admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-06 02:32:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:16:59 +00:00
parent ec5de4809f
commit 68acbebfd7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3941 additions and 3887 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
2008/0xxx/CVE-2008-0130.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0130",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0130",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "SQL injection vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "39766",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/39766"
"name": "39766",
"refsource": "OSVDB",
"url": "http://osvdb.org/39766"
},
{
"name" : "28283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28283"
"name": "dating-site-loginform-sql-injection(39326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326"
},
{
"name" : "dating-site-loginform-sql-injection(39326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39326"
"name": "28283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28283"
}
]
}

68
2008/0xxx/CVE-2008-0770.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-0770",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0770",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter."
"lang": "eng",
"value": "SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the g_display_order cookie parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5018",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5018"
"name": "5018",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5018"
},
{
"name" : "ADV-2008-0366",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0366"
"name": "ADV-2008-0366",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0366"
}
]
}

98
2008/1xxx/CVE-2008-1349.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1349",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1349",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
"lang": "eng",
"value": "SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5244",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5244"
"name": "28229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28229"
},
{
"name" : "5340",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5340"
"name": "29359",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29359"
},
{
"name" : "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt"
"name": "bamagalerie-viewcat-sql-injection(41188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41188"
},
{
"name" : "28229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28229"
"name": "5244",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5244"
},
{
"name" : "29359",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29359"
"name": "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt"
},
{
"name" : "29362",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29362"
"name": "5340",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5340"
},
{
"name" : "bamagalerie-viewcat-sql-injection(41188)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41188"
"name": "29362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29362"
}
]
}

80
2008/1xxx/CVE-2008-1713.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1713",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1713",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp)."
"lang": "eng",
"value": "MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "5341",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/5341"
"name": "29629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29629"
},
{
"name" : "28559",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28559"
"name": "28559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28559"
},
{
"name" : "29629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29629"
"name": "5341",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5341"
},
{
"name" : "emailserverng-mailserver-dos(41581)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41581"
"name": "emailserverng-mailserver-dos(41581)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41581"
}
]
}

92
2008/1xxx/CVE-2008-1780.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-1780",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1780",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors."
"lang": "eng",
"value": "Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "235421",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-235421-1"
"name": "28734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28734"
},
{
"name" : "28734",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/28734"
"name": "ADV-2008-1194",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1194/references"
},
{
"name" : "ADV-2008-1194",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1194/references"
"name": "235421",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-235421-1"
},
{
"name" : "1019832",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1019832"
"name": "sun-solaris-extensions-security-bypass(41764)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41764"
},
{
"name" : "29730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/29730"
"name": "1019832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019832"
},
{
"name" : "sun-solaris-extensions-security-bypass(41764)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41764"
"name": "29730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29730"
}
]
}

92
2008/3xxx/CVE-2008-3058.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3058",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3058",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and possibly other versions before 4, allow remote attackers to execute arbitrary SQL commands via the FormValue_Email parameter (aka Email field) to index.php in (1) member/, (2) client/, or (3) admin/; or (4) the FormValue_SearchKeywords parameter to client/campaign_track.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://octeth.com/blog/category/oempro4/",
"refsource" : "MISC",
"url" : "http://octeth.com/blog/category/oempro4/"
"name": "50323",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50323"
},
{
"name" : "http://osvdb.org/ref/50/oempro.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/50/oempro.txt"
"name": "http://osvdb.org/ref/50/oempro.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/50/oempro.txt"
},
{
"name" : "32784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/32784"
"name": "50322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50322"
},
{
"name" : "50322",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50322"
"name": "oempro-index-sql-injection(47112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47112"
},
{
"name" : "50323",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/50323"
"name": "http://octeth.com/blog/category/oempro4/",
"refsource": "MISC",
"url": "http://octeth.com/blog/category/oempro4/"
},
{
"name" : "oempro-index-sql-injection(47112)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47112"
"name": "32784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32784"
}
]
}

