admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:12:20 +00:00
parent 6fa0af7229
commit 55a2b6abe5
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3689 additions and 3689 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2004/1xxx/CVE-2004-1045.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1045",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1045",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2004/1xxx/CVE-2004-1101.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#596046",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/596046"
},
{
"name" : "http://www.procheckup.com/security_info/vuln_pr0411.html",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/security_info/vuln_pr0411.html"
},
{
"name" : "11598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11598"
},
{
"name" : "mailpost-slash-xss(17951)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.procheckup.com/security_info/vuln_pr0411.html",
"refsource": "MISC",
"url": "http://www.procheckup.com/security_info/vuln_pr0411.html"
},
{
"name": "11598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11598"
},
{
"name": "VU#596046",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/596046"
},
{
"name": "mailpost-slash-xss(17951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17951"
}
]
}
}

140
2004/1xxx/CVE-2004-1214.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041202 Multiple vulnerabilities in Kreed 1.05",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110201776207915&w=2"
},
{
"name" : "11799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11799"
},
{
"name" : "kreed-message-nickname-format-string(18343)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18343"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041202 Multiple vulnerabilities in Kreed 1.05",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110201776207915&w=2"
},
{
"name": "11799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11799"
},
{
"name": "kreed-message-nickname-format-string(18343)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18343"
}
]
}
}

140
2004/1xxx/CVE-2004-1861.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2004-1861",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040326 NetSupport School Pro: Password Encryption Weaknesses",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=108032304932321&w=2"
},
{
"name" : "9981",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/9981"
},
{
"name" : "netsupportschoolpro-weak-encryption(15621)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9981",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9981"
},
{
"name": "20040326 NetSupport School Pro: Password Encryption Weaknesses",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108032304932321&w=2"
},
{
"name": "netsupportschoolpro-weak-encryption(15621)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15621"
}
]
}
}

140
2008/2xxx/CVE-2008-2395.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-2395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "5652",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5652"
},
{
"name" : "29281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29281"
},
{
"name" : "alkalinephp-thread-sql-injection(42520)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/42520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5652",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5652"
},
{
"name": "alkalinephp-thread-sql-injection(42520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42520"
},
{
"name": "29281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29281"
}
]
}
}

220
2008/3xxx/CVE-2008-3231.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20080713 CVE requests: crashers by zzuf",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=619869"
},
{
"name" : "FEDORA-2008-7512",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name" : "FEDORA-2008-7572",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name" : "MDVSA-2009:020",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name" : "SUSE-SR:2009:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name" : "30699",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30699"
},
{
"name" : "31827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31827"
},
{
"name" : "ADV-2008-2382",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name" : "1020703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020703"
},
{
"name" : "xine-ogg-dos(44040)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xine-lib before 1.1.15 allows remote attackers to cause a denial of service (crash) via a crafted OGG file, as demonstrated by playing lol-ffplay.ogg with xine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xine-ogg-dos(44040)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44040"
},
{
"name": "[oss-security] 20080713 CVE requests: crashers by zzuf",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/13/3"
},
{
"name": "1020703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020703"
},
{
"name": "30699",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30699"
},
{
"name": "31827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31827"
},
{
"name": "FEDORA-2008-7572",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00174.html"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "ADV-2008-2382",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2382"
},
{
"name": "MDVSA-2009:020",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:020"
},
{
"name": "FEDORA-2008-7512",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00385.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=619869",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=619869"
}
]
}
}

34
2008/3xxx/CVE-2008-3540.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3540",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3540",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2008/3xxx/CVE-2008-3569.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20080804 Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/495096/100/0/threaded"
},
{
"name" : "30535",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30535"
},
{
"name" : "4127",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4127"
},
{
"name" : "xampp-text-xss(44214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xampp-text-xss(44214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44214"
},
{
"name": "30535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30535"
},
{
"name": "4127",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4127"
},
{
"name": "20080804 Xampp Linux 1.6.7 Multiple Cross Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495096/100/0/threaded"
}
]
}
}

170
2008/3xxx/CVE-2008-3954.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3954",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6396",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6396"
},
{
"name" : "31048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31048"
},
{
"name" : "ADV-2008-2508",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2508"
},
{
"name" : "1020829",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020829"
},
{
"name" : "4233",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4233"
},
{
"name" : "fpppe-cat-sql-injection(44932)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showcat action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4233",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4233"
},
{
"name": "31048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31048"
},
{
"name": "ADV-2008-2508",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2508"
},
{
"name": "1020829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020829"
},
{
"name": "6396",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6396"
},
{
"name": "fpppe-cat-sql-injection(44932)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44932"
}
]
}
}

160
2008/3xxx/CVE-2008-3984.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3984",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2008-3984",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name" : "ADV-2008-2825",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2825"
},
{
"name" : "1021050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021050"
},
{
"name" : "32291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32291"
},
{
"name" : "oracle-database-workspace-priv-escalation3(45887)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Workspace Manager component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LT and WMSYS.LT, a different vulnerability than CVE-2008-3982 and CVE-2008-3983."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-database-workspace-priv-escalation3(45887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45887"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2008-100299.html"
},
{
"name": "32291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32291"
},
{
"name": "1021050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021050"
},
{
"name": "ADV-2008-2825",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2825"
}
]
}
}

180
2008/4xxx/CVE-2008-4233.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3318",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3318"
},
{
"name" : "APPLE-SA-2008-11-20",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name" : "32394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32394"
},
{
"name" : "ADV-2008-3232",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name" : "50030",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/50030"
},
{
"name" : "1021264",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021264"
},
{
"name" : "32756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32756"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not isolate the call-approval dialog from the process of launching new applications, which allows remote attackers to make arbitrary phone calls via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2008-11-20",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Nov/msg00002.html"
},
{
"name": "ADV-2008-3232",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3232"
},
{
"name": "1021264",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021264"
},
{
"name": "http://support.apple.com/kb/HT3318",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3318"
},
{
"name": "32394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32394"
},
{
"name": "50030",
"refsource": "OSVDB",
"url": "http://osvdb.org/50030"
},
{
"name": "32756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32756"
}
]
}
}

34
2008/4xxx/CVE-2008-4251.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4251",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2008-4251",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none."
}
]
}
}

