admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:53:17 +00:00
parent 84cf86f99b
commit 6ab07d9892
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4137 additions and 4137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

390
2008/0xxx/CVE-2008-0072.json
View File

@ -1,197 +1,197 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID" : "CVE-2008-0072", "ID": "CVE-2008-0072",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080528 rPSA-2008-0105-1 evolution", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/492684/100/0/threaded" "lang": "eng",
}, "value": "Format string vulnerability in the emf_multipart_encrypted function in mail/em-format.c in Evolution 2.12.3 and earlier allows remote attackers to execute arbitrary code via a crafted encrypted message, as demonstrated using the Version field."
{ }
"name" : "http://secunia.com/secunia_research/2008-8/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2008-8/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105", "description": [
"refsource" : "CONFIRM", {
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://issues.rpath.com/browse/RPL-2310", ]
"refsource" : "CONFIRM", }
"url" : "https://issues.rpath.com/browse/RPL-2310" ]
}, },
{ "references": {
"name" : "DSA-1512", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2008/dsa-1512" "name": "29258",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29258"
"name" : "FEDORA-2008-2290", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html" "name": "29163",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29163"
"name" : "FEDORA-2008-2292", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html" "name": "DSA-1512",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2008/dsa-1512"
"name" : "GLSA-200803-12", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200803-12.xml" "name": "RHSA-2008:0178",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0178.html"
"name" : "MDVSA-2008:063", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:063" "name": "29057",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29057"
"name" : "RHSA-2008:0177", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0177.html" "name": "VU#512491",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/512491"
"name" : "RHSA-2008:0178", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0178.html" "name": "USN-583-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-583-1"
"name" : "SUSE-SA:2008:014", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html" "name": "SUSE-SA:2008:014",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00003.html"
"name" : "USN-583-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-583-1" "name": "20080528 rPSA-2008-0105-1 evolution",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/492684/100/0/threaded"
"name" : "VU#512491", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/512491" "name": "oval:org.mitre.oval:def:10701",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701"
"name" : "28102", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28102" "name": "http://secunia.com/secunia_research/2008-8/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2008-8/advisory/"
"name" : "oval:org.mitre.oval:def:10701", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10701" "name": "30491",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30491"
"name" : "ADV-2008-0768", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0768/references" "name": "29210",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29210"
"name" : "1019540", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1019540" "name": "30437",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30437"
"name" : "29057", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29057" "name": "FEDORA-2008-2290",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00190.html"
"name" : "29163", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29163" "name": "ADV-2008-0768",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0768/references"
"name" : "29210", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29210" "name": "GLSA-200803-12",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200803-12.xml"
"name" : "29244", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29244" "name": "29317",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29317"
"name" : "29258", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29258" "name": "29264",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29264"
"name" : "29264", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29264" "name": "MDVSA-2008:063",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:063"
"name" : "29317", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29317" "name": "29244",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29244"
"name" : "30437", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30437" "name": "RHSA-2008:0177",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0177.html"
"name" : "30491", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30491" "name": "https://issues.rpath.com/browse/RPL-2310",
}, "refsource": "CONFIRM",
{ "url": "https://issues.rpath.com/browse/RPL-2310"
"name" : "evolution-emfmultipart-format-string(41011)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41011" "name": "evolution-emfmultipart-format-string(41011)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41011"
} },
} {
"name": "FEDORA-2008-2292",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-March/msg00195.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0105"
},
{
"name": "28102",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28102"
},
{
"name": "1019540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019540"
}
]
}
}

240
2008/0xxx/CVE-2008-0646.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0646", "ID": "CVE-2008-0646",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://deluge-torrent.org/Changelog.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://deluge-torrent.org/Changelog.php" "lang": "eng",
}, "value": "The bdecode_recursive function in include/libtorrent/bencode.hpp in Rasterbar Software libtorrent before 0.12.1, as used in Deluge before 0.5.8.3 and other products, allows context-dependent attackers to cause a denial of service (stack exhaustion and crash) via a crafted bencoded message."
{ }
"name" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968", ]
"refsource" : "CONFIRM", },
"url" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968", "description": [
"refsource" : "CONFIRM", {
"url" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968", ]
"refsource" : "CONFIRM", }
"url" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968" ]
}, },
{ "references": {
"name" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968" "name": "28782",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28782"
"name" : "FEDORA-2008-1198", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html" "name": "http://deluge-torrent.org/Changelog.php",
}, "refsource": "CONFIRM",
{ "url": "http://deluge-torrent.org/Changelog.php"
"name" : "27597", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/27597" "name": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968",
}, "refsource": "CONFIRM",
{ "url": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?r1=956&r2=1968&pathrev=1968"
"name" : "ADV-2008-0384", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0384" "name": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968",
}, "refsource": "CONFIRM",
{ "url": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/trunk/include/libtorrent/bencode.hpp?view=log&pathrev=1968"
"name" : "ADV-2008-0383", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0383" "name": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968",
}, "refsource": "CONFIRM",
{ "url": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_13/include/libtorrent/bencode.hpp?view=log&pathrev=1968"
"name" : "28699", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28699" "name": "FEDORA-2008-1198",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00001.html"
"name" : "28781", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28781" "name": "28781",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28781"
"name" : "28782", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28782" "name": "28700",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/28700"
"name" : "28700", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/28700" "name": "ADV-2008-0384",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2008/0384"
} },
} {
"name": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968",
"refsource": "CONFIRM",
"url": "http://libtorrent.svn.sourceforge.net/viewvc/libtorrent/branches/RC_0_12/include/libtorrent/bencode.hpp?view=log&pathrev=1968#rev1968"
},
{
"name": "28699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28699"
},
{
"name": "27597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27597"
},
{
"name": "ADV-2008-0383",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0383"
}
]
}
}