350
2008/3xxx/CVE-2008-3104.json
View File

@ -1,301 +1,301 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3104",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3104",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=122331139823057&w=2"
"name": "sun-jre-unspecified-security-bypass(43662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662"
},
{
"name" : "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
"name": "RHSA-2008:1044",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1044.html"
},
{
"name" : "http://support.apple.com/kb/HT3178",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3178"
"name": "APPLE-SA-2008-09-24",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
},
{
"name" : "http://support.apple.com/kb/HT3179",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3179"
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=122331139823057&w=2"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
"name": "32436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32436"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm"
"name": "32826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32826"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm"
},
{
"name" : "APPLE-SA-2008-09-24",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00008.html"
"name": "31600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31600"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name": "1020459",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020459"
},
{
"name" : "RHSA-2008:0594",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0594.html"
"name": "SUSE-SA:2008:042",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
},
{
"name" : "RHSA-2008:0595",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
"name": "32018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32018"
},
{
"name" : "RHSA-2008:0790",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
"name": "RHSA-2008:1043",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1043.html"
},
{
"name" : "RHSA-2008:0955",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0955.html"
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "RHSA-2008:1043",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-1043.html"
"name": "32179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32179"
},
{
"name" : "RHSA-2008:1044",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-1044.html"
"name": "238968",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1"
},
{
"name" : "RHSA-2008:1045",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-1045.html"
"name": "33194",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33194"
},
{
"name" : "RHSA-2008:0906",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0906.html"
"name": "ADV-2008-2740",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2740"
},
{
"name" : "238968",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-238968-1"
"name": "31320",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31320"
},
{
"name" : "SUSE-SA:2008:042",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00005.html"
"name": "SUSE-SA:2008:043",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
},
{
"name" : "SUSE-SA:2008:043",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00000.html"
"name": "33237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33237"
},
{
"name" : "SUSE-SA:2008:045",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
"name": "ADV-2008-2056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2056/references"
},
{
"name" : "SUSE-SR:2008:028",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
"name": "31055",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31055"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
"name": "32180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32180"
},
{
"name" : "TA08-193A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0016.html"
},
{
"name" : "30140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30140"
"name": "31736",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31736"
},
{
"name" : "oval:org.mitre.oval:def:9565",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565"
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
"name": "30140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30140"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
"name": "33236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33236"
},
{
"name" : "31736",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31736"
"name": "http://support.apple.com/kb/HT3178",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3178"
},
{
"name" : "ADV-2008-2056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2056/references"
"name": "RHSA-2008:0594",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0594.html"
},
{
"name" : "ADV-2008-2740",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2740"
"name": "31269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31269"
},
{
"name" : "1020459",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1020459"
"name": "31497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31497"
},
{
"name" : "31010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31010"
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm"
},
{
"name" : "31055",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31055"
"name": "RHSA-2008:1045",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-1045.html"
},
{
"name" : "31269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31269"
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "31320",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31320"
"name": "RHSA-2008:0955",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0955.html"
},
{
"name" : "31497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31497"
"name": "33238",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33238"
},
{
"name" : "31600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31600"
"name": "SUSE-SR:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name" : "32018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32018"
"name": "20081004 VMSA-2008-0016 VMware Hosted products, VirtualCenter Update 3 and patches for ESX and ESXi resolve multiple security issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/497041/100/0/threaded"
},
{
"name" : "32180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32180"
"name": "SUSE-SA:2008:045",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00002.html"
},
{
"name" : "32179",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32179"
"name": "RHSA-2008:0790",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0790.html"
},
{
"name" : "32436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32436"
"name": "RHSA-2008:0906",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0906.html"
},
{
"name" : "32826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32826"
"name": "TA08-193A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-193A.html"
},
{
"name" : "33236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33236"
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name" : "33237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33237"
"name": "http://support.apple.com/kb/HT3179",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3179"
},
{
"name" : "33238",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33238"
"name": "RHSA-2008:0595",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0595.html"
},
{
"name" : "33194",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33194"
"name": "oval:org.mitre.oval:def:9565",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9565"
},
{
"name" : "sun-jre-unspecified-security-bypass(43662)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43662"
"name": "31010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31010"
}
]
}

92
2008/3xxx/CVE-2008-3250.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3250",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3250",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter."
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 allows remote attackers to execute arbitrary SQL commands via the filter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6097",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6097"
"name": "4017",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4017"
},
{
"name" : "6113",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6113"
"name": "arctic-index-sql-injection(43872)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43872"
},
{
"name" : "30277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/30277"
"name": "31139",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31139"
},
{
"name" : "31139",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31139"
"name": "30277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30277"
},
{
"name" : "4017",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4017"
"name": "6113",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6113"
},
{
"name" : "arctic-index-sql-injection(43872)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43872"
"name": "6097",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6097"
}
]
}

98
2008/3xxx/CVE-2008-3618.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-3618",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3618",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended."
"lang": "eng",
"value": "The File Sharing pane in the Sharing preference pane in Apple Mac OS X 10.5 through 10.5.4 does not inform users that the complete contents of their own home directories are shared for their own use, which might allow attackers to leverage other vulnerabilities and access files for which sharing was unintended."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "APPLE-SA-2008-09-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
"name": "31189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31189"
},
{
"name" : "TA08-260A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
"name": "VU#126787",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/126787"
},
{
"name" : "VU#126787",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/126787"
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name" : "31189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31189"
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name" : "ADV-2008-2584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2584"
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name" : "1020883",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1020883"
"name": "1020883",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1020883"
},
{
"name" : "macos-filesharing-weak-security(45175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45175"
"name": "macos-filesharing-weak-security(45175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45175"
}
]
}

116
2008/4xxx/CVE-2008-4111.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4111",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4111",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors."
"lang": "eng",
"value": "Unspecified vulnerability in Servlet Engine/Web Container in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.31 and 6.1 before 6.1.0.19, when the FileServing feature is enabled, has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27007951"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007951"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
"name": "ADV-2008-2566",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2566"
},
{
"name" : "PK64302",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK64302"
"name": "websphere-servletengine-unspecified(45122)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45122"
},
{
"name" : "31186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31186"
"name": "ADV-2008-2871",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2871"
},
{
"name" : "31839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31839"
"name": "PK64302",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK64302"
},
{
"name" : "ADV-2008-2566",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2566"
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name" : "ADV-2008-2871",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/2871"
"name": "31186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31186"
},
{
"name" : "31892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31892"
"name": "32296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32296"
},
{
"name" : "32296",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32296"
"name": "31839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31839"
},
{
"name" : "websphere-servletengine-unspecified(45122)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45122"
"name": "31892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31892"
}
]
}