120
2008/4xxx/CVE-2008-4323.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "6616",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Explorer in Microsoft Windows XP SP3 allows user-assisted attackers to cause a denial of service (application crash) via a crafted .ZIP file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6616",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6616"
}
]
}
}

240
2008/4xxx/CVE-2008-4690.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20081009 lynx lynxcgi handler flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2008/10/09/2"
},
{
"name" : "FEDORA-2008-9550",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html"
},
{
"name" : "FEDORA-2008-9597",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html"
},
{
"name" : "MDVSA-2008:217",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"name" : "MDVSA-2008:218",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:218"
},
{
"name" : "RHSA-2008:0965",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name" : "SUSE-SR:2009:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name" : "oval:org.mitre.oval:def:11204",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204"
},
{
"name" : "1021105",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021105"
},
{
"name" : "32416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32416"
},
{
"name" : "32967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32967"
},
{
"name" : "33568",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33568"
},
{
"name" : "lynx-lynxcgi-code-execution(46228)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46228"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerability in limited deployments that have defined a lynxcgi: handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2008-9597",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00143.html"
},
{
"name": "RHSA-2008:0965",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0965.html"
},
{
"name": "[oss-security] 20081009 lynx lynxcgi handler flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/09/2"
},
{
"name": "32967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32967"
},
{
"name": "MDVSA-2008:218",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:218"
},
{
"name": "SUSE-SR:2009:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html"
},
{
"name": "FEDORA-2008-9550",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00066.html"
},
{
"name": "33568",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33568"
},
{
"name": "lynx-lynxcgi-code-execution(46228)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46228"
},
{
"name": "MDVSA-2008:217",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:217"
},
{
"name": "1021105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021105"
},
{
"name": "32416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32416"
},
{
"name": "oval:org.mitre.oval:def:11204",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11204"
}
]
}
}

300
2008/4xxx/CVE-2008-4824.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to \"input validation errors.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20081122 Adobe Flash Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/498561/100/0/threaded"
},
{
"name" : "http://www.isecpartners.com/advisories/2008-01-flash.txt",
"refsource" : "MISC",
"url" : "http://www.isecpartners.com/advisories/2008-01-flash.txt"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-22.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-22.html"
},
{
"name" : "http://support.apple.com/kb/HT3338",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3338"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource" : "CONFIRM",
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
},
{
"name" : "APPLE-SA-2008-12-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name" : "GLSA-200903-23",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name" : "RHSA-2008:0980",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name" : "248586",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name" : "TA08-350A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name" : "49958",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/49958"
},
{
"name" : "34226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34226"
},
{
"name" : "32772",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32772"
},
{
"name" : "ADV-2008-3189",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3189"
},
{
"name" : "ADV-2008-3444",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name" : "32702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32702"
},
{
"name" : "33179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33179"
},
{
"name" : "33390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33390"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before 10.0.12.36 and 9.x before 9.0.151.0 allow remote attackers to execute arbitrary code via unknown vectors related to \"input validation errors.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
"refsource": "CONFIRM",
"url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
},
{
"name": "20081122 Adobe Flash Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498561/100/0/threaded"
},
{
"name": "33390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33390"
},
{
"name": "http://www.isecpartners.com/advisories/2008-01-flash.txt",
"refsource": "MISC",
"url": "http://www.isecpartners.com/advisories/2008-01-flash.txt"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
},
{
"name": "ADV-2008-3444",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3444"
},
{
"name": "32702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32702"
},
{
"name": "ADV-2008-3189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3189"
},
{
"name": "TA08-350A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
},
{
"name": "33179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33179"
},
{
"name": "34226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34226"
},
{
"name": "GLSA-200903-23",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
},
{
"name": "http://support.apple.com/kb/HT3338",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3338"
},
{
"name": "49958",
"refsource": "OSVDB",
"url": "http://osvdb.org/49958"
},
{
"name": "RHSA-2008:0980",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
},
{
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "32772",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32772"
},
{
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb08-22.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb08-22.html"
}
]
}
}

160
2008/6xxx/CVE-2008-6492.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7354",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7354"
},
{
"name" : "32661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32661"
},
{
"name" : "51305",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51305"
},
{
"name" : "33007",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33007"
},
{
"name" : "countdowncreator-process-file-upload(47129)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via a direct request to the file in pics/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33007"
},
{
"name": "51305",
"refsource": "OSVDB",
"url": "http://osvdb.org/51305"
},
{
"name": "countdowncreator-process-file-upload(47129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47129"
},
{
"name": "32661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32661"
},
{
"name": "7354",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7354"
}
]
}
}

130
2008/6xxx/CVE-2008-6516.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-6516",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "30566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30566"
},
{
"name" : "phpkfportal-baslik-file-include(44263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) tema_dizin parameter to baslik.php and (2) portal_ayarlarportal_dili parameter to anket_yonetim.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpkfportal-baslik-file-include(44263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44263"
},
{
"name": "30566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30566"
}
]
}
}

140
2008/7xxx/CVE-2008-7232.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aluigi.altervista.org/adv/xtacacsdz-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/xtacacsdz-adv.txt"
},
{
"name" : "http://aluigi.org/poc/xtacacsdz.zip",
"refsource" : "MISC",
"url" : "http://aluigi.org/poc/xtacacsdz.zip"
},
{
"name" : "xtacacasd-report-bo(39551)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39551"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.org/poc/xtacacsdz.zip",
"refsource": "MISC",
"url": "http://aluigi.org/poc/xtacacsdz.zip"
},
{
"name": "http://aluigi.altervista.org/adv/xtacacsdz-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/xtacacsdz-adv.txt"
},
{
"name": "xtacacasd-report-bo(39551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39551"
}
]
}
}

34
2013/2xxx/CVE-2013-2660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2013/2xxx/CVE-2013-2686.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource" : "MISC",
"url" : "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name" : "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource" : "CONFIRM",
"url" : "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
},
{
"name" : "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource" : "CONFIRM",
"url" : "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main/http.c in the HTTP server in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones does not properly restrict Content-Length values, which allows remote attackers to conduct stack-consumption attacks and cause a denial of service (daemon crash) via a crafted HTTP POST request. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-5976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.asterisk.org/jira/browse/ASTERISK-20967",
"refsource": "CONFIRM",
"url": "https://issues.asterisk.org/jira/browse/ASTERISK-20967"
},
{
"name": "http://telussecuritylabs.com/threats/show/TSL20130327-01",
"refsource": "MISC",
"url": "http://telussecuritylabs.com/threats/show/TSL20130327-01"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2013-002.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2013-002.html"
}
]
}
}

