= 4.9.0" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "autopsy" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML External Entity (XXE)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://0dd.zone/2018/10/28/autopsy-XXE/", "description_data": [
"refsource" : "MISC", {
"url" : "https://0dd.zone/2018/10/28/autopsy-XXE/" "lang": "eng",
}, "value": "autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted CaseMetadata."
{ }
"name" : "https://github.com/sleuthkit/autopsy/issues/4236", ]
"refsource" : "MISC", },
"url" : "https://github.com/sleuthkit/autopsy/issues/4236" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sleuthkit/autopsy/issues/4236",
"refsource": "MISC",
"url": "https://github.com/sleuthkit/autopsy/issues/4236"
},
{
"name": "https://0dd.zone/2018/10/28/autopsy-XXE/",
"refsource": "MISC",
"url": "https://0dd.zone/2018/10/28/autopsy-XXE/"
}
]
}
}

34
2018/16xxx/CVE-2018-16114.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16114", "ID": "CVE-2018-16114",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/16xxx/CVE-2018-16322.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16322", "ID": "CVE-2018-16322",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

78
2018/18xxx/CVE-2018-18849.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": { "CVE_data_meta": {
"ASSIGNER": "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18849", "ID": "CVE-2018-18849",
"STATE": "RESERVED" "STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
}, },
"data_format": "MITRE", "data_format": "MITRE",
"data_type": "CVE", "data_type": "CVE",
@ -11,7 +34,58 @@
"description_data": [ "description_data": [
{ {
"lang": "eng", "lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "UBUNTU",
"name": "USN-3826-1",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2018-87f2ace20d",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LQIBTGNRDQEXGAAYHE4JIWFAYFNHZ6QP/"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:4111",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00028.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:4147",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00043.html"
},
{
"refsource": "SUSE",
"name": "openSUSE-SU-2018:4004",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00004.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2018/11/01/1",
"refsource": "MISC",
"name": "http://www.openwall.com/lists/oss-security/2018/11/01/1"
},
{
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html",
"refsource": "MISC",
"name": "https://lists.gnu.org/archive/html/qemu-devel/2018-10/msg06401.html"
} }
] ]
} }

34
2018/19xxx/CVE-2018-19258.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-19258", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-19258",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

130
2018/19xxx/CVE-2018-19918.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19918", "ID": "CVE-2018-19918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf" "lang": "eng",
}, "value": "CuppaCMS has XSS via an SVG document uploaded to the administrator/#/component/table_manager/view/cu_views URI."
{ }
"name" : "https://github.com/CuppaCMS/CuppaCMS/issues/3", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/CuppaCMS/CuppaCMS/issues/3" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf",
"refsource": "MISC",
"url": "https://github.com/security-breachlock/CVE-2018-19918/blob/master/cuppa_svg.pdf"
},
{
"name": "https://github.com/CuppaCMS/CuppaCMS/issues/3",
"refsource": "CONFIRM",
"url": "https://github.com/CuppaCMS/CuppaCMS/issues/3"
}
]
}
}

162
2018/1xxx/CVE-2018-1101.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert@redhat.com", "ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC" : "2018-04-27T00:00:00", "DATE_PUBLIC": "2018-04-27T00:00:00",
"ID" : "CVE-2018-1101", "ID": "CVE-2018-1101",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Ansible Tower", "product_name": "Ansible Tower",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "before 3.2.4" "version_value": "before 3.2.4"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Red Hat, Inc." "vendor_name": "Red Hat, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-266"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://access.redhat.com/security/cve/cve-2018-1101", "description_data": [
"refsource" : "MISC", {
"url" : "https://access.redhat.com/security/cve/cve-2018-1101" "lang": "eng",
}, "value": "Ansible Tower before version 3.2.4 has a flaw in the management of system and organization administrators that allows for privilege escalation. System administrators that are members of organizations can have their passwords reset by organization administrators, allowing organization administrators access to the entire system."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1563492", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1563492" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.ansible.com/security", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.ansible.com/security" "lang": "eng",
}, "value": "CWE-266"
{ }
"name" : "RHSA-2018:1328", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:1328" ]
}, },
{ "references": {
"name" : "RHSA-2018:1972", "reference_data": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1972" "name": "https://www.ansible.com/security",
} "refsource": "CONFIRM",
] "url": "https://www.ansible.com/security"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563492"
},
{
"name": "RHSA-2018:1972",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1972"
},
{
"name": "https://access.redhat.com/security/cve/cve-2018-1101",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2018-1101"
},
{
"name": "RHSA-2018:1328",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1328"
}
]
}
}

34
2018/4xxx/CVE-2018-4178.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4178", "ID": "CVE-2018-4178",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4382.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4382", "ID": "CVE-2018-4382",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4410.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4410", "ID": "CVE-2018-4410",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4960.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4960", "ID": "CVE-2018-4960",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "104175", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104175" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040920", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040920" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
},
{
"name": "104175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104175"
}
]
}
}