242
2008/4xxx/CVE-2008-4316.json
View File

@ -1,211 +1,211 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4316",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2008-4316",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation."
"lang": "eng",
"value": "Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow context-dependent attackers to execute arbitrary code via a long string that is converted either (1) from or (2) to a base64 representation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
"name": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff",
"refsource": "MISC",
"url": "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
},
{
"name" : "20090312 rPSA-2009-0045-1 glib",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
"name": "20090312 rPSA-2009-0045-1 glib",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501766/100/0/threaded"
},
{
"name" : "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/03/12/2"
"name": "USN-738-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-738-1"
},
{
"name" : "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/16/2"
"name": "34560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34560"
},
{
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
"name": "[oss-security] 20090317 Re: [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/16/2"
},
{
"name" : "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff",
"refsource" : "MISC",
"url" : "http://ocert.org/patches/2008-015/glib-CVE-2008-4316.diff"
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2008-015.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2008-015.html"
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name" : "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973",
"refsource" : "CONFIRM",
"url" : "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973"
"name": "MDVSA-2009:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0045",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0045",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0045"
},
{
"name" : "DSA-1747",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1747"
"name": "oval:org.mitre.oval:def:11401",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
},
{
"name" : "FEDORA-2009-2688",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
"name": "FEDORA-2009-2688",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01113.html"
},
{
"name" : "FEDORA-2009-2657",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
"name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"name" : "MDVSA-2009:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:080"
"name": "34100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34100"
},
{
"name" : "RHSA-2009:0336",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
"name": "34854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34854"
},
{
"name" : "SUSE-SA:2009:026",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
"name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"name" : "USN-738-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-738-1"
"name": "34267",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34267"
},
{
"name" : "34100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34100"
"name": "RHSA-2009:0336",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0336.html"
},
{
"name" : "oval:org.mitre.oval:def:11401",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11401"
"name": "38833",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38833"
},
{
"name" : "oval:org.mitre.oval:def:8360",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
"name": "1021884",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021884"
},
{
"name" : "1021884",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021884"
"name": "DSA-1747",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1747"
},
{
"name" : "34267",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34267"
"name": "34317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34317"
},
{
"name" : "34317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34317"
"name": "SUSE-SA:2009:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00014.html"
},
{
"name" : "34404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34404"
"name": "FEDORA-2009-2657",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-package-announce/2009-April/msg00744.html"
},
{
"name" : "34416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34416"
"name": "34416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34416"
},
{
"name" : "34560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34560"
"name": "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973",
"refsource": "CONFIRM",
"url": "http://svn.gnome.org/viewvc/glib?view=revision&revision=7973"
},
{
"name" : "34854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34854"
"name": "oval:org.mitre.oval:def:8360",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8360"
},
{
"name" : "34890",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34890"
"name": "34404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34404"
},
{
"name" : "38794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38794"
"name": "glib-gbase64-bo(49272)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
},
{
"name" : "38833",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38833"
"name": "34890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34890"
},
{
"name" : "ADV-2010-0528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0528"
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
},
{
"name" : "glib-gbase64-bo(49272)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49272"
"name": "http://www.ocert.org/advisories/ocert-2008-015.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
}
]
}

80
2008/4xxx/CVE-2008-4319.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4319",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4319",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string."
"lang": "eng",
"value": "fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 and earlier allows remote attackers to bypass authentication, and read arbitrary files, modify arbitrary files, and list arbitrary directories, by inserting certain user and isadmin parameters in the query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080925 Fwd: Returned post for bugtraq@securityfocus.com",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/496742"
"name": "6567",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6567"
},
{
"name" : "6567",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6567"
"name": "31415",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31415"
},
{
"name" : "31415",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31415"
"name": "20080925 Fwd: Returned post for bugtraq@securityfocus.com",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496742"
},
{
"name" : "librafilemanager-fileadmin-security-bypass(45423)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423"
"name": "librafilemanager-fileadmin-security-bypass(45423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45423"
}
]
}

80
2008/4xxx/CVE-2008-4521.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4521",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4521",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter."
"lang": "eng",
"value": "SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "6682",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/6682"
"name": "6682",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6682"
},
{
"name" : "31579",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/31579"
"name": "raidtrackerpanel-thisraidprog-sql-injection(45675)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45675"
},
{
"name" : "4384",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4384"
"name": "31579",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31579"
},
{
"name" : "raidtrackerpanel-thisraidprog-sql-injection(45675)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45675"
"name": "4384",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4384"
}
]
}

92
2008/4xxx/CVE-2008-4830.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-4830",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-4830",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method."
"lang": "eng",
"value": "Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090415 Secunia Research: SAP GUI KWEdit ActiveX Control \"SaveDocumentAs()\" Insecure Method",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502698/100/0/threaded"
"name": "http://secunia.com/secunia_research/2008-56/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-56/"
},
{
"name" : "http://secunia.com/secunia_research/2008-56/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2008-56/"
"name": "32869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32869"
},
{
"name" : "34524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34524"
"name": "20090415 Secunia Research: SAP GUI KWEdit ActiveX Control \"SaveDocumentAs()\" Insecure Method",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502698/100/0/threaded"
},
{
"name" : "1022062",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022062"
"name": "ADV-2009-1043",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1043"
},
{
"name" : "32869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32869"
"name": "34524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34524"
},
{
"name" : "ADV-2009-1043",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1043"
"name": "1022062",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022062"
}
]
}