120
2013/2xxx/CVE-2013-2801.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2013-2801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-225-02",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/advisories/ICSA-13-225-02"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packets that trigger an invalid read operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/advisories/ICSA-13-225-02",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/advisories/ICSA-13-225-02"
}
]
}
}

170
2013/6xxx/CVE-2013-6237.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20131203 [CVE-2013-6237] ISL Light - Desktop 3.5.4, Clipboard security issue",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2013/Dec/14"
},
{
"name" : "http://packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html"
},
{
"name" : "http://www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm",
"refsource" : "CONFIRM",
"url" : "http://www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm"
},
{
"name" : "64050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64050"
},
{
"name" : "100512",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/100512"
},
{
"name" : "isllight-cve20136237-info-disc(89399)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89399"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124274/ISL-Light-Desktop-3.5.4-Information-Disclosure.html"
},
{
"name": "isllight-cve20136237-info-disc(89399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89399"
},
{
"name": "20131203 [CVE-2013-6237] ISL Light - Desktop 3.5.4, Clipboard security issue",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2013/Dec/14"
},
{
"name": "64050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64050"
},
{
"name": "100512",
"refsource": "OSVDB",
"url": "http://osvdb.org/100512"
},
{
"name": "http://www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm",
"refsource": "CONFIRM",
"url": "http://www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm"
}
]
}
}

150
2013/6xxx/CVE-2013-6394.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6394",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6394",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20131126 Re: CVE Request: static IV used in Percona XtraBackup",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/11/26/11"
},
{
"name" : "http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html",
"refsource" : "CONFIRM",
"url" : "http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html"
},
{
"name" : "openSUSE-SU-2013:1864",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html"
},
{
"name" : "openSUSE-SU-2014:0245",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:1864",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-12/msg00052.html"
},
{
"name": "http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html",
"refsource": "CONFIRM",
"url": "http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html"
},
{
"name": "openSUSE-SU-2014:0245",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00044.html"
},
{
"name": "[oss-security] 20131126 Re: CVE Request: static IV used in Percona XtraBackup",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/11/26/11"
}
]
}
}

160
2013/6xxx/CVE-2013-6467.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt",
"refsource" : "CONFIRM",
"url" : "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt"
},
{
"name" : "64987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64987"
},
{
"name" : "102172",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/102172"
},
{
"name" : "56420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56420"
},
{
"name" : "libreswan-cve20136467-dos(90522)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/90522"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Libreswan 3.7 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt",
"refsource": "CONFIRM",
"url": "https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt"
},
{
"name": "libreswan-cve20136467-dos(90522)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90522"
},
{
"name": "102172",
"refsource": "OSVDB",
"url": "http://osvdb.org/102172"
},
{
"name": "64987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64987"
},
{
"name": "56420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56420"
}
]
}
}

120
2017/11xxx/CVE-2017-11404.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-11404",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html",
"refsource" : "MISC",
"url" : "http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html",
"refsource": "MISC",
"url": "http://www.yuesec.com/img/cccccve/CMSMadeSimple/upl0advul123/images/upload_vulnerability_yuesec.html"
}
]
}
}

150
2017/14xxx/CVE-2017-14170.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14170",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large \"nb_index_entries\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14170",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html"
},
{
"name" : "https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2",
"refsource" : "CONFIRM",
"url" : "https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2"
},
{
"name" : "DSA-3996",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3996"
},
{
"name" : "100700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. When a crafted MXF file, which claims a large \"nb_index_entries\" field in the header but does not contain sufficient backing data, is provided, the loop would consume huge CPU resources, since there is no EOF check inside the loop. Moreover, this big loop can be invoked multiple times if there is more than one applicable data segment in the crafted MXF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2",
"refsource": "CONFIRM",
"url": "https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2"
},
{
"name": "100700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100700"
},
{
"name": "[debian-lts-announce] 20190107 [SECURITY] [DLA 1630-1] libav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00006.html"
},
{
"name": "DSA-3996",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3996"
}
]
}
}

170
2017/14xxx/CVE-2017-14226.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.documentfoundation.org/show_bug.cgi?id=112269",
"refsource" : "MISC",
"url" : "https://bugs.documentfoundation.org/show_bug.cgi?id=112269"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489337",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1489337"
},
{
"name" : "https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9",
"refsource" : "MISC",
"url" : "https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9"
},
{
"name" : "https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/"
},
{
"name" : "https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/"
},
{
"name" : "https://sourceforge.net/p/libwpd/tickets/14/",
"refsource" : "MISC",
"url" : "https://sourceforge.net/p/libwpd/tickets/14/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1489337",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489337"
},
{
"name": "https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/"
},
{
"name": "https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/"
},
{
"name": "https://bugs.documentfoundation.org/show_bug.cgi?id=112269",
"refsource": "MISC",
"url": "https://bugs.documentfoundation.org/show_bug.cgi?id=112269"
},
{
"name": "https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9",
"refsource": "MISC",
"url": "https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9"
},
{
"name": "https://sourceforge.net/p/libwpd/tickets/14/",
"refsource": "MISC",
"url": "https://sourceforge.net/p/libwpd/tickets/14/"
}
]
}
}

140
2017/14xxx/CVE-2017-14766.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://limbenjamin.com/articles/simple-student-result-auth-bypass.html",
"refsource" : "MISC",
"url" : "https://limbenjamin.com/articles/simple-student-result-auth-bypass.html"
},
{
"name" : "https://wordpress.org/plugins/simple-student-result/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/simple-student-result/#developers"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8920",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8920",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8920"
},
{
"name": "https://limbenjamin.com/articles/simple-student-result-auth-bypass.html",
"refsource": "MISC",
"url": "https://limbenjamin.com/articles/simple-student-result-auth-bypass.html"
},
{
"name": "https://wordpress.org/plugins/simple-student-result/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/simple-student-result/#developers"
}
]
}
}