180
2008/0xxx/CVE-2008-0848.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-0848", "ID": "CVE-2008-0848",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080218 Crafty Syntax Xss Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/488286/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty Syntax Live Help (CSLH) before 2.14.16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the versions claimed by the original researcher are probably incorrect."
{ }
"name" : "20080302 Re: Crafty Syntax Xss Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/489016/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?release_id=580994", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?release_id=580994" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "27859", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/27859" ]
}, },
{ "references": {
"name" : "29201", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29201" "name": "http://sourceforge.net/project/shownotes.php?release_id=580994",
}, "refsource": "CONFIRM",
{ "url": "http://sourceforge.net/project/shownotes.php?release_id=580994"
"name" : "3688", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/3688" "name": "20080302 Re: Crafty Syntax Xss Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/489016/100/0/threaded"
"name" : "cslh-lostsheep-xss(40636)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40636" "name": "3688",
} "refsource": "SREASON",
] "url": "http://securityreason.com/securityalert/3688"
} },
} {
"name": "20080218 Crafty Syntax Xss Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488286/100/0/threaded"
},
{
"name": "29201",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29201"
},
{
"name": "cslh-lostsheep-xss(40636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40636"
},
{
"name": "27859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27859"
}
]
}
}

690
2008/1xxx/CVE-2008-1232.json
View File

@ -1,347 +1,347 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-1232", "ID": "CVE-2008-1232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/495021/100/0/threaded" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method."
{ }
"name" : "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/504351/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/505556/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", ]
"refsource" : "BUGTRAQ", }
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded" ]
}, },
{ "references": {
"name" : "http://tomcat.apache.org/security-4.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-4.html" "name": "1020622",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020622"
"name" : "http://tomcat.apache.org/security-5.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-5.html" "name": "oval:org.mitre.oval:def:5985",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985"
"name" : "http://tomcat.apache.org/security-6.html", },
"refsource" : "CONFIRM", {
"url" : "http://tomcat.apache.org/security-6.html" "name": "http://tomcat.apache.org/security-4.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-4.html"
"name" : "http://support.apple.com/kb/HT3216", },
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3216" "name": "RHSA-2008:0862",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0862.html"
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm", },
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm" "name": "ADV-2009-1609",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1609"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0002.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0002.html" "name": "ADV-2009-2194",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2194"
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx", },
"refsource" : "CONFIRM", {
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx" "name": "34013",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34013"
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500", },
"refsource" : "CONFIRM", {
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500" "name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx",
}, "refsource": "CONFIRM",
{ "url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/06/15/ca20090615-02-ca-service-desk-tomcat-cross-site-scripting-vulnerability.aspx"
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095", },
"refsource" : "CONFIRM", {
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095" "name": "ADV-2008-2823",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2823"
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html" "name": "37460",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37460"
"name" : "APPLE-SA-2008-10-09", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0002.html"
"name" : "FEDORA-2008-8113", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html" "name": "31982",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31982"
"name" : "FEDORA-2008-8130", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html" "name": "31681",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31681"
"name" : "FEDORA-2008-7977", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html" "name": "32120",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32120"
"name" : "HPSBUX02401", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123376588623823&w=2" "name": "oval:org.mitre.oval:def:11181",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181"
"name" : "SSRT090005", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=123376588623823&w=2" "name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
"name" : "HPSBST02955", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2" "name": "33999",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33999"
"name" : "MDVSA-2008:188", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188" "name": "30496",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30496"
"name" : "RHSA-2008:0648", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0648.html" "name": "31865",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31865"
"name" : "RHSA-2008:0862", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0862.html" "name": "4098",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/4098"
"name" : "RHSA-2008:0864", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0864.html" "name": "FEDORA-2008-8130",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00889.html"
"name" : "SUSE-SR:2008:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html" "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095",
}, "refsource": "CONFIRM",
{ "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214095"
"name" : "SUSE-SR:2009:004", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html" "name": "31639",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31639"
"name" : "30496", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30496" "name": "SUSE-SR:2008:018",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
"name" : "31681", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31681" "name": "36108",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36108"
"name" : "oval:org.mitre.oval:def:5985", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5985" "name": "MDVSA-2008:188",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:188"
"name" : "oval:org.mitre.oval:def:11181", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11181" "name": "31379",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31379"
"name" : "33999", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33999" "name": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2008-401.htm"
"name" : "34013", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34013" "name": "ADV-2009-0320",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0320"
"name" : "35474", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35474" "name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
"name" : "36108", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36108" "name": "RHSA-2008:0864",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0864.html"
"name" : "37460", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37460" "name": "SUSE-SR:2009:004",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
"name" : "57126", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/57126" "name": "http://tomcat.apache.org/security-6.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-6.html"
"name" : "ADV-2008-2305", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2305" "name": "57126",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/57126"
"name" : "ADV-2008-2823", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2823" "name": "32222",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32222"
"name" : "ADV-2008-2780", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2780" "name": "31891",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31891"
"name" : "ADV-2009-0320", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0320" "name": "33797",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33797"
"name" : "1020622", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020622" "name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500",
}, "refsource": "CONFIRM",
{ "url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=209500"
"name" : "31379", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31379" "name": "20090806 CA20090806-02: Security Notice for Unicenter Asset Portfolio Management, Unicenter Desktop and Server Management, Unicenter Patch Management",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/505556/100/0/threaded"
"name" : "31381", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31381" "name": "FEDORA-2008-7977",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00712.html"
"name" : "31639", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31639" "name": "ADV-2008-2305",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2305"
"name" : "31891", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31891" "name": "FEDORA-2008-8113",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00859.html"
"name" : "31865", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31865" "name": "20090616 CA20090615-02: CA Service Desk Tomcat Cross Site Scripting Vulnerability",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/504351/100/0/threaded"
"name" : "32222", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32222" "name": "http://tomcat.apache.org/security-5.html",
}, "refsource": "CONFIRM",
{ "url": "http://tomcat.apache.org/security-5.html"
"name" : "31982", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31982" "name": "35474",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35474"
"name" : "33797", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33797" "name": "ADV-2008-2780",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2780"
"name" : "32120", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32120" "name": "31381",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31381"
"name" : "32266", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32266" "name": "HPSBUX02401",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"
"name" : "4098", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4098" "name": "HPSBST02955",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
"name" : "ADV-2009-0503", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0503" "name": "APPLE-SA-2008-10-09",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
"name" : "ADV-2009-1609", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1609" "name": "http://support.apple.com/kb/HT3216",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3216"
"name" : "ADV-2009-2194", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2194" "name": "ADV-2009-0503",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0503"
"name" : "ADV-2009-3316", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3316" "name": "ADV-2009-3316",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3316"
"name" : "tomcat-httpservletresponse-xss(44155)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155" "name": "SSRT090005",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=123376588623823&w=2"
} },
} {
"name": "tomcat-httpservletresponse-xss(44155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44155"
},
{
"name": "20080801 [CVE-2008-1232] Apache Tomcat XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495021/100/0/threaded"
},
{
"name": "32266",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32266"
},
{
"name": "RHSA-2008:0648",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0648.html"
}
]
}
}