80
2008/7xxx/CVE-2008-7174.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2008-7174",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-7174",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions."
"lang": "eng",
"value": "Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20080617 Hacking Coffee Makers.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493387/100/0/threaded"
"name": "29767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29767"
},
{
"name" : "20080618 A more detailed description of the Jura F90 vulnerability.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/493433/100/0/threaded"
"name": "20080618 A more detailed description of the Jura F90 vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493433/100/0/threaded"
},
{
"name" : "http://news.cnet.com/8301-10784_3-9970757-7.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-10784_3-9970757-7.html"
"name": "http://news.cnet.com/8301-10784_3-9970757-7.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-10784_3-9970757-7.html"
},
{
"name" : "29767",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/29767"
"name": "20080617 Hacking Coffee Makers.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493387/100/0/threaded"
}
]
}

92
2013/2xxx/CVE-2013-2178.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2178",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-2178",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request."
"lang": "eng",
"value": "The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and apache-overflows.conf files in Fail2ban before 0.8.10 do not properly validate log messages, which allows remote attackers to block arbitrary IP addresses via certain messages in a request."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/06/13/7"
"name": "oval:org.mitre.oval:def:17338",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"
},
{
"name" : "https://vndh.net/note:fail2ban-089-denial-service",
"refsource" : "MISC",
"url" : "https://vndh.net/note:fail2ban-089-denial-service"
"name": "[oss-security] 20130613 Re: Re: Fail2ban 0.8.9, Denial of Service (Apache rules only)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/06/13/7"
},
{
"name" : "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
"name": "DSA-2708",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2708"
},
{
"name" : "DSA-2708",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2708"
"name": "openSUSE-SU-2014:0348",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
},
{
"name" : "openSUSE-SU-2014:0348",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00021.html"
"name": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog",
"refsource": "CONFIRM",
"url": "https://raw.github.com/fail2ban/fail2ban/master/ChangeLog"
},
{
"name" : "oval:org.mitre.oval:def:17338",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17338"
"name": "https://vndh.net/note:fail2ban-089-denial-service",
"refsource": "MISC",
"url": "https://vndh.net/note:fail2ban-089-denial-service"
}
]
}

62
2013/2xxx/CVE-2013-2276.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-2276",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2276",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data."
"lang": "eng",
"value": "The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg before 1.1.3 does not verify the decoding state before proceeding with certain skip operations, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted audio data."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48"
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8a6449167a6da8cb747cfe3502ae86ffaac2ed48"
}
]
}

74
2013/3xxx/CVE-2013-3435.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3435",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-3435",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052."
"lang": "eng",
"value": "The Cisco Unified IP Conference Station 7937G allows remote attackers to cause a denial of service (networking outage) via a flood of TCP packets, aka Bug ID CSCuh42052."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152"
"name": "20130719 Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3435"
},
{
"name" : "20130719 Cisco Unified IP Conference Station 7937G Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3435"
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=30152"
},
{
"name" : "95471",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/95471"
"name": "95471",
"refsource": "OSVDB",
"url": "http://osvdb.org/95471"
}
]
}

68
2013/3xxx/CVE-2013-3745.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3745",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2013-3745",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc."
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
},
{
"name" : "oval:org.mitre.oval:def:19442",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19442"
"name": "oval:org.mitre.oval:def:19442",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19442"
}
]
}

22
2013/3xxx/CVE-2013-3901.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-3901",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-3901",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

22
2013/6xxx/CVE-2013-6130.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6130",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6130",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2013/6xxx/CVE-2013-6162.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6162",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6162",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "30373",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/30373"
"name": "30373",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30373"
},
{
"name" : "abilitymailserver-cve20136162-xss(89807)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/89807"
"name": "abilitymailserver-cve20136162-xss(89807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89807"
}
]
}

134
2013/6xxx/CVE-2013-6435.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6435",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-6435",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory."
"lang": "eng",
"value": "Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the signature, as demonstrated by installing a file in the /etc/cron.d directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039811",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/",
"refsource" : "CONFIRM",
"url" : "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
"name": "MDVSA-2015:056",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
},
{
"name" : "http://advisories.mageia.org/MGASA-2014-0529.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2014-0529.html"
"name": "GLSA-201811-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-22"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
"name": "http://advisories.mageia.org/MGASA-2014-0529.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0529.html"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
"name": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/",
"refsource": "CONFIRM",
"url": "https://securityblog.redhat.com/2014/12/10/analysis-of-the-cve-2013-6435-flaw-in-rpm/"
},
{
"name" : "DSA-3129",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3129"
"name": "RHSA-2014:1975",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
},
{
"name" : "GLSA-201811-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-22"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1039811"
},
{
"name" : "MDVSA-2014:251",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
"name": "MDVSA-2014:251",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:251"
},
{
"name" : "MDVSA-2015:056",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:056"
"name": "71558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71558"
},
{
"name" : "RHSA-2014:1974",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
"name": "RHSA-2014:1974",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1974.html"
},
{
"name" : "RHSA-2014:1975",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1975.html"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "RHSA-2014:1976",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
"name": "DSA-3129",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3129"
},
{
"name" : "71558",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71558"
"name": "RHSA-2014:1976",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-1976.html"
}
]
}