244
2017/15xxx/CVE-2017-15319.json
View File

@ -1,124 +1,124 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2017-11-01T00:00:00",
"ID" : "CVE-2017-15319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "RP200",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
},
{
"product_name" : "TE30",
"version" : {
"version_data" : [
{
"version_value" : "V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
},
{
"product_name" : "TE40",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
},
{
"product_name" : "TE50",
"version" : {
"version_data" : [
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
},
{
"product_name" : "TE60",
"version" : {
"version_data" : [
{
"version_value" : "V100R001C10"
},
{
"version_value" : "V500R002C00"
},
{
"version_value" : "V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "out-of-bounds read"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-01T00:00:00",
"ID": "CVE-2017-15319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RP200",
"version": {
"version_data": [
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
}
]
}
},
{
"product_name": "TE30",
"version": {
"version_data": [
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
}
]
}
},
{
"product_name": "TE40",
"version": {
"version_data": [
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
}
]
}
},
{
"product_name": "TE50",
"version": {
"version_data": [
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
}
]
}
},
{
"product_name": "TE60",
"version": {
"version_data": [
{
"version_value": "V100R001C10"
},
{
"version_value": "V500R002C00"
},
{
"version_value": "V600R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171101-01-sccpx-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171101-01-sccpx-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "out-of-bounds read"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171101-01-sccpx-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171101-01-sccpx-en"
}
]
}
}

120
2017/15xxx/CVE-2017-15355.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2017-15355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DP300,RP200,TE30,TE40,TE50,TE60,TX50",
"version" : {
"version_data" : [
{
"version_value" : "DP300 ,V500R002C00 ,RP200 ,V600R006C00 ,TE30 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TE40 ,V500R002C00 ,V600R006C00 ,TE50 ,V500R002C00 ,V600R006C00 ,TE60 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TX50 ,V500R002C00 ,V600R006C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-15355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DP300,RP200,TE30,TE40,TE50,TE60,TX50",
"version": {
"version_data": [
{
"version_value": "DP300 ,V500R002C00 ,RP200 ,V600R006C00 ,TE30 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TE40 ,V500R002C00 ,V600R006C00 ,TE50 ,V500R002C00 ,V600R006C00 ,TE60 ,V100R001C10 ,V500R002C00 ,V600R006C00 ,TX50 ,V500R002C00 ,V600R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, V500R002C00,V600R006C00, TE40, V500R002C00, V600R006C00, TE50, V500R002C00,V600R006C00, TE60, V100R001C10, V500R002C00, V600R006C00, TX50,V500R002C00, V600R006C00 have a buffer overflow vulnerability. An attacker may send specially crafted HTTP messages to the affected products. Due insufficient input validation of three different parameters in the messages, successful exploit may cause some service abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-02-http-en"
}
]
}
}

34
2017/9xxx/CVE-2017-9028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/9xxx/CVE-2017-9426.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42094",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42094/"
},
{
"name" : "http://touhidshaikh.com/blog/poc/facetag-extension-piwigo-sqli/",
"refsource" : "MISC",
"url" : "http://touhidshaikh.com/blog/poc/facetag-extension-piwigo-sqli/"
},
{
"name" : "https://www.youtube.com/watch?v=MVCe_zYtFsQ",
"refsource" : "MISC",
"url" : "https://www.youtube.com/watch?v=MVCe_zYtFsQ"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.youtube.com/watch?v=MVCe_zYtFsQ",
"refsource": "MISC",
"url": "https://www.youtube.com/watch?v=MVCe_zYtFsQ"
},
{
"name": "42094",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42094/"
},
{
"name": "http://touhidshaikh.com/blog/poc/facetag-extension-piwigo-sqli/",
"refsource": "MISC",
"url": "http://touhidshaikh.com/blog/poc/facetag-extension-piwigo-sqli/"
}
]
}
}

120
2017/9xxx/CVE-2017-9529.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9529",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9529",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529",
"refsource" : "MISC",
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"User Mode Write AV starting at Xfpx+0x0000000000004efd.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9529"
}
]
}
}