220
2008/1xxx/CVE-2008-1593.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1593", "ID": "CVE-2008-1593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153" "lang": "eng",
}, "value": "The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, and 6.1 does not properly protect kernel memory, which allows local users to read and modify portions of memory and gain privileges via unspecified vectors involving a restart of a 64-bit process, probably related to the as_getadsp64 function."
{ }
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154", ]
"refsource" : "CONFIRM", },
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IZ11820", ]
"refsource" : "AIXAPAR", }
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820" ]
}, },
{ "references": {
"name" : "IZ12794", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794" "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153",
}, "refsource": "CONFIRM",
{ "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4153"
"name" : "IZ16992", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992" "name": "28467",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/28467"
"name" : "IZ17111", },
"refsource" : "AIXAPAR", {
"url" : "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111" "name": "1019606",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1019606"
"name" : "28467", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28467" "name": "IZ12794",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ12794"
"name" : "oval:org.mitre.oval:def:4595", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595" "name": "IZ16992",
}, "refsource": "AIXAPAR",
{ "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ16992"
"name" : "ADV-2008-0865", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0865" "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155",
}, "refsource": "CONFIRM",
{ "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4155"
"name" : "1019606", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1019606" "name": "IZ17111",
} "refsource": "AIXAPAR",
] "url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ17111"
} },
} {
"name": "IZ11820",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=isg1IZ11820"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4154"
},
{
"name": "oval:org.mitre.oval:def:4595",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4595"
},
{
"name": "ADV-2008-0865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0865"
}
]
}
}

170
2008/1xxx/CVE-2008-1647.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1647", "ID": "CVE-2008-1647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5338", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5338" "lang": "eng",
}, "value": "The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1207033569.ff.php", ]
"refsource" : "MISC", },
"url" : "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1207033569.ff.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "28546", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/28546" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2008-1050", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2008/1050/references" ]
}, },
{ "references": {
"name" : "29581", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29581" "name": "5338",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/5338"
"name" : "chilkathttp-activex-file-overwrite(45988)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45988" "name": "28546",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/28546"
} },
} {
"name": "chilkathttp-activex-file-overwrite(45988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45988"
},
{
"name": "ADV-2008-1050",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1050/references"
},
{
"name": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1207033569.ff.php",
"refsource": "MISC",
"url": "http://www.shinnai.altervista.org/index.php?mod=02_Forum&group=Security&argument=Remote_performed_exploits&topic=1207033569.ff.php"
},
{
"name": "29581",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29581"
}
]
}
}

150
2008/1xxx/CVE-2008-1904.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-1904", "ID": "CVE-2008-1904",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the \"admin area\" via a modified this_cookie cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "5433", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/5433" "lang": "eng",
}, "value": "Cicoandcico CcMail 1.0.1 and earlier does not verify that the this_cookie cookie corresponds to an authenticated session, which allows remote attackers to obtain access to the \"admin area\" via a modified this_cookie cookie."
{ }
"name" : "28751", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/28751" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "29812", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29812" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ccmail-admin-security-bypass(41797)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41797" ]
} },
] "references": {
} "reference_data": [
} {
"name": "5433",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/5433"
},
{
"name": "29812",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29812"
},
{
"name": "ccmail-admin-security-bypass(41797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41797"
},
{
"name": "28751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28751"
}
]
}
}

130
2008/3xxx/CVE-2008-3481.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3481", "ID": "CVE-2008-3481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6178", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6178" "lang": "eng",
}, "value": "themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message."
{ }
"name" : "4108", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4108" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4108",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4108"
},
{
"name": "6178",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6178"
}
]
}
}

160
2008/3xxx/CVE-2008-3557.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3557", "ID": "CVE-2008-3557",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6213", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6213" "lang": "eng",
}, "value": "Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass authentication and gain administrative access by setting both the adminuser and loggedin cookies."
{ }
"name" : "30580", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30580" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31383", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31383" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4118", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4118" ]
}, },
{ "references": {
"name" : "freehostingmanager-cookie-security-bypass(44260)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44260" "name": "6213",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6213"
} },
} {
"name": "30580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30580"
},
{
"name": "freehostingmanager-cookie-security-bypass(44260)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44260"
},
{
"name": "31383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31383"
},
{
"name": "4118",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4118"
}
]
}
}

160
2008/4xxx/CVE-2008-4118.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4118", "ID": "CVE-2008-4118",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://high-norm.rash.jp/script_soundmaster2nd.html.", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://high-norm.rash.jp/script_soundmaster2nd.html." "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "JVN#55010230", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN55010230/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31076", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31076" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "soundmaster2nd-unspecified-xss(44977)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44977" ]
}, },
{ "references": {
"name" : "http://high-norm.rash.jp/script_soundmaster2nd.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://high-norm.rash.jp/script_soundmaster2nd.html" "name": "http://high-norm.rash.jp/script_soundmaster2nd.html.",
} "refsource": "CONFIRM",
] "url": "http://high-norm.rash.jp/script_soundmaster2nd.html."
} },
} {
"name": "soundmaster2nd-unspecified-xss(44977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44977"
},
{
"name": "http://high-norm.rash.jp/script_soundmaster2nd.html",
"refsource": "CONFIRM",
"url": "http://high-norm.rash.jp/script_soundmaster2nd.html"
},
{
"name": "JVN#55010230",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN55010230/index.html"
},
{
"name": "31076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31076"
}
]
}
}