22
2013/6xxx/CVE-2013-6591.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6591",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2013-6591",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
}
]
}

62
2013/6xxx/CVE-2013-6939.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-6939",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-6939",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to \"RADIUS authentication.\""
"lang": "eng",
"value": "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows attackers to cause a denial of service via unknown vectors, related to \"RADIUS authentication.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.citrix.com/article/CTX139049",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX139049"
"name": "http://support.citrix.com/article/CTX139049",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX139049"
}
]
}

74
2013/7xxx/CVE-2013-7110.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7110",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-7110",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073."
"lang": "eng",
"value": "Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/13/5"
"name": "[oss-security] 20131213 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/13/5"
},
{
"name" : "[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/12/15/3"
"name": "https://github.com/transifex/transifex-client/issues/42",
"refsource": "CONFIRM",
"url": "https://github.com/transifex/transifex-client/issues/42"
},
{
"name" : "https://github.com/transifex/transifex-client/issues/42",
"refsource" : "CONFIRM",
"url" : "https://github.com/transifex/transifex-client/issues/42"
"name": "[oss-security] 20131215 Re: CVE-2013-2073 transifex-client: Does not validate HTTPS server certificate (fixed in transifex-client v0.9)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/12/15/3"
}
]
}

104
2013/7xxx/CVE-2013-7277.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2013-7277",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7277",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase",
"refsource" : "MISC",
"url" : "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase"
"name": "64550",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64550"
},
{
"name" : "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html",
"refsource" : "CONFIRM",
"url" : "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html"
"name": "101492",
"refsource": "OSVDB",
"url": "http://osvdb.org/101492"
},
{
"name" : "http://sourceforge.net/p/aphpkb/code/91",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/aphpkb/code/91"
"name": "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase",
"refsource": "MISC",
"url": "https://www.netsparker.com/critical-xss-vulnerabilities-andy-php-knowledgebase"
},
{
"name" : "64550",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/64550"
"name": "http://sourceforge.net/p/aphpkb/code/91",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/aphpkb/code/91"
},
{
"name" : "101467",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101467"
"name": "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html",
"refsource": "CONFIRM",
"url": "http://aphpkb.blogspot.dk/2013/12/release-of-aphpkb-0958.html"
},
{
"name" : "101491",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101491"
"name": "101467",
"refsource": "OSVDB",
"url": "http://osvdb.org/101467"
},
{
"name" : "101492",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/101492"
"name": "101491",
"refsource": "OSVDB",
"url": "http://osvdb.org/101491"
},
{
"name" : "56228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/56228"
"name": "56228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56228"
}
]
}

76
2017/10xxx/CVE-2017-10069.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10069",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10069",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Payment Gateway Services",
"version" : {
"version_data" : [
"product_name": "Payment Gateway Services",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "6.1.1"
"version_affected": "=",
"version_value": "6.1.1"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Payment Interface component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 6.1.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data."
"lang": "eng",
"value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payment Interface. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Payment Interface accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name" : "99721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99721"
"name": "99721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99721"
},
{
"name" : "1038941",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038941"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

74
2017/10xxx/CVE-2017-10144.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2017-10144",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2017-10144",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Applications Manager. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name": "99685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99685"
},
{
"name" : "99685",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99685"
"name": "1038926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038926"
},
{
"name" : "1038926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038926"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}

92
2017/10xxx/CVE-2017-10913.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-10913",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10913",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1."
"lang": "eng",
"value": "The grant-table feature in Xen through 4.8.x provides false mapping information in certain cases of concurrent unmap calls, which allows backend attackers to obtain sensitive information or gain privileges, aka XSA-218 bug 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://xenbits.xen.org/xsa/advisory-218.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-218.html"
"name": "1038722",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038722"
},
{
"name" : "DSA-3969",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3969"
"name": "GLSA-201708-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201708-03"
},
{
"name" : "GLSA-201708-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201708-03"
"name": "DSA-3969",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3969"
},
{
"name" : "GLSA-201710-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201710-17"
"name": "99411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99411"
},
{
"name" : "99411",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99411"
"name": "https://xenbits.xen.org/xsa/advisory-218.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-218.html"
},
{
"name" : "1038722",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038722"
"name": "GLSA-201710-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201710-17"
}
]
}

22
2017/14xxx/CVE-2017-14072.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14072",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14072",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2017/14xxx/CVE-2017-14501.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14501",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14501",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header."
"lang": "eng",
"value": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html"
"name": "https://github.com/libarchive/libarchive/issues/949",
"refsource": "MISC",
"url": "https://github.com/libarchive/libarchive/issues/949"
},
{
"name" : "https://bugs.debian.org/875966",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/875966"
"name": "[debian-lts-announce] 20181129 [SECURITY] [DLA 1600-1] libarchive security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00037.html"
},
{
"name" : "https://github.com/libarchive/libarchive/issues/949",
"refsource" : "MISC",
"url" : "https://github.com/libarchive/libarchive/issues/949"
"name": "DSA-4360",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4360"
},
{
"name" : "DSA-4360",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4360"
"name": "USN-3736-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3736-1/"
},
{
"name" : "USN-3736-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3736-1/"
"name": "https://bugs.debian.org/875966",
"refsource": "MISC",
"url": "https://bugs.debian.org/875966"
}
]
}