838
2018/0xxx/CVE-2018-0049.json
View File

@ -1,422 +1,422 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"DATE_PUBLIC" : "2018-10-10T16:00:00.000Z",
"ID" : "CVE-2018-0049",
"STATE" : "PUBLIC",
"TITLE" : "Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash."
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"DATE_PUBLIC": "2018-10-10T16:00:00.000Z",
"ID": "CVE-2018-0049",
"STATE": "PUBLIC",
"TITLE": "Junos OS: Receipt of a specifically crafted malicious MPLS packet leads to a Junos kernel crash."
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Junos OS",
"version": {
"version_data": [
{
"affected": ">=",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "12.1X46",
"version_value": "12.1X46-D76"
},
{
"affected": "<",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "12.1X46",
"version_value": "12.1X46-D81"
},
{
"affected": "=",
"version_name": "12.3",
"version_value": "12.3R12-S10"
},
{
"affected": ">=",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "12.3X48",
"version_value": "12.3X48-D66"
},
{
"affected": "<",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "12.3X48",
"version_value": "12.3X48-D75"
},
{
"affected": "=",
"platform": "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name": "14.1X53",
"version_value": "14.1X53-D47"
},
{
"affected": ">=",
"platform": "QFabric System",
"version_name": "14.1X53",
"version_value": "14.1X53-D115"
},
{
"affected": "<",
"platform": "QFabric System",
"version_name": "14.1X53",
"version_value": "14.1X53-D130"
},
{
"affected": ">=",
"version_name": "15.1",
"version_value": "15.1F6-S10"
},
{
"affected": "=",
"version_name": "15.1",
"version_value": "15.1R4-S9"
},
{
"affected": "=",
"version_name": "15.1",
"version_value": "15.1R6-S6"
},
{
"affected": ">=",
"version_name": "15.1",
"version_value": "15.1R7"
},
{
"affected": "<",
"version_name": "15.1",
"version_value": "15.1R7-S2"
},
{
"affected": ">=",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "15.1X49",
"version_value": "15.1X49-D131"
},
{
"affected": "<",
"platform": "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "15.1X49",
"version_value": "15.1X49-D150"
},
{
"affected": ">",
"platform": "QFX5200/QFX5110",
"version_name": "15.1X53",
"version_value": "15.1X53-D233"
},
{
"affected": "<",
"platform": "QFX5200/QFX5110",
"version_name": "15.1X53",
"version_value": "15.1X53-D235"
},
{
"affected": "<=",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D471"
},
{
"affected": "<",
"platform": "NFX150, NFX250",
"version_name": "15.1X53",
"version_value": "15.1X53-D590"
},
{
"affected": "=",
"platform": "QFX10000 Series",
"version_name": "15.1X53",
"version_value": "15.1X53-D67"
},
{
"affected": "=",
"platform": "EX2300/EX3400",
"version_name": "15.1X53",
"version_value": "15.1X53-D59"
},
{
"affected": ">=",
"version_name": "16.1",
"version_value": "16.1R3-S8"
},
{
"affected": ">=",
"version_name": "16.1",
"version_value": "16.1R4-S9"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R4-S12"
},
{
"affected": ">=",
"version_name": "16.1",
"version_value": "16.1R5-S4"
},
{
"affected": ">=",
"version_name": "16.1",
"version_value": "16.1R6-S3"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R6-S6"
},
{
"affected": ">=",
"version_name": "16.1",
"version_value": "16.1R7"
},
{
"affected": "<",
"version_name": "16.1",
"version_value": "16.1R7-S2"
},
{
"affected": ">=",
"version_name": "16.2",
"version_value": "16.2R1-S6"
},
{
"affected": ">=",
"version_name": "16.2",
"version_value": "16.2R2-S5"
},
{
"affected": "<",
"version_name": "16.2",
"version_value": "16.2R2-S7"
},
{
"affected": "=",
"version_name": "17.1",
"version_value": "17.1R1-S7"
},
{
"affected": ">=",
"version_name": "17.1",
"version_value": "17.1R2-S7"
},
{
"affected": "<",
"version_name": "17.1",
"version_value": "17.1R2-S9"
},
{
"affected": "=",
"version_name": "17.2",
"version_value": "17.2R1-S6"
},
{
"affected": ">=",
"version_name": "17.2",
"version_value": "17.2R2-S4"
},
{
"affected": "<",
"version_name": "17.2",
"version_value": "17.2R2-S6"
},
{
"affected": ">=",
"version_name": "17.2X75",
"version_value": "17.2X75-D100"
},
{
"affected": "<",
"version_name": "17.2X75",
"version_value": "17.2X75-D101, 17.2X75-D110"
},
{
"affected": ">=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.3",
"version_value": "17.3R1-S4"
},
{
"affected": ">=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.3",
"version_value": "17.3R2-S2"
},
{
"affected": "<",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.3",
"version_value": "17.3R2-S4"
},
{
"affected": "=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.3",
"version_value": "17.3R3"
},
{
"affected": ">=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.4",
"version_value": "17.4R1-S3"
},
{
"affected": "<",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.4",
"version_value": "17.4R1-S5"
},
{
"affected": "=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "17.4",
"version_value": "17.4R2"
},
{
"affected": ">=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "18.1",
"version_value": "18.1R2"
},
{
"affected": "<",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "18.1",
"version_value": "18.1R2-S3, 18.1R3"
},
{
"affected": ">=",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "18.2",
"version_value": "18.2R1"
},
{
"affected": "<",
"platform": "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name": "18.2",
"version_value": "18.2R1-S2, 18.2R1-S3, 18.2R2"
},
{
"affected": ">=",
"version_name": "18.2X75",
"version_value": "18.2X75-D5"
},
{
"affected": "<",
"version_name": "18.2X75",
"version_value": "18.2X75-D20"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
},
"configuration": [
{
"lang": "eng",
"value": "The following minimal protocols configuration is required:\n\n [protocols mpls interface]"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Junos OS",
"version" : {
"version_data" : [
{
"affected" : ">=",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D76"
},
{
"affected" : "<",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "12.1X46",
"version_value" : "12.1X46-D81"
},
{
"affected" : "=",
"version_name" : "12.3",
"version_value" : "12.3R12-S10"
},
{
"affected" : ">=",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D66"
},
{
"affected" : "<",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "12.3X48",
"version_value" : "12.3X48-D75"
},
{
"affected" : "=",
"platform" : "EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D47"
},
{
"affected" : ">=",
"platform" : "QFabric System",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D115"
},
{
"affected" : "<",
"platform" : "QFabric System",
"version_name" : "14.1X53",
"version_value" : "14.1X53-D130"
},
{
"affected" : ">=",
"version_name" : "15.1",
"version_value" : "15.1F6-S10"
},
{
"affected" : "=",
"version_name" : "15.1",
"version_value" : "15.1R4-S9"
},
{
"affected" : "=",
"version_name" : "15.1",
"version_value" : "15.1R6-S6"
},
{
"affected" : ">=",
"version_name" : "15.1",
"version_value" : "15.1R7"
},
{
"affected" : "<",
"version_name" : "15.1",
"version_value" : "15.1R7-S2"
},
{
"affected" : ">=",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D131"
},
{
"affected" : "<",
"platform" : "SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "15.1X49",
"version_value" : "15.1X49-D150"
},
{
"affected" : ">",
"platform" : "QFX5200/QFX5110",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D233"
},
{
"affected" : "<",
"platform" : "QFX5200/QFX5110",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D235"
},
{
"affected" : "<=",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D471"
},
{
"affected" : "<",
"platform" : "NFX150, NFX250",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D590"
},
{
"affected" : "=",
"platform" : "QFX10000 Series",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D67"
},
{
"affected" : "=",
"platform" : "EX2300/EX3400",
"version_name" : "15.1X53",
"version_value" : "15.1X53-D59"
},
{
"affected" : ">=",
"version_name" : "16.1",
"version_value" : "16.1R3-S8"
},
{
"affected" : ">=",
"version_name" : "16.1",
"version_value" : "16.1R4-S9"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R4-S12"
},
{
"affected" : ">=",
"version_name" : "16.1",
"version_value" : "16.1R5-S4"
},
{
"affected" : ">=",
"version_name" : "16.1",
"version_value" : "16.1R6-S3"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R6-S6"
},
{
"affected" : ">=",
"version_name" : "16.1",
"version_value" : "16.1R7"
},
{
"affected" : "<",
"version_name" : "16.1",
"version_value" : "16.1R7-S2"
},
{
"affected" : ">=",
"version_name" : "16.2",
"version_value" : "16.2R1-S6"
},
{
"affected" : ">=",
"version_name" : "16.2",
"version_value" : "16.2R2-S5"
},
{
"affected" : "<",
"version_name" : "16.2",
"version_value" : "16.2R2-S7"
},
{
"affected" : "=",
"version_name" : "17.1",
"version_value" : "17.1R1-S7"
},
{
"affected" : ">=",
"version_name" : "17.1",
"version_value" : "17.1R2-S7"
},
{
"affected" : "<",
"version_name" : "17.1",
"version_value" : "17.1R2-S9"
},
{
"affected" : "=",
"version_name" : "17.2",
"version_value" : "17.2R1-S6"
},
{
"affected" : ">=",
"version_name" : "17.2",