170
2008/4xxx/CVE-2008-4136.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4136", "ID": "CVE-2008-4136",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6458", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6458" "lang": "eng",
}, "value": "Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote attackers to cause a denial of service (service crash) via multiple RETR commands, possibly involving long filenames."
{ }
"name" : "http://shinnok.evonet.ro/vulns_html/pftp.html", ]
"refsource" : "MISC", },
"url" : "http://shinnok.evonet.ro/vulns_html/pftp.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31173", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31173" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1020897", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1020897" ]
}, },
{ "references": {
"name" : "31852", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31852" "name": "1020897",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1020897"
"name" : "personalftp-retr-dos(45129)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45129" "name": "http://shinnok.evonet.ro/vulns_html/pftp.html",
} "refsource": "MISC",
] "url": "http://shinnok.evonet.ro/vulns_html/pftp.html"
} },
} {
"name": "31173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31173"
},
{
"name": "personalftp-retr-dos(45129)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45129"
},
{
"name": "31852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31852"
},
{
"name": "6458",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6458"
}
]
}
}

160
2008/4xxx/CVE-2008-4343.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4343", "ID": "CVE-2008-4343",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6537", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6537" "lang": "eng",
}, "value": "The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs."
{ }
"name" : "http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS", ]
"refsource" : "MISC", },
"url" : "http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31332", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31332" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31951", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31951" ]
}, },
{ "references": {
"name" : "chilkatxml-chilkatutil-file-overwrite(45333)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45333" "name": "31951",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/31951"
} },
} {
"name": "chilkatxml-chilkatutil-file-overwrite(45333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45333"
},
{
"name": "6537",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6537"
},
{
"name": "31332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31332"
},
{
"name": "http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS",
"refsource": "MISC",
"url": "http://www.shinnai.net/xplits/TXT_rNowA1916DKFNUF48NyS"
}
]
}
}

140
2008/4xxx/CVE-2008-4465.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4465", "ID": "CVE-2008-4465",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6376", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6376" "lang": "eng",
}, "value": "SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
{ }
"name" : "31033", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31033" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dvdzone-viewmags-sql-injection(44953)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44953" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6376",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6376"
},
{
"name": "31033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31033"
},
{
"name": "dvdzone-viewmags-sql-injection(44953)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44953"
}
]
}
}

160
2008/4xxx/CVE-2008-4686.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4686", "ID": "CVE-2008-4686",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081019 CVE id request: vlc", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/19/2" "lang": "eng",
}, "value": "Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654."
{ }
"name" : "[oss-security] 20081022 Re: CVE id request: vlc", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2008/10/22/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31867", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/31867" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:14630", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630" "name": "[oss-security] 20081022 Re: CVE id request: vlc",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2008/10/22/6"
} },
} {
"name": "oval:org.mitre.oval:def:14630",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14630"
},
{
"name": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=vlc.git;a=commitdiff;h=d859e6b9537af2d7326276f70de25a840f554dc3"
},
{
"name": "[oss-security] 20081019 CVE id request: vlc",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/19/2"
},
{
"name": "31867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31867"
}
]
}
}

34
2013/2xxx/CVE-2013-2505.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2505", "ID": "CVE-2013-2505",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2013/2xxx/CVE-2013-2561.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2561", "ID": "CVE-2013-2561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130306 OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2013/Mar/87" "lang": "eng",
}, "value": "OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary files via a symlink attack on (1) ibdiagnet.db, (2) ibdiagnet.fdbs, (3) ibdiagnet_ibis.log, (4) ibdiagnet.log, (5) ibdiagnet.lst, (6) ibdiagnet.mcfdbs, (7) ibdiagnet.pkey, (8) ibdiagnet.psl, (9) ibdiagnet.slvl, or (10) ibdiagnet.sm in /tmp/."
{ }
"name" : "[oss-secuirty] 20130325 Re: CVE request: ibutils improper use of files in /tmp", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2013/03/26/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-secuirty] 20130326 Re: CVE request: ibutils improper use of files in /tmp", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/26/4" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-secuirty] 20130326 Re: CVE request: ibutils improper use of files in /tmp", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2013/03/26/11" ]
}, },
{ "references": {
"name" : "[oss-security] 20130319 Fwd: CVE requests", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/03/19/8" "name": "20130306 OpenFabrics ibutils 1.5.7 /tmp clobbering vulnerability",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2013/Mar/87"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=927430", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=927430" "name": "58335",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/58335"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html" "name": "[oss-secuirty] 20130325 Re: CVE request: ibutils improper use of files in /tmp",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/26/1"
"name" : "RHSA-2013:1661", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1661.html" "name": "[oss-secuirty] 20130326 Re: CVE request: ibutils improper use of files in /tmp",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/03/26/4"
"name" : "58335", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/58335" "name": "RHSA-2013:1661",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2013-1661.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=927430",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=927430"
},
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/19/8"
},
{
"name": "[oss-secuirty] 20130326 Re: CVE request: ibutils improper use of files in /tmp",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/03/26/11"
}
]
}
}

120
2013/2xxx/CVE-2013-2583.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2583", "ID": "CVE-2013-2583",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130417 Open-Xchange Security Advisory 2013-04-17", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL, (2) malformed nested SCRIPT elements, (3) a mail signature, or (4) JavaScript code within an image file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130417 Open-Xchange Security Advisory 2013-04-17",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0183.html"
}
]
}
}