22
2017/14xxx/CVE-2017-14747.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-14747",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14747",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

22
2017/17xxx/CVE-2017-17350.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17350",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17350",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2017/17xxx/CVE-2017-17383.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17383",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17383",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624."
"lang": "eng",
"value": "Jenkins through 2.93 allows remote authenticated administrators to conduct XSS attacks via a crafted tool name in a job configuration form, as demonstrated by the JDK tool in Jenkins core and the Ant tool in the Ant plugin, aka SECURITY-624."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04",
"refsource" : "MISC",
"url" : "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04"
"name": "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04",
"refsource": "MISC",
"url": "http://vsintelli.com/portal/blog/23-security-advisory-2017-12-04"
},
{
"name" : "https://jenkins.io/security/advisory/2017-12-05/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-12-05/"
"name": "102130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102130"
},
{
"name" : "102130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102130"
"name": "https://jenkins.io/security/advisory/2017-12-05/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-12-05/"
}
]
}

92
2017/17xxx/CVE-2017-17499.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17499",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17499",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp."
"lang": "eng",
"value": "ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc"
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name" : "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a"
"name": "DSA-4074",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-4074"
},
{
"name" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1",
"refsource" : "CONFIRM",
"url" : "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1"
"name": "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a"
},
{
"name" : "DSA-4074",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2017/dsa-4074"
"name": "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
"name": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1",
"refsource": "CONFIRM",
"url": "https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1"
},
{
"name" : "102155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102155"
"name": "102155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102155"
}
]
}

68
2017/17xxx/CVE-2017-17577.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-17577",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17577",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter."
"lang": "eng",
"value": "FS Trademe Clone 1.0 has SQL Injection via the search_item.php search parameter or the general_item_details.php id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "43260",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43260/"
"name": "43260",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43260/"
},
{
"name" : "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html"
"name": "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/145296/FS-Trademe-Clone-1.0-SQL-Injection.html"
}
]
}

62
2017/9xxx/CVE-2017-9428.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9428",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9428",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A directory traversal vulnerability exists in core\\admin\\ajax\\developer\\extensions\\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\\ sequences in the directory parameter."
"lang": "eng",
"value": "A directory traversal vulnerability exists in core\\admin\\ajax\\developer\\extensions\\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\\ sequences in the directory parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/bigtreecms/BigTree-CMS/issues/289",
"refsource" : "MISC",
"url" : "https://github.com/bigtreecms/BigTree-CMS/issues/289"
"name": "https://github.com/bigtreecms/BigTree-CMS/issues/289",
"refsource": "MISC",
"url": "https://github.com/bigtreecms/BigTree-CMS/issues/289"
}
]
}

62
2017/9xxx/CVE-2017-9590.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9590",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9590",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The \"State Bank of Waterloo Mobile Banking\" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
"lang": "eng",
"value": "The \"State Bank of Waterloo Mobile Banking\" by State Bank of Waterloo app 3.0.2 -- aka state-bank-of-waterloo-mobile-banking/id555321714 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource" : "MISC",
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}

68
2017/9xxx/CVE-2017-9762.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-9762",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9762",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file."
"lang": "eng",
"value": "The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/radare/radare2/issues/7726",
"refsource" : "CONFIRM",
"url" : "https://github.com/radare/radare2/issues/7726"
"name": "https://github.com/radare/radare2/issues/7726",
"refsource": "CONFIRM",
"url": "https://github.com/radare/radare2/issues/7726"
},
{
"name" : "99140",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/99140"
"name": "99140",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99140"
}
]
}

80
2018/0xxx/CVE-2018-0155.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0155",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0155",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco IOS and IOS XE",
"version" : {
"version_data" : [
"product_name": "Cisco IOS and IOS XE",
"version": {
"version_data": [
{
"version_value" : "Cisco IOS and IOS XE"
"version_value": "Cisco IOS and IOS XE"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729."
"lang": "eng",
"value": "A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when the BFD header in a BFD packet is incomplete. An attacker could exploit this vulnerability by sending a crafted BFD message to or across an affected switch. A successful exploit could allow the attacker to trigger a reload of the system. This vulnerability affects Catalyst 4500 Supervisor Engine 6-E (K5), Catalyst 4500 Supervisor Engine 6L-E (K10), Catalyst 4500 Supervisor Engine 7-E (K10), Catalyst 4500 Supervisor Engine 7L-E (K10), Catalyst 4500E Supervisor Engine 8-E (K10), Catalyst 4500E Supervisor Engine 8L-E (K10), Catalyst 4500E Supervisor Engine 9-E (K10), Catalyst 4500-X Series Switches (K10), Catalyst 4900M Switch (K5), Catalyst 4948E Ethernet Switch (K5). Cisco Bug IDs: CSCvc40729."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-388"
"lang": "eng",
"value": "CWE-388"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
"name": "1040587",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040587"
},
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd"
"name": "103565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103565"
},
{
"name" : "103565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103565"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-bfd"
},
{
"name" : "1040587",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040587"
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-05"
}
]
}