"version_value" : "17.2R2-S4"
},
{
"affected" : "<",
"version_name" : "17.2",
"version_value" : "17.2R2-S6"
},
{
"affected" : ">=",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D100"
},
{
"affected" : "<",
"version_name" : "17.2X75",
"version_value" : "17.2X75-D101, 17.2X75-D110"
},
{
"affected" : ">=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.3",
"version_value" : "17.3R1-S4"
},
{
"affected" : ">=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.3",
"version_value" : "17.3R2-S2"
},
{
"affected" : "<",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.3",
"version_value" : "17.3R2-S4"
},
{
"affected" : "=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.3",
"version_value" : "17.3R3"
},
{
"affected" : ">=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.4",
"version_value" : "17.4R1-S3"
},
{
"affected" : "<",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.4",
"version_value" : "17.4R1-S5"
},
{
"affected" : "=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "17.4",
"version_value" : "17.4R2"
},
{
"affected" : ">=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "18.1",
"version_value" : "18.1R2"
},
{
"affected" : "<",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "18.1",
"version_value" : "18.1R2-S3, 18.1R3"
},
{
"affected" : ">=",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "18.2",
"version_value" : "18.2R1"
},
{
"affected" : "<",
"platform" : "All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX",
"version_name" : "18.2",
"version_value" : "18.2R1-S2, 18.2R1-S3, 18.2R2"
},
{
"affected" : ">=",
"version_name" : "18.2X75",
"version_value" : "18.2X75-D5"
},
{
"affected" : "<",
"version_name" : "18.2X75",
"version_value" : "18.2X75-D20"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
"lang": "eng",
"value": "A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20."
}
]
}
},
"configuration" : [
{
"lang" : "eng",
"value" : "The following minimal protocols configuration is required:\n\n [protocols mpls interface]"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to cause the Junos OS kernel to crash. Continued receipt of this specifically crafted malicious MPLS packet will cause a sustained Denial of Service condition. This issue require it to be received on an interface configured to receive this type of traffic. Affected releases are Juniper Networks Junos OS: 12.1X46 versions above and including 12.1X46-D76 prior to 12.1X46-D81 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 12.3R12-S10; 12.3X48 versions above and including 12.3X48-D66 prior to 12.3X48-D75 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 14.1X53-D47 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions above and including 14.1X53-D115 prior to 14.1X53-D130 on QFabric System; 15.1 versions above and including 15.1F6-S10; 15.1R4-S9; 15.1R6-S6; 15.1 versions above and including 15.1R7 prior to 15.1R7-S2; 15.1X49 versions above and including 15.1X49-D131 prior to 15.1X49-D150 on SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 15.1X53 versions above 15.1X53-D233 prior to 15.1X53-D235 on QFX5200/QFX5110; 15.1X53 versions up to and including 15.1X53-D471 prior to 15.1X53-D590 on NFX150, NFX250; 15.1X53-D67 on QFX10000 Series; 15.1X53-D59 on EX2300/EX3400; 16.1 versions above and including 16.1R3-S8; 16.1 versions above and including 16.1R4-S9 prior to 16.1R4-S12; 16.1 versions above and including 16.1R5-S4; 16.1 versions above and including 16.1R6-S3 prior to 16.1R6-S6; 16.1 versions above and including 16.1R7 prior to 16.1R7-S2; 16.2 versions above and including 16.2R1-S6; 16.2 versions above and including 16.2R2-S5 prior to 16.2R2-S7; 17.1R1-S7; 17.1 versions above and including 17.1R2-S7 prior to 17.1R2-S9; 17.2R1-S6; 17.2 versions above and including 17.2R2-S4 prior to 17.2R2-S6; 17.2X75 versions above and including 17.2X75-D100 prior to X17.2X75-D101, 17.2X75-D110; 17.3 versions above and including 17.3R1-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3 versions above and including 17.3R2-S2 prior to 17.3R2-S4 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.3R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4 versions above and including 17.4R1-S3 prior to 17.4R1-S5 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 17.4R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.1 versions above and including 18.1R2 prior to 18.1R2-S3, 18.1R3 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2 versions above and including 18.2R1 prior to 18.2R1-S2, 18.2R1-S3, 18.2R2 on All non-SRX Series and SRX100, SRX110, SRX210, SRX220, SRX240m, SRX550m SRX650, SRX300, SRX320, SRX340, SRX345, SRX1500, SRX4100, SRX4200, SRX4600 and vSRX; 18.2X75 versions above and including 18.2X75-D5 prior to 18.2X75-D20."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Juniper SIRT is aware of possible malicious network probing which may have triggered this issue, but not aware of any malicious exploitation of this vulnerability.\n"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.5,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "NULL Pointer Dereference"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/KB30092",
"refsource" : "MISC",
"url" : "https://kb.juniper.net/KB30092"
},
{
"name" : "https://kb.juniper.net/JSA10883",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10883"
},
{
"name" : "105701",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105701"
},
{
"name" : "1041850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041850"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "The following software releases have been updated to resolve this specific issue: 12.1X46-D81, 12.3R12-S11, 12.3X48-D75, 14.1X53-D130, 14.1X53-D48, 15.1R7-S2, 15.1X49-D150, 5.1X53-D235, 15.1X53-D495, 15.1X53-D68, 15.1X53-D590, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2, 16.1X65-D48, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.2X75-D101, 17.2X75-D110, 17.3R2-S4, 17.3R3-S1, 17.3R4, 17.4R1-S5, 17.4R2-S1, 17.4R3, 18.1R2-S3, 18.1R3, 18.2R1-S2, 18.2R1-S3, 18.2R2, 18.2X75-D20, 18.3R1, and all subsequent releases.\n\nAdditionally, the following software releases have been re-released to the Juniper download pages to resolve this specific issue:\n12.1X46-D76.1, 12.3X48-D70.4, 14.1X53-D47.6, 15.1F6-S10.11, 15.1R6-S6.2, 15.1R7.9, 15.1X49-D140.3, 15.1X53-D233.2, 15.1X53-D59.4, 15.1X53-D67.6, 16.1R6-S3.2, 16.1R7-S1.2, 16.1R7.8, 17.2X75-D100.6, 17.3R2-S2.2, 17.3R3.10, 17.4R1-S3.4, 18.1R2.6.\n\nNote: The final \".xy\" numeric entry, for example the .4 in 12.3X48-D70.4, on a release in this notice is the respin release number. Customer's should check the respin release number on the version of Junos OS to confirm vulnerability.\n\n\n"
}
],
"source" : {
"advisory" : "JSA10883",
"defect" : [
"1380862"
],
"discovery" : "USER"
},
"work_around" : [
{
"lang" : "eng",
"value" : "Remove MPLS configuration stanza from interfaces at risk.\nThere are no other available workarounds for this issue."
}
]
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Juniper SIRT is aware of possible malicious network probing which may have triggered this issue, but not aware of any malicious exploitation of this vulnerability.\n"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "NULL Pointer Dereference"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105701"
},
{
"name": "https://kb.juniper.net/KB30092",
"refsource": "MISC",
"url": "https://kb.juniper.net/KB30092"
},
{
"name": "1041850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041850"
},
{
"name": "https://kb.juniper.net/JSA10883",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10883"
}
]
},
"solution": [
{
"lang": "eng",
"value": "The following software releases have been updated to resolve this specific issue: 12.1X46-D81, 12.3R12-S11, 12.3X48-D75, 14.1X53-D130, 14.1X53-D48, 15.1R7-S2, 15.1X49-D150, 5.1X53-D235, 15.1X53-D495, 15.1X53-D68, 15.1X53-D590, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2, 16.1X65-D48, 16.2R2-S7, 16.2R3, 17.1R2-S9, 17.1R3, 17.2R1-S7, 17.2R2-S6, 17.2R3, 17.2X75-D101, 17.2X75-D110, 17.3R2-S4, 17.3R3-S1, 17.3R4, 17.4R1-S5, 17.4R2-S1, 17.4R3, 18.1R2-S3, 18.1R3, 18.2R1-S2, 18.2R1-S3, 18.2R2, 18.2X75-D20, 18.3R1, and all subsequent releases.\n\nAdditionally, the following software releases have been re-released to the Juniper download pages to resolve this specific issue:\n12.1X46-D76.1, 12.3X48-D70.4, 14.1X53-D47.6, 15.1F6-S10.11, 15.1R6-S6.2, 15.1R7.9, 15.1X49-D140.3, 15.1X53-D233.2, 15.1X53-D59.4, 15.1X53-D67.6, 16.1R6-S3.2, 16.1R7-S1.2, 16.1R7.8, 17.2X75-D100.6, 17.3R2-S2.2, 17.3R3.10, 17.4R1-S3.4, 18.1R2.6.\n\nNote: The final \".xy\" numeric entry, for example the .4 in 12.3X48-D70.4, on a release in this notice is the respin release number. Customer's should check the respin release number on the version of Junos OS to confirm vulnerability.\n\n\n"
}
],
"source": {
"advisory": "JSA10883",
"defect": [
"1380862"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "eng",
"value": "Remove MPLS configuration stanza from interfaces at risk.\nThere are no other available workarounds for this issue."
}
]
}