34
2013/2xxx/CVE-2013-2815.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-2815", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-2815",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/2xxx/CVE-2013-2973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-2973", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-2973",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/3xxx/CVE-2013-3094.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3094", "ID": "CVE-2013-3094",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2013/3xxx/CVE-2013-3203.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2013-3203", "ID": "CVE-2013-3203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3201, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS13-069", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069" "lang": "eng",
}, "value": "Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2013-3201, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209."
{ }
"name" : "TA13-253A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/ncas/alerts/TA13-253A" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:18916", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18916" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "MS13-069",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-069"
},
{
"name": "oval:org.mitre.oval:def:18916",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18916"
},
{
"name": "TA13-253A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/ncas/alerts/TA13-253A"
}
]
}
}

120
2013/3xxx/CVE-2013-3401.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2013-3401", "ID": "CVE-2013-3401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20130629 Cisco TC Software SIP Implementation Error May Affect Communications Integrity", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3401" "lang": "eng",
} "value": "The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20130629 Cisco TC Software SIP Implementation Error May Affect Communications Integrity",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-3401"
}
]
}
}

34
2013/3xxx/CVE-2013-3679.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-3679", "ID": "CVE-2013-3679",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2013/4xxx/CVE-2013-4895.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-4895", "ID": "CVE-2013-4895",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

170
2013/6xxx/CVE-2013-6013.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6013", "ID": "CVE-2013-6013",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10594", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10594" "lang": "eng",
}, "value": "Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message."
{ }
"name" : "62962", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/62962" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "98369", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/98369" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1029175", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1029175" ]
}, },
{ "references": {
"name" : "55109", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55109" "name": "62962",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/62962"
"name" : "juniper-junos-cve20136013-bo(87847)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87847" "name": "98369",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/98369"
} },
} {
"name": "1029175",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029175"
},
{
"name": "juniper-junos-cve20136013-bo(87847)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87847"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10594",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10594"
},
{
"name": "55109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55109"
}
]
}
}

34
2013/6xxx/CVE-2013-6149.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6149", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6149",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

160
2013/6xxx/CVE-2013-6399.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-6399", "ID": "CVE-2013-6399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html" "lang": "eng",
}, "value": "Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image."
{ }
"name" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1", ]
"refsource" : "CONFIRM", },
"url" : "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2014-6288", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2014:0743", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0743.html" ]
}, },
{ "references": {
"name" : "RHSA-2014:0744", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0744.html" "name": "RHSA-2014:0743",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2014-0743.html"
} },
} {
"name": "[Qemu-stable] 20140723 [ANNOUNCE] QEMU 1.7.2 Stable released",
"refsource": "MLIST",
"url": "http://lists.nongnu.org/archive/html/qemu-stable/2014-07/msg00187.html"
},
{
"name": "RHSA-2014:0744",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0744.html"
},
{
"name": "FEDORA-2014-6288",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-May/133345.html"
},
{
"name": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1",
"refsource": "CONFIRM",
"url": "http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4b53c2c72cb5541cf394033b528a6fe2a86c0ac1"
}
]
}
}

34
2013/6xxx/CVE-2013-6762.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6762", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6762",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2013. Notes: none."
} }
] ]
} }
} }

34
2013/6xxx/CVE-2013-6764.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2013-6764", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2013-6764",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6795. Reason: This candidate is a duplicate of CVE-2013-6795. A typo in an external publication caused this ID to be associated with the wrong vulnerability. Notes: All CVE users should reference CVE-2013-6795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-6795. Reason: This candidate is a duplicate of CVE-2013-6795. A typo in an external publication caused this ID to be associated with the wrong vulnerability. Notes: All CVE users should reference CVE-2013-6795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

120
2013/6xxx/CVE-2013-6941.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6941", "ID": "CVE-2013-6941",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to \"breakout\" of the shell via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX139049", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX139049" "lang": "eng",
} "value": "Unspecified vulnerability in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows users to \"breakout\" of the shell via unknown vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.citrix.com/article/CTX139049",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX139049"
}
]
}
}

150
2013/7xxx/CVE-2013-7354.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-7354", "ID": "CVE-2013-7354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2014/q2/83" "lang": "eng",
}, "value": "Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow."
{ }
"name" : "http://sourceforge.net/p/libpng/bugs/199/", ]
"refsource" : "CONFIRM", },
"url" : "http://sourceforge.net/p/libpng/bugs/199/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "openSUSE-SU-2014:0604", "description": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "67344", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/67344" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://sourceforge.net/p/libpng/bugs/199/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/libpng/bugs/199/"
},
{
"name": "openSUSE-SU-2014:0604",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-05/msg00015.html"
},
{
"name": "67344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67344"
},
{
"name": "[oss-security] 20140410 CVE-2013-7353 CVE-2013-7354 libpng integer overflows",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q2/83"
}
]
}
}

150
2017/10xxx/CVE-2017-10218.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10218", "ID": "CVE-2017-10218",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Hospitality Guest Access", "product_name": "Hospitality Guest Access",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "4.2.0.0" "version_value": "4.2.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "4.2.1.0" "version_value": "4.2.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0.0 and 4.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "99781", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99781" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038941", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038941" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038941",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038941"
},
{
"name": "99781",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99781"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

258
2017/10xxx/CVE-2017-10268.json
View File

@ -1,131 +1,131 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10268", "ID": "CVE-2017-10268",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.5.57 and earlier" "version_value": "5.5.57 and earlier"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.6.37 and earlier" "version_value": "5.6.37 and earlier"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.19 and earlier" "version_value": "5.7.19 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://security.netapp.com/advisory/ntap-20171019-0002/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20171019-0002/" "lang": "eng",
}, "value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data."
{ }
"name" : "DSA-4002", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2017/dsa-4002" ]
}, },
{ "references": {
"name" : "DSA-4341", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4341" "name": "DSA-4002",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2017/dsa-4002"
"name" : "RHSA-2017:3265", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3265" "name": "DSA-4341",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4341"
"name" : "RHSA-2017:3442", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2017:3442" "name": "https://security.netapp.com/advisory/ntap-20171019-0002/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20171019-0002/"
"name" : "RHSA-2018:0279", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0279" "name": "RHSA-2017:3265",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2017:3265"
"name" : "RHSA-2018:0574", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:0574" "name": "RHSA-2018:2729",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2729"
"name" : "RHSA-2018:2439", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2439" "name": "101390",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/101390"
"name" : "RHSA-2018:2729", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2729" "name": "[debian-lts-announce] 20180629 [SECURITY] [DLA 1407-1] mariadb-10.0 security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00015.html"
"name" : "101390", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/101390" "name": "RHSA-2018:0574",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:0574"
"name" : "1039597", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1039597" "name": "1039597",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1039597"
} },
} {
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "RHSA-2018:0279",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0279"
},
{
"name": "RHSA-2018:2439",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2439"
},
{
"name": "RHSA-2017:3442",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:3442"
}
]
}
}