68
2018/0xxx/CVE-2018-0269.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"ID" : "CVE-2018-0269",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2018-0269",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cisco DNA Center",
"version" : {
"version_data" : [
"product_name": "Cisco DNA Center",
"version": {
"version_data": [
{
"version_value" : "Cisco DNA Center"
"version_value": "Cisco DNA Center"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208."
"lang": "eng",
"value": "A vulnerability in the web framework of the Cisco Digital Network Architecture Center (DNA Center) could allow an unauthenticated, remote attacker to communicate with the Kong API server without restriction. The vulnerability is due to an overly permissive Cross Origin Resource Sharing (CORS) policy. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. An exploit could allow the attacker to communicate with the API and exfiltrate sensitive information. Cisco Bug IDs: CSCvh99208."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "CWE-200"
"lang": "eng",
"value": "CWE-200"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1",
"refsource" : "CONFIRM",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1"
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-dna1"
},
{
"name" : "103950",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103950"
"name": "103950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103950"
}
]
}

74
2018/0xxx/CVE-2018-0820.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2018-0820",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-0820",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Kernel Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843."
"lang": "eng",
"value": "The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka \"Windows Kernel Elevation Of Privilege Vulnerability\". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0820"
},
{
"name" : "102945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102945"
"name": "102945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102945"
},
{
"name" : "1040373",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040373"
"name": "1040373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040373"
}
]
}

70
2018/0xxx/CVE-2018-0862.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"DATE_PUBLIC" : "2018-01-19T00:00:00",
"ID" : "CVE-2018-0862",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2018-01-19T00:00:00",
"ID": "CVE-2018-0862",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Equation Editor",
"version" : {
"version_data" : [
"product_name": "Equation Editor",
"version": {
"version_data": [
{
"version_value" : "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
"version_value": "Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft Corporation"
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
"lang": "eng",
"value": "Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka \"Microsoft Word Remote Code Execution Vulnerability\". This CVE is unique from CVE-2018-0805, CVE-2018-0806, and CVE-2018-0807."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0862"
},
{
"name" : "102749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102749"
"name": "102749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102749"
}
]
}

74
2018/1000xxx/CVE-2018-1000226.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-08-02T16:41:53.516803",
"DATE_REQUESTED" : "2018-08-02T16:12:25",
"ID" : "CVE-2018-1000226",
"REQUESTER" : "cvereports@movermeyer.com",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-08-02T16:41:53.516803",
"DATE_REQUESTED": "2018-08-02T16:12:25",
"ID": "CVE-2018-1000226",
"REQUESTER": "cvereports@movermeyer.com",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Cobbler",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "Cobbler"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
"lang": "eng",
"value": "Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Incorrect Access Control vulnerability in XMLRPC API (/cobbler_api) that can result in Privilege escalation, data manipulation or exfiltration, LDAP credential harvesting. This attack appear to be exploitable via \"network connectivity\". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Incorrect Access Control"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
"refsource" : "MISC",
"url" : "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
"name": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/",
"refsource": "MISC",
"url": "https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/"
},
{
"name" : "https://github.com/cobbler/cobbler/issues/1916",
"refsource" : "CONFIRM",
"url" : "https://github.com/cobbler/cobbler/issues/1916"
"name": "https://github.com/cobbler/cobbler/issues/1916",
"refsource": "CONFIRM",
"url": "https://github.com/cobbler/cobbler/issues/1916"
}
]
}

22
2018/19xxx/CVE-2018-19016.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19016",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19016",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/19xxx/CVE-2018-19120.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19120",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19120",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address."
"lang": "eng",
"value": "The HTML thumbnailer plugin in KDE Applications before 18.12.0 allows attackers to trigger outbound TCP connections to arbitrary IP addresses, leading to disclosure of the source IP address."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649420",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1649420"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1649420",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1649420"
},
{
"name" : "FEDORA-2018-2e64407bef",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/"
"name": "FEDORA-2018-2e64407bef",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CWRCGXLPJHM4OFD66BINH2FIMYHRCRKF/"
}
]
}

58
2018/19xxx/CVE-2018-19158.json
View File

@ -2,7 +2,30 @@
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19158",
"STATE": "RESERVED"
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
@ -11,7 +34,38 @@
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "ColossusCoinXT through 1.0.5 (a chain-based proof-of-stake cryptocurrency) allows a remote denial of service, exploitable by an attacker who acquires even a small amount of stake/coins in the system. The attacker sends invalid headers/blocks, which are stored on the victim's disk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806",
"refsource": "MISC",
"name": "https://medium.com/@dsl_uiuc/fake-stake-attacks-on-chain-based-proof-of-stake-cryptocurrencies-b8b05723f806"
},
{
"url": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf",
"refsource": "MISC",
"name": "http://fc19.ifca.ai/preproceedings/180-preproceedings.pdf"
},
{
"refsource": "CONFIRM",
"name": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8",
"url": "https://github.com/ColossusCoinXT/ColossusCoinXT/compare/0223904...9666bb8"
}
]
}

22
2018/19xxx/CVE-2018-19480.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-19480",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19480",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