130
2018/0xxx/CVE-2018-0599.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "The installer of Visual C++ Redistributable",
"version" : {
"version_data" : [
{
"version_value" : ""
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "The installer of Visual C++ Redistributable",
"version": {
"version_data": [
{
"version_value": ""
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource" : "MISC",
"url" : "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name" : "JVN#81196185",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN81196185/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the installer of Visual C++ Redistributable allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/",
"refsource": "MISC",
"url": "https://blogs.technet.microsoft.com/srd/2018/04/04/triaging-a-dll-planting-vulnerability/"
},
{
"name": "JVN#81196185",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81196185/index.html"
}
]
}
}

140
2018/0xxx/CVE-2018-0650.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "LINE MUSIC for Android",
"version" : {
"version_data" : [
{
"version_value" : "version 3.1.0 to versions prior to 3.6.5"
}
]
}
}
]
},
"vendor_name" : "LINE MUSIC CORPORATION"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to verify SSL certificates"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "LINE MUSIC for Android",
"version": {
"version_data": [
{
"version_value": "version 3.1.0 to versions prior to 3.6.5"
}
]
}
}
]
},
"vendor_name": "LINE MUSIC CORPORATION"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en",
"refsource" : "MISC",
"url" : "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en"
},
{
"name" : "https://linecorp.com/en/security/article/182",
"refsource" : "CONFIRM",
"url" : "https://linecorp.com/en/security/article/182"
},
{
"name" : "JVN#16933564",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN16933564/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to verify SSL certificates"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#16933564",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN16933564/index.html"
},
{
"name": "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en",
"refsource": "MISC",
"url": "https://play.google.com/store/apps/details?id=jp.linecorp.linemusic.android&hl=en"
},
{
"name": "https://linecorp.com/en/security/article/182",
"refsource": "CONFIRM",
"url": "https://linecorp.com/en/security/article/182"
}
]
}
}

144
2018/1000xxx/CVE-2018-1000862.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-12-09T22:34:33.129566",
"ID" : "CVE-2018-1000862",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.153 and earlier, LTS 2.138.3 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-61"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-12-09T22:34:33.129566",
"ID": "CVE-2018-1000862",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904"
},
{
"name" : "RHBA-2019:0024",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2019:0024"
},
{
"name" : "106176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information exposure vulnerability exists in Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in DirectoryBrowserSupport.java that allows attackers with the ability to control build output to browse the file system on agents running builds beyond the duration of the build using the workspace browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-12-05/#SECURITY-904"
},
{
"name": "RHBA-2019:0024",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0024"
},
{
"name": "106176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106176"
}
]
}
}