122
2017/10xxx/CVE-2017-10932.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@zte.com.cn", "ASSIGNER": "psirt@zte.com.cn",
"DATE_PUBLIC" : "2017-09-15T00:00:00", "DATE_PUBLIC": "2017-09-15T00:00:00",
"ID" : "CVE-2017-10932", "ID": "CVE-2017-10932",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "NR8000 Series", "product_name": "NR8000 Series",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions prior to V12.17.20" "version_value": "All versions prior to V12.17.20"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "ZTE" "vendor_name": "ZTE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422" "lang": "eng",
} "value": "All versions prior to V12.17.20 of the ZTE Microwave NR8000 series products - NR8120, NR8120A, NR8120, NR8150, NR8250, NR8000 TR and NR8950 are the applications of C/S architecture using the Java RMI service in which the servers use the Apache Commons Collections (ACC) library that may result in Java deserialization vulnerabilities. An unauthenticated remote attacker can exploit the vulnerabilities by sending a crafted RMI request to execute arbitrary code on the target host."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422",
"refsource": "CONFIRM",
"url": "http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1008422"
}
]
}
}

34
2017/13xxx/CVE-2017-13539.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-13539", "ID": "CVE-2017-13539",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/14xxx/CVE-2017-14401.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14401", "ID": "CVE-2017-14401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the \"ACCOUNT UPDATE\" section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.sstrunk.com/cve/module_admin_user_add_modify_user.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.sstrunk.com/cve/module_admin_user_add_modify_user.html" "lang": "eng",
} "value": "The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the \"ACCOUNT UPDATE\" section."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sstrunk.com/cve/module_admin_user_add_modify_user.html",
"refsource": "MISC",
"url": "http://www.sstrunk.com/cve/module_admin_user_add_modify_user.html"
}
]
}
}

132
2017/14xxx/CVE-2017-14908.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-12-04T00:00:00", "DATE_PUBLIC": "2017-12-04T00:00:00",
"ID" : "CVE-2017-14908", "ID": "CVE-2017-14908",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Input Validation in SafeSwitch"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2017-12-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2017-12-01" "lang": "eng",
}, "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify."
{ }
"name" : "102072", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102072" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Improper Input Validation in SafeSwitch"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-12-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-12-01"
},
{
"name": "102072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102072"
}
]
}
}

34
2017/17xxx/CVE-2017-17273.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-17273", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-17273",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

34
2017/17xxx/CVE-2017-17489.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17489", "ID": "CVE-2017-17489",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/17xxx/CVE-2017-17909.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17909", "ID": "CVE-2017-17909",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Responsive%20Realestate%20Script.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Responsive%20Realestate%20Script.md" "lang": "eng",
} "value": "PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Responsive%20Realestate%20Script.md",
"refsource": "MISC",
"url": "https://github.com/d4wner/Vulnerabilities-Report/blob/master/Responsive%20Realestate%20Script.md"
}
]
}
}

160
2017/17xxx/CVE-2017-17969.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-17969", "ID": "CVE-2017-17969",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180202 [SECURITY] [DLA 1268-1] p7zip security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method in 7-Zip before 18.00 and p7zip allows remote attackers to cause a denial of service (out-of-bounds write) or potentially execute arbitrary code via a crafted ZIP archive."
{ }
"name" : "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/", ]
"refsource" : "MISC", },
"url" : "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html", "description": [
"refsource" : "MISC", {
"url" : "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-4104", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2018/dsa-4104" ]
}, },
{ "references": {
"name" : "1040831", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040831" "name": "DSA-4104",
} "refsource": "DEBIAN",
] "url": "https://www.debian.org/security/2018/dsa-4104"
} },
} {
"name": "[debian-lts-announce] 20180202 [SECURITY] [DLA 1268-1] p7zip security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00003.html"
},
{
"name": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/",
"refsource": "MISC",
"url": "https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/"
},
{
"name": "1040831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040831"
},
{
"name": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html",
"refsource": "MISC",
"url": "https://0patch.blogspot.si/2018/02/two-interesting-micropatches-for-7-zip.html"
}
]
}
}

130
2017/9xxx/CVE-2017-9334.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9334", "ID": "CVE-2017-9334",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html" "lang": "eng",
}, "value": "An incorrect \"pair?\" check in the Scheme \"length\" procedure results in an unsafe pointer dereference in all CHICKEN Scheme versions prior to 4.13, which allows an attacker to cause a denial of service by passing an improper list to an application that calls \"length\" on it."
{ }
"name" : "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html", ]
"refsource" : "CONFIRM", },
"url" : "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html",
"refsource": "CONFIRM",
"url": "http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html"
},
{
"name": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html",
"refsource": "CONFIRM",
"url": "http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html"
}
]
}
}

132
2017/9xxx/CVE-2017-9706.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2017-10-02T00:00:00", "DATE_PUBLIC": "2017-10-02T00:00:00",
"ID" : "CVE-2017-9706", "ID": "CVE-2017-9706",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/pixel/2017-10-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/pixel/2017-10-01" "lang": "eng",
}, "value": "In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver."
{ }
"name" : "101160", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/101160" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/pixel/2017-10-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-10-01"
},
{
"name": "101160",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101160"
}
]
}
}