64
2018/1xxx/CVE-2018-1286.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-02-25T00:00:00",
"ID" : "CVE-2018-1286",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-02-25T00:00:00",
"ID": "CVE-2018-1286",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache OpenMeetings",
"version" : {
"version_data" : [
"product_name": "Apache OpenMeetings",
"version": {
"version_data": [
{
"version_value" : "3.0.0 - 4.0.1"
"version_value": "3.0.0 - 4.0.1"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users."
"lang": "eng",
"value": "In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged users are not password protected allowing an authenticated attacker to deny service for privileged users."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Insufficient Access Controls"
"lang": "eng",
"value": "Insufficient Access Controls"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E"
"name": "[user] 20180225 [ANNOUNCE] CVE-2018-1286 - Apache OpenMeetings - Insufficient Access Controls",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/dc2151baa5301bae773603cede0d62c21ee28588dd06e5e9253c13a8@%3Cuser.openmeetings.apache.org%3E"
}
]
}

22
2018/1xxx/CVE-2018-1527.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-1527",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-1527",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

120
2018/1xxx/CVE-2018-1686.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-10-03T00:00:00",
"ID" : "CVE-2018-1686",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC": "2018-10-03T00:00:00",
"ID": "CVE-2018-1686",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Maximo Asset Management",
"version" : {
"version_data" : [
"product_name": "Maximo Asset Management",
"version": {
"version_data": [
{
"version_value" : "7.6"
"version_value": "7.6"
},
{
"version_value" : "7.6.0"
"version_value": "7.6.0"
},
{
"version_value" : "7.6.0.1"
"version_value": "7.6.0.1"
},
{
"version_value" : "7.6.1"
"version_value": "7.6.1"
},
{
"version_value" : "7.6.2"
"version_value": "7.6.2"
},
{
"version_value" : "7.6.2.1"
"version_value": "7.6.2.1"
},
{
"version_value" : "7.6.2.2"
"version_value": "7.6.2.2"
},
{
"version_value" : "7.6.2.3"
"version_value": "7.6.2.3"
},
{
"version_value" : "7.6.2.4"
"version_value": "7.6.2.4"
},
{
"version_value" : "7.6.3"
"version_value": "7.6.3"
}
]
}
}
]
},
"vendor_name" : "IBM"
"vendor_name": "IBM"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505."
"lang": "eng",
"value": "IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145505."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "L",
"AV" : "N",
"C" : "L",
"I" : "L",
"PR" : "L",
"S" : "C",
"SCORE" : "5.400",
"UI" : "R"
"impact": {
"cvssv3": {
"BM": {
"A": "N",
"AC": "L",
"AV": "N",
"C": "L",
"I": "L",
"PR": "L",
"S": "C",
"SCORE": "5.400",
"UI": "R"
},
"TM" : {
"E" : "H",
"RC" : "C",
"RL" : "O"
"TM": {
"E": "H",
"RC": "C",
"RL": "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.ibm.com/support/docview.wss?uid=ibm10728865",
"refsource" : "CONFIRM",
"url" : "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
"name": "ibm-maximo-cve20181686-xss(145505)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
},
{
"name" : "ibm-maximo-cve20181686-xss(145505)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/145505"
"name": "https://www.ibm.com/support/docview.wss?uid=ibm10728865",
"refsource": "CONFIRM",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10728865"
}
]
}

64
2018/4xxx/CVE-2018-4000.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2018-4000",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2018-4000",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Atlantis Word Processor",
"version" : {
"version_data" : [
"product_name": "Atlantis Word Processor",
"version": {
"version_data": [
{
"version_value" : "3.2.5.0"
"version_value": "3.2.5.0"
}
]
}
}
]
},
"vendor_name" : "The Atlantis Word Processor Team"
"vendor_name": "The Atlantis Word Processor Team"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability."
"lang": "eng",
"value": "An exploitable double-free vulnerability exists in the Office Open XML parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted document can cause a TTableRow instance to be referenced twice, resulting in a double-free vulnerability when both the references go out of scope. An attacker must convince a victim to open a document in order to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "double free code execution"
"lang": "eng",
"value": "double free code execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668"
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0668"
}
]
}

110
2018/4xxx/CVE-2018-4129.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2018-4129",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2018-4129",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. tvOS before 11.3 is affected. watchOS before 4.3 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.apple.com/HT208693",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208693"
"name": "1040604",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040604"
},
{
"name" : "https://support.apple.com/HT208694",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208694"
"name": "https://support.apple.com/HT208698",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208698"
},
{
"name" : "https://support.apple.com/HT208695",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208695"
"name": "GLSA-201808-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"name" : "https://support.apple.com/HT208696",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208696"
"name": "https://support.apple.com/HT208696",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208696"
},
{
"name" : "https://support.apple.com/HT208697",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208697"
"name": "https://support.apple.com/HT208693",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208693"
},
{
"name" : "https://support.apple.com/HT208698",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT208698"
"name": "https://support.apple.com/HT208694",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208694"
},
{
"name" : "GLSA-201808-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201808-04"
"name": "https://support.apple.com/HT208697",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208697"
},
{
"name" : "USN-3635-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3635-1/"
"name": "USN-3635-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3635-1/"
},
{
"name" : "1040604",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040604"
"name": "https://support.apple.com/HT208695",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208695"
}
]
}

22
2018/4xxx/CVE-2018-4569.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-4569",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-4569",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}