34
2018/12xxx/CVE-2018-12296.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12296",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12296",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/12xxx/CVE-2018-12423.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/901549",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/901549"
},
{
"name" : "https://github.com/matrix-org/matrix-doc/issues/1304",
"refsource" : "MISC",
"url" : "https://github.com/matrix-org/matrix-doc/issues/1304"
},
{
"name" : "https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/",
"refsource" : "MISC",
"url" : "https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Synapse before 0.31.2, unauthorised users can hijack rooms when there is no m.room.power_levels event in force."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/",
"refsource": "MISC",
"url": "https://matrix.org/blog/2018/06/14/security-update-synapse-0-31-2/"
},
{
"name": "https://github.com/matrix-org/matrix-doc/issues/1304",
"refsource": "MISC",
"url": "https://github.com/matrix-org/matrix-doc/issues/1304"
},
{
"name": "https://bugs.debian.org/901549",
"refsource": "MISC",
"url": "https://bugs.debian.org/901549"
}
]
}
}

130
2018/12xxx/CVE-2018-12943.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-12943",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting (XSS) vulnerability in every page that includes the \"action\" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.contextis.com/resources/advisories/cve-2018-12943",
"refsource" : "MISC",
"url" : "https://www.contextis.com/resources/advisories/cve-2018-12943"
},
{
"name" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-Site Scripting (XSS) vulnerability in every page that includes the \"action\" URL parameter in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.contextis.com/resources/advisories/cve-2018-12943",
"refsource": "MISC",
"url": "https://www.contextis.com/resources/advisories/cve-2018-12943"
},
{
"name": "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG",
"refsource": "CONFIRM",
"url": "https://sourceforge.net/p/seeddms/code/ci/seeddms-5.1.x/tree/CHANGELOG"
}
]
}
}

140
2018/16xxx/CVE-2018-16422.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0",
"refsource" : "MISC",
"url" : "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0"
},
{
"name" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1",
"refsource" : "MISC",
"url" : "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"name" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/",
"refsource" : "MISC",
"url" : "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A single byte buffer overflow when handling responses from an esteid Card in sc_pkcs15emu_esteid_init in libopensc/pkcs15-esteid.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/commit/360e95d45ac4123255a4c796db96337f332160ad#diff-d64c08c80437cf0006ada91e50f20ba0"
},
{
"name": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1",
"refsource": "MISC",
"url": "https://github.com/OpenSC/OpenSC/releases/tag/0.19.0-rc1"
},
{
"name": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/",
"refsource": "MISC",
"url": "https://www.x41-dsec.de/lab/advisories/x41-2018-002-OpenSC/"
}
]
}
}

120
2018/16xxx/CVE-2018-16478.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"ID" : "CVE-2018-16478",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "simplehttpserver",
"version" : {
"version_data" : [
{
"version_value" : "Not Fixed"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2018-16478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "simplehttpserver",
"version": {
"version_data": [
{
"version_value": "Not Fixed"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/403703",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/403703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Path Traversal in simplehttpserver versions <=0.2.1 allows to list any file in another folder of web root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/403703",
"refsource": "MISC",
"url": "https://hackerone.com/reports/403703"
}
]
}
}

140
2018/16xxx/CVE-2018-16601.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource" : "MISC",
"url" : "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
},
{
"name" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource" : "CONFIRM",
"url" : "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Amazon Web Services (AWS) FreeRTOS through 1.3.1, FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), and WITTENSTEIN WHIS Connect middleware TCP/IP component. A crafted IP header triggers a full memory space copy in prvProcessIPPacket, leading to denial of service and possibly remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md",
"refsource": "CONFIRM",
"url": "https://github.com/aws/amazon-freertos/blob/v1.3.2/CHANGELOG.md"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-details/"
},
{
"name": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/",
"refsource": "MISC",
"url": "https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/"
}
]
}
}

120
2018/16xxx/CVE-2018-16977.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16977",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/howchen/howchen/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/howchen/howchen/issues/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monstra CMS V3.0.4 has an information leakage risk (e.g., PATH, DOCUMENT_ROOT, and SERVER_ADMIN) in libraries/Gelato/ErrorHandler/Resources/Views/Errors/exception.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/howchen/howchen/issues/4",
"refsource": "MISC",
"url": "https://github.com/howchen/howchen/issues/4"
}
]
}
}

120
2018/16xxx/CVE-2018-16980.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-16980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-16980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dotCMS/core/issues/15274",
"refsource" : "MISC",
"url" : "https://github.com/dotCMS/core/issues/15274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dotCMS/core/issues/15274",
"refsource": "MISC",
"url": "https://github.com/dotCMS/core/issues/15274"
}
]
}
}

170
2018/4xxx/CVE-2018-4157.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"Quick Look\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208692",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208692"
},
{
"name" : "https://support.apple.com/HT208693",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208693"
},
{
"name" : "https://support.apple.com/HT208696",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208696"
},
{
"name" : "https://support.apple.com/HT208698",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208698"
},
{
"name" : "1040604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040604"
},
{
"name" : "1040608",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. macOS before 10.13.4 is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"Quick Look\" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT208692",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208692"
},
{
"name": "1040604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040604"
},
{
"name": "https://support.apple.com/HT208698",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208698"
},
{
"name": "https://support.apple.com/HT208696",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208696"
},
{
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name": "1040608",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040608"
}
]
}
}

150
2018/4xxx/CVE-2018-4202.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the \"iBooks\" component. It allows man-in-the-middle attackers to spoof a password prompt."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT208848",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208848"
},
{
"name" : "https://support.apple.com/HT208849",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208849"
},
{
"name" : "104897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104897"
},
{
"name" : "1041027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the \"iBooks\" component. It allows man-in-the-middle attackers to spoof a password prompt."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041027"
},
{
"name": "104897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104897"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
},
{
"name": "https://support.apple.com/HT208849",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208849"
}
]
}
}

34
2018/4xxx/CVE-2018-4413.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4413",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4413",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/4xxx/CVE-2018-4762.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4762",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4762",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/4xxx/CVE-2018-4987.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-4987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : {
"version_data" : [
{
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted pointer dereference"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version": {
"version_data": [
{
"version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource" : "MISC",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name" : "104173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104173"
},
{
"name" : "1040920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have an Untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted pointer dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104173"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}