130
2017/9xxx/CVE-2017-9844.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9844", "ID": "CVE-2017-9844",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/", "description_data": [
"refsource" : "MISC", {
"url" : "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/" "lang": "eng",
}, "value": "SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804."
{ }
"name" : "96865", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/96865" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96865",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96865"
},
{
"name": "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/",
"refsource": "MISC",
"url": "https://erpscan.io/advisories/erpscan-17-014-sap-netweaver-java-deserialization-untrusted-user-value-metadatauploader/"
}
]
}
}

130
2018/0xxx/CVE-2018-0098.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0098", "ID": "CVE-2018-0098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco WAP150 Wireless", "product_name": "Cisco WAP150 Wireless",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco WAP150 Wireless" "version_value": "Cisco WAP150 Wireless"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap" "lang": "eng",
}, "value": "A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076."
{ }
"name" : "102763", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102763" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap"
},
{
"name": "102763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102763"
}
]
}
}

184
2018/0xxx/CVE-2018-0464.json
View File

@ -1,94 +1,94 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-08-28T21:00:00-0500", "DATE_PUBLIC": "2018-08-28T21:00:00-0500",
"ID" : "CVE-2018-0464", "ID": "CVE-2018-0464",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Data Center Network Manager Path Traversal Vulnerability" "TITLE": "Cisco Data Center Network Manager Path Traversal Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Data Center Network Manager ", "product_name": "Cisco Data Center Network Manager ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "8.1",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-22"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2018-20", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2018-20" "lang": "eng",
}, "value": "A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management interface. An attacker could exploit this vulnerability by sending malicious requests containing directory traversal character sequences within the management interface. An exploit could allow the attacker to view or create arbitrary files on the targeted system."
{ }
"name" : "20180828 Cisco Data Center Network Manager Path Traversal Vulnerability", ]
"refsource" : "CISCO", },
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal" "impact": {
}, "cvss": {
{ "baseScore": "8.1",
"name" : "105159", "version": "3.0"
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/105159" },
}, "problemtype": {
{ "problemtype_data": [
"name" : "1041585", {
"refsource" : "SECTRACK", "description": [
"url" : "http://www.securitytracker.com/id/1041585" {
} "lang": "eng",
] "value": "CWE-22"
}, }
"source" : { ]
"advisory" : "cisco-sa-20180828-dcnm-traversal", }
"defect" : [ ]
[ },
"CSCvj86072" "references": {
] "reference_data": [
], {
"discovery" : "UNKNOWN" "name": "20180828 Cisco Data Center Network Manager Path Traversal Vulnerability",
} "refsource": "CISCO",
} "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180828-dcnm-traversal"
},
{
"name": "1041585",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041585"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-20",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-20"
},
{
"name": "105159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105159"
}
]
},
"source": {
"advisory": "cisco-sa-20180828-dcnm-traversal",
"defect": [
[
"CSCvj86072"
]
],
"discovery": "UNKNOWN"
}
}

130
2018/0xxx/CVE-2018-0629.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vultures@jpcert.or.jp", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2018-0629", "ID": "CVE-2018-0629",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Aterm W300P", "product_name": "Aterm W300P",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Ver1.0.13 and earlier" "version_value": "Ver1.0.13 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "NEC Corporation" "vendor_name": "NEC Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://jpn.nec.com/security-info/secinfo/nv18-011.html" "lang": "eng",
}, "value": "Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response."
{ }
"name" : "JVN#26629618", ]
"refsource" : "JVN", },
"url" : "https://jvn.jp/en/jp/JVN26629618/index.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
"refsource": "MISC",
"url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
},
{
"name": "JVN#26629618",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN26629618/index.html"
}
]
}
}

132
2018/0xxx/CVE-2018-0711.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@qnapsecurity.com.tw", "ASSIGNER": "security@qnap.com",
"DATE_PUBLIC" : "2018-04-27T00:00:00", "DATE_PUBLIC": "2018-04-27T00:00:00",
"ID" : "CVE-2018-0711", "ID": "CVE-2018-0711",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "QTS", "product_name": "QTS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315 and earlier" "version_value": "QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315 and earlier"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "QNAP" "vendor_name": "QNAP"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-27", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.qnap.com/zh-tw/security-advisory/nas-201804-27" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML."
{ }
"name" : "1040779", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1040779" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qnap.com/zh-tw/security-advisory/nas-201804-27",
"refsource": "CONFIRM",
"url": "https://www.qnap.com/zh-tw/security-advisory/nas-201804-27"
},
{
"name": "1040779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040779"
}
]
}
}

124
2018/1000xxx/CVE-2018-1000114.json
View File

@ -1,64 +1,64 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@distributedweaknessfiling.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-02-26", "DATE_ASSIGNED": "2018-02-26",
"ID" : "CVE-2018-1000114", "ID": "CVE-2018-1000114",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Promoted Builds Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.31.1 and older" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746" "lang": "eng",
} "value": "An improper authorization vulnerability exists in Jenkins Promoted Builds Plugin 2.31.1 and earlier in Status.java and ManualCondition.java that allow an attacker with read access to jobs to perform promotions."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-746"
}
]
}
}

136
2018/1000xxx/CVE-2018-1000870.json
View File

@ -1,70 +1,70 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-12-19T20:52:45.253944", "DATE_ASSIGNED": "2018-12-19T20:52:45.253944",
"DATE_REQUESTED" : "2018-12-06T06:56:23", "DATE_REQUESTED": "2018-12-06T06:56:23",
"ID" : "CVE-2018-1000870", "ID": "CVE-2018-1000870",
"REQUESTER" : "oscar@sakerhetskontoret.com", "REQUESTER": "oscar@sakerhetskontoret.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PHPipam", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.3.2 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "PHPipam" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040" "lang": "eng",
}, "value": "PHPipam version 1.3.2 and earlier contains a CWE-79 vulnerability in /app/admin/users/print-user.php that can result in Execute code in the victims browser. This attack appear to be exploitable via Attacker change theme parameter in user settings. Admin(Victim) views user in admin-panel and gets exploited.. This vulnerability appears to have been fixed in 1.4."
{ }
"name" : "https://github.com/phpipam/phpipam/issues/2326", ]
"refsource" : "MISC", },
"url" : "https://github.com/phpipam/phpipam/issues/2326" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/commit/552fbb0fc7ecb84bda4a131b4f290a3de9980040"
},
{
"name": "https://github.com/phpipam/phpipam/issues/2326",
"refsource": "MISC",
"url": "https://github.com/phpipam/phpipam/issues/2326"
}
]
}
}

34
2018/19xxx/CVE-2018-19163.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19163", "ID": "CVE-2018-19163",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/19xxx/CVE-2018-19775.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19775", "ID": "CVE-2018-19775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"Variables.jsp\" has reflected XSS via the ConnPoolName and GroupId parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/Dec/20" "lang": "eng",
}, "value": "Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page \"Variables.jsp\" has reflected XSS via the ConnPoolName and GroupId parameters."
{ }
"name" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150690/VistaPortal-SE-5.1-Cross-Site-Scripting.html"
},
{
"name": "20181207 [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775, CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/20"
}
]
}
}

130
2018/19xxx/CVE-2018-19839.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19839", "ID": "CVE-2018-19839",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/sass/libsass/issues/2657", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sass/libsass/issues/2657" "lang": "eng",
}, "value": "In LibSass prior to 3.5.5, the function handle_error in sass_context.cpp allows attackers to cause a denial-of-service resulting from a heap-based buffer over-read via a crafted sass file."
{ }
"name" : "https://github.com/sass/libsass/pull/2767", ]
"refsource" : "MISC", },
"url" : "https://github.com/sass/libsass/pull/2767" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sass/libsass/pull/2767",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/pull/2767"
},
{
"name": "https://github.com/sass/libsass/issues/2657",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/issues/2657"
}
]
}
}

34
2018/19xxx/CVE-2018-19947.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-19947", "ID": "CVE-2018-19947",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

416
2018/1xxx/CVE-2018-1008.json
View File

@ -1,210 +1,210 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-1008", "ID": "CVE-2018-1008",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1511 for 32-bit Systems" "version_value": "Version 1511 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1511 for x64-based Systems" "version_value": "Version 1511 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka \"OpenType Font Driver Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1008", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1008" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka \"OpenType Font Driver Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "103658", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103658" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040673", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040673" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103658"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1008",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1008"
},
{
"name": "1040673",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040673"
}
]
}
}

176
2018/1xxx/CVE-2018-1026.json
View File

@ -1,90 +1,90 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-1026", "ID": "CVE-2018-1026",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Office", "product_name": "Microsoft Office",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2013 RT Service Pack 1" "version_value": "2013 RT Service Pack 1"
}, },
{ {
"version_value" : "2013 Service Pack 1 (32-bit editions)" "version_value": "2013 Service Pack 1 (32-bit editions)"
}, },
{ {
"version_value" : "2013 Service Pack 1 (64-bit editions)" "version_value": "2013 Service Pack 1 (64-bit editions)"
}, },
{ {
"version_value" : "2016 (32-bit edition)" "version_value": "2016 (32-bit edition)"
}, },
{ {
"version_value" : "2016 (64-bit edition)" "version_value": "2016 (64-bit edition)"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions" "version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
}, },
{ {
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions" "version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030."
{ }
"name" : "103613", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103613" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040654", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040654" "lang": "eng",
} "value": "Remote Code Execution"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "103613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103613"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1026"
},
{
"name": "1040654",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040654"
}
]
}
}

192
2018/1xxx/CVE-2018-1857.json
View File

@ -1,98 +1,98 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@us.ibm.com", "ASSIGNER": "psirt@us.ibm.com",
"DATE_PUBLIC" : "2018-11-05T00:00:00", "DATE_PUBLIC": "2018-11-05T00:00:00",
"ID" : "CVE-2018-1857", "ID": "CVE-2018-1857",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "DB2 for Linux, UNIX and Windows", "product_name": "DB2 for Linux, UNIX and Windows",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "11.1" "version_value": "11.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "IBM" "vendor_name": "IBM"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155."
}
]
},
"impact" : {
"cvssv3" : {
"BM" : {
"A" : "N",
"AC" : "H",
"AV" : "N",
"C" : "H",
"I" : "N",
"PR" : "L",
"S" : "U",
"SCORE" : "4.800",
"UI" : "R"
},
"TM" : {
"E" : "U",
"RC" : "C",
"RL" : "O"
}
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Obtain Information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ibm.com/support/docview.wss?uid=ibm10734059", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.ibm.com/support/docview.wss?uid=ibm10734059" "lang": "eng",
}, "value": "IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155."
{ }
"name" : "105883", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105883" "impact": {
}, "cvssv3": {
{ "BM": {
"name" : "1042176", "A": "N",
"refsource" : "SECTRACK", "AC": "H",
"url" : "http://www.securitytracker.com/id/1042176" "AV": "N",
}, "C": "H",
{ "I": "N",
"name" : "ibm-db2-cve20181857-info-disc(151155)", "PR": "L",
"refsource" : "XF", "S": "U",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155" "SCORE": "4.800",
} "UI": "R"
] },
} "TM": {
} "E": "U",
"RC": "C",
"RL": "O"
}
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Obtain Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042176",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042176"
},
{
"name": "105883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105883"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=ibm10734059",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10734059"
},
{
"name": "ibm-db2-cve20181857-info-disc(151155)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/151155"
}
]
}
}

34
2018/1xxx/CVE-2018-1994.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-1994", "ID": "CVE-2018-1994",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/4xxx/CVE-2018-4252.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@apple.com", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2018-4252", "ID": "CVE-2018-4252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the \"Siri\" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT208848", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT208848" "lang": "eng",
}, "value": "An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the \"Siri\" component. It allows physically proximate attackers to bypass the lock-screen protection mechanism and obtain private notification content via Siri."
{ }
"name" : "1041031", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041031" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041031"
},
{
"name": "https://support.apple.com/HT208848",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208848"
}
]
